Csharp Asp.Net Articles C# VB Tutorials Code Examples Samples: Forms Authentication Ticket In Asp.Net 2.0 3.5

In this article i am explaining how to implement FormsAuthenticationTicket And Managing UserData Roles In Asp.Net 2.0,3.5,4.0 using C# And VB.NET

For implementing forms authentication without using formsauthentication ticket, read my previous article - Forms Authentication with C# and managing folder lavel access with multiple web.config files

Configuring web.config file in application root

Defining roles and accessibility in root web.config

Defining roles settings for folders and aspx within those folders in web.config file in those folders

<system.web>
<authorization>
<allow roles="user"/>
<deny users="*"/>
</authorization>
</system.web>

settings for any logged in member

<system.web>
<authorization>
<deny users="?"/>
</authorization>

Now after creating Login page we need to authenticate user

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
string userName = Login1.UserName;
string password = Login1.Password;
bool rememberUserName = Login1.RememberMeSet;

//Fetch User login information fromthe xml file into Dataset

string xmlFilePath = Server.MapPath("~/App_Data/LoginInfo.xml");
DataSet objDs = new DataSet();
objDs.ReadXml(xmlFilePath);
DataRow[] dRow = objDs.Tables[0].Select("UserName = '" + userName + "' and Password = '" + password + "'");
if (dRow.Length > 0)
{
//Fetch the role
string roles = dRow[0]["Roles"].ToString();

//Create Form Authentication ticket
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, userName, DateTime.Now, DateTime.Now.AddMinutes(20), rememberUserName, roles, FormsAuthentication.FormsCookiePath);

// In the above parameters 1 is ticket version, username is the username associated with this ticket
//time when ticket was issued , time when ticket will expire, remember username is user has chekced it
//roles associted with the user, and path of cookie if any

//For security reasons we may hash the cookies
string hashCookies = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies);

// add the cookie to user browser

Response.Cookies.Add(cookie);

// get the requested page

string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null)
returnUrl = "~/Default.aspx";
Response.Redirect(returnUrl);
}

Now to retrieve the authentication and roles information on every request we need to write this code in Global.asax file

protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
// look if any security information exists for this request

if (HttpContext.Current.User != null)
{

// see if this user is authenticated, any authenticated cookie (ticket) exists for this user

if (HttpContext.Current.User.Identity.IsAuthenticated)
{

// see if the authentication is done using FormsAuthentication

if (HttpContext.Current.User.Identity is FormsIdentity)
{

// Get the roles stored for this request from the ticket

// get the identity of the user

FormsIdentity identity = (FormsIdentity)HttpContext.Current.User.Identity;

//Get the form authentication ticket of the user

FormsAuthenticationTicket ticket = identity.Ticket;

//Get the roles stored as UserData into ticket

string[] roles = ticket.UserData.Split(',');

//Create general prrincipal and assign it to current request

HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(identity, roles);
}
}
}
}

To check whether user in in the role or not we need to write this code in every page which provide access on role basis

protected void Page_Load(object sender, EventArgs e)
{
if (HttpContext.Current.User.IsInRole("admin"))
{
lblMessage.Text = "Welcome Administrator";
}
}

Download sample code

18 comments:

UnknownMarch 3, 2009 at 3:47 PM
Thanks - is there are place for FormsAuthentication.GetAuthCookie() here ?
Avinash TumuluMarch 20, 2009 at 11:38 AM
Hi, thanks for this post... very intresting...however I am not able to download the code... can you please mail the code...?

my email id avicool08@gmail.com
thank you
UnknownMarch 20, 2009 at 2:00 PM
@Avinash :

Hi, you can download the source code from the lin below

http://www.box.net/shared/ez1kqnqkkr

Do let me know if you are having further problems
AshwaniMarch 23, 2009 at 12:37 PM
Hi,thanks for the post..but unable to download the code as it says ,has been removed from the www.box.net....plz provide some other link to download the code..
thank you
UnknownMarch 23, 2009 at 8:50 PM
@Ashwani:

Hi, i've fixed the download link

enjoy
PAtRoN (c) 1991November 10, 2009 at 2:00 AM
i can't link
UnknownNovember 24, 2009 at 12:41 PM
i used some other codes for role based authendication.. all r worked fine but if the user or admin click the signout works fine signouted but click the browser back button all the admin page visibled... how to rectify that..
AnonymousJanuary 13, 2010 at 12:41 AM
This comment has been removed by a blog administrator.
AnonymousJanuary 26, 2010 at 10:40 PM
Please upload the project again
AnonymousFebruary 26, 2010 at 2:16 PM
Please upload the project again
AnonymousJune 18, 2010 at 4:29 PM
This post has been removed by a blog administrator.
Please upload the project again
varshaJuly 2, 2010 at 8:45 AM
Hi i am not able to download this code.
AnonymousJune 1, 2011 at 4:18 PM
left side add is very disturbing while reading your article fuck off....
Trekon TechnologiesJune 17, 2011 at 5:18 PM
Thanks
plz send me code on js.patidar007@gmail.com.
GouravDecember 23, 2011 at 7:04 PM
please send me code on info4gourav@gmail.com
UnknownJuly 16, 2012 at 5:26 PM
where is the source code?
paryanh.admin@gmail.com
AnonymousJuly 22, 2012 at 8:39 PM
I think there are some errors in explaination and coding please submit the project again
AnonymousJuly 22, 2012 at 8:43 PM
Sir

Please Explain briefly