|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
session manager vs Form authentication in the Global.asax.cs fileauthentication. originally, the application create identity , principal , add session under Session_Start event for window authentication, like: WindowIdentity wi=httpContext.current.user.Identity; GenericPrincipal pp= new GenraicPrincipal(wi,roles); Session.Add("myPrincipal", pp); After I convert the app to form authentioncation. the identity and principal code has been moved from Session_Start to Application_AuthenticateRequest:like FormsIdentity fi = new FormsIdentity(authTicket); GenericPrincipal pp= new GenraicPrincipal(Fi,roles); My question is : How could I implement the "Session.Add("myPrincipal", pp);"? the Session_start event start before the Application_AuthenticateRequest , thus I won't know the FomsIdentity (httpContext.Current.User.Identity) until I called Application_AuthenticateRequest , thus, I have to generate the principal object in the Application_AuthenticateRequest event, but "Session.add() " cann't be called in Application_AuthenticateRequest event, I got error("Session state is not availble in this context). Do you have any idea how to implement the "Session.Add("myPrincipal", pp);" for form authentication? Thanks, Hello Jasmine,
do it later in the pipeline - when session state is available (e.g. PreRequestHandlerExecute) In AuthenticateRequest you store your principal to Context.User - pick this up in the later event and add it to the session. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > I am converting the asp.net application from window authentication to > form authentication. > > originally, the application create identity , principal , add session > under Session_Start event for window authentication, like: > > WindowIdentity wi=httpContext.current.user.Identity; GenericPrincipal > pp= new GenraicPrincipal(wi,roles); Session.Add("myPrincipal", pp); > > After I convert the app to form authentioncation. the identity and > principal code has been moved from Session_Start to > Application_AuthenticateRequest:like > > FormsIdentity fi = new FormsIdentity(authTicket); > GenericPrincipal pp= new GenraicPrincipal(Fi,roles); > My question is : How could I implement the "Session.Add("myPrincipal", > pp);"? > > the Session_start event start before the > Application_AuthenticateRequest , thus I won't know the FomsIdentity > (httpContext.Current.User.Identity) until I called > Application_AuthenticateRequest , thus, I have to generate the > principal object in the Application_AuthenticateRequest event, but > "Session.add() " cann't be called in Application_AuthenticateRequest > event, I got error("Session state is not availble in this context). > > Do you have any idea how to implement the "Session.Add("myPrincipal", > pp);" for form authentication? > > Thanks, > Hi Dominick,
Thanks for your answer. I try to add "Session.add("myprincipal",principal) under Global.asax.cs --- Application_PreRequestHandlerExecute, but this event will be called everytime I try to request pages from web server, the Session only need to be added once, how could I implement this? Thanks, Jasmine Show quoteHide quote "Dominick Baier [DevelopMentor]" wrote: > Hello Jasmine, > > do it later in the pipeline - when session state is available (e.g. PreRequestHandlerExecute) > > In AuthenticateRequest you store your principal to Context.User - pick this > up in the later event and add it to the session. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > I am converting the asp.net application from window authentication to > > form authentication. > > > > originally, the application create identity , principal , add session > > under Session_Start event for window authentication, like: > > > > WindowIdentity wi=httpContext.current.user.Identity; GenericPrincipal > > pp= new GenraicPrincipal(wi,roles); Session.Add("myPrincipal", pp); > > > > After I convert the app to form authentioncation. the identity and > > principal code has been moved from Session_Start to > > Application_AuthenticateRequest:like > > > > FormsIdentity fi = new FormsIdentity(authTicket); > > GenericPrincipal pp= new GenraicPrincipal(Fi,roles); > > My question is : How could I implement the "Session.Add("myPrincipal", > > pp);"? > > > > the Session_start event start before the > > Application_AuthenticateRequest , thus I won't know the FomsIdentity > > (httpContext.Current.User.Identity) until I called > > Application_AuthenticateRequest , thus, I have to generate the > > principal object in the Application_AuthenticateRequest event, but > > "Session.add() " cann't be called in Application_AuthenticateRequest > > event, I got error("Session state is not availble in this context). > > > > Do you have any idea how to implement the "Session.Add("myPrincipal", > > pp);" for form authentication? > > > > Thanks, > > > > > > Hello Jasmine,
so - just check if the value has been added before.... --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Hi Dominick, > > Thanks for your answer. > > I try to add "Session.add("myprincipal",principal) under > Global.asax.cs --- Application_PreRequestHandlerExecute, but this > event will be called everytime I try to request pages from web server, > the Session only need to be added once, how could I implement this? > > Thanks, Jasmine > > "Dominick Baier [DevelopMentor]" wrote: > >> Hello Jasmine, >> >> do it later in the pipeline - when session state is available (e.g. >> PreRequestHandlerExecute) >> >> In AuthenticateRequest you store your principal to Context.User - >> pick this up in the later event and add it to the session. >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> I am converting the asp.net application from window authentication >>> to form authentication. >>> >>> originally, the application create identity , principal , add >>> session under Session_Start event for window authentication, like: >>> >>> WindowIdentity wi=httpContext.current.user.Identity; >>> GenericPrincipal pp= new GenraicPrincipal(wi,roles); >>> Session.Add("myPrincipal", pp); >>> >>> After I convert the app to form authentioncation. the identity and >>> principal code has been moved from Session_Start to >>> Application_AuthenticateRequest:like >>> >>> FormsIdentity fi = new FormsIdentity(authTicket); >>> GenericPrincipal pp= new GenraicPrincipal(Fi,roles); >>> My question is : How could I implement the >>> "Session.Add("myPrincipal", >>> pp);"? >>> the Session_start event start before the >>> Application_AuthenticateRequest , thus I won't know the FomsIdentity >>> (httpContext.Current.User.Identity) until I called >>> Application_AuthenticateRequest , thus, I have to generate the >>> principal object in the Application_AuthenticateRequest event, but >>> "Session.add() " cann't be called in Application_AuthenticateRequest >>> event, I got error("Session state is not availble in this context). >>> >>> Do you have any idea how to implement the >>> "Session.Add("myPrincipal", pp);" for form authentication? >>> >>> Thanks, >>> Hi Dominick,
"check if the value has been added before...." works fine at the begining. however, the problem happens when I want to exit, I remove the session_Id from the session list at the Session_End event. after the Session_end event , the application will call the Application_preRequestHandlerExecute event again, this time, the session will be added again since the session_ID has just been removed, it's ready to add... What should I do? Thanks, Jasmine Show quoteHide quote "Dominick Baier [DevelopMentor]" wrote: > Hello Jasmine, > > so - just check if the value has been added before.... > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > Hi Dominick, > > > > Thanks for your answer. > > > > I try to add "Session.add("myprincipal",principal) under > > Global.asax.cs --- Application_PreRequestHandlerExecute, but this > > event will be called everytime I try to request pages from web server, > > the Session only need to be added once, how could I implement this? > > > > Thanks, Jasmine > > > > "Dominick Baier [DevelopMentor]" wrote: > > > >> Hello Jasmine, > >> > >> do it later in the pipeline - when session state is available (e.g. > >> PreRequestHandlerExecute) > >> > >> In AuthenticateRequest you store your principal to Context.User - > >> pick this up in the later event and add it to the session. > >> > >> --------------------------------------- > >> Dominick Baier - DevelopMentor > >> http://www.leastprivilege.com > >>> I am converting the asp.net application from window authentication > >>> to form authentication. > >>> > >>> originally, the application create identity , principal , add > >>> session under Session_Start event for window authentication, like: > >>> > >>> WindowIdentity wi=httpContext.current.user.Identity; > >>> GenericPrincipal pp= new GenraicPrincipal(wi,roles); > >>> Session.Add("myPrincipal", pp); > >>> > >>> After I convert the app to form authentioncation. the identity and > >>> principal code has been moved from Session_Start to > >>> Application_AuthenticateRequest:like > >>> > >>> FormsIdentity fi = new FormsIdentity(authTicket); > >>> GenericPrincipal pp= new GenraicPrincipal(Fi,roles); > >>> My question is : How could I implement the > >>> "Session.Add("myPrincipal", > >>> pp);"? > >>> the Session_start event start before the > >>> Application_AuthenticateRequest , thus I won't know the FomsIdentity > >>> (httpContext.Current.User.Identity) until I called > >>> Application_AuthenticateRequest , thus, I have to generate the > >>> principal object in the Application_AuthenticateRequest event, but > >>> "Session.add() " cann't be called in Application_AuthenticateRequest > >>> event, I got error("Session state is not availble in this context). > >>> > >>> Do you have any idea how to implement the > >>> "Session.Add("myPrincipal", pp);" for form authentication? > >>> > >>> Thanks, > >>> > > > > Can anyone help me for this issue? it bothers me a long time now.... There
seems no much document about the session manage in the Form authentication model ... thanks ,Jasmine Show quoteHide quote "Jasmine" wrote: > Hi Dominick, > > "check if the value has been added before...." works fine at the begining. > however, the problem happens when I want to exit, I remove the session_Id > from the session list at the Session_End event. after the Session_end > event , the application will call the Application_preRequestHandlerExecute > event again, this time, the session will be added again since the session_ID > has just been removed, it's ready to add... > > What should I do? > > Thanks, Jasmine > > > > > "Dominick Baier [DevelopMentor]" wrote: > > > Hello Jasmine, > > > > so - just check if the value has been added before.... > > > > --------------------------------------- > > Dominick Baier - DevelopMentor > > http://www.leastprivilege.com > > > > > Hi Dominick, > > > > > > Thanks for your answer. > > > > > > I try to add "Session.add("myprincipal",principal) under > > > Global.asax.cs --- Application_PreRequestHandlerExecute, but this > > > event will be called everytime I try to request pages from web server, > > > the Session only need to be added once, how could I implement this? > > > > > > Thanks, Jasmine > > > > > > "Dominick Baier [DevelopMentor]" wrote: > > > > > >> Hello Jasmine, > > >> > > >> do it later in the pipeline - when session state is available (e.g. > > >> PreRequestHandlerExecute) > > >> > > >> In AuthenticateRequest you store your principal to Context.User - > > >> pick this up in the later event and add it to the session. > > >> > > >> --------------------------------------- > > >> Dominick Baier - DevelopMentor > > >> http://www.leastprivilege.com > > >>> I am converting the asp.net application from window authentication > > >>> to form authentication. > > >>> > > >>> originally, the application create identity , principal , add > > >>> session under Session_Start event for window authentication, like: > > >>> > > >>> WindowIdentity wi=httpContext.current.user.Identity; > > >>> GenericPrincipal pp= new GenraicPrincipal(wi,roles); > > >>> Session.Add("myPrincipal", pp); > > >>> > > >>> After I convert the app to form authentioncation. the identity and > > >>> principal code has been moved from Session_Start to > > >>> Application_AuthenticateRequest:like > > >>> > > >>> FormsIdentity fi = new FormsIdentity(authTicket); > > >>> GenericPrincipal pp= new GenraicPrincipal(Fi,roles); > > >>> My question is : How could I implement the > > >>> "Session.Add("myPrincipal", > > >>> pp);"? > > >>> the Session_start event start before the > > >>> Application_AuthenticateRequest , thus I won't know the FomsIdentity > > >>> (httpContext.Current.User.Identity) until I called > > >>> Application_AuthenticateRequest , thus, I have to generate the > > >>> principal object in the Application_AuthenticateRequest event, but > > >>> "Session.add() " cann't be called in Application_AuthenticateRequest > > >>> event, I got error("Session state is not availble in this context). > > >>> > > >>> Do you have any idea how to implement the > > >>> "Session.Add("myPrincipal", pp);" for form authentication? > > >>> > > >>> Thanks, > > >>> > > > > > > > > Can anyone help me for this issue? it bothers me a long time now....
thanks ,Jasmine Show quoteHide quote "Jasmine" wrote: > I am converting the asp.net application from window authentication to form > authentication. > > originally, the application create identity , principal , add session under > Session_Start event for window authentication, like: > > WindowIdentity wi=httpContext.current.user.Identity; > GenericPrincipal pp= new GenraicPrincipal(wi,roles); > Session.Add("myPrincipal", pp); > > After I convert the app to form authentioncation. the identity and principal > code has been moved from Session_Start to Application_AuthenticateRequest:like > > FormsIdentity fi = new FormsIdentity(authTicket); > GenericPrincipal pp= new GenraicPrincipal(Fi,roles); > > My question is : How could I implement the "Session.Add("myPrincipal", pp);"? > > the Session_start event start before the Application_AuthenticateRequest , > thus I won't know the FomsIdentity (httpContext.Current.User.Identity) until > I called Application_AuthenticateRequest , thus, I have to generate the > principal object in the Application_AuthenticateRequest event, but > "Session.add() " cann't be called in Application_AuthenticateRequest event, > I got error("Session state is not availble in this context). > > Do you have any idea how to implement the "Session.Add("myPrincipal", pp);" > for form authentication? > > Thanks, > > > > > could someone help me with this question -- how to implement the session
manage for form authentication? Thanks, Show quoteHide quote "Jasmine" wrote: > Can anyone help me for this issue? it bothers me a long time now.... > > thanks ,Jasmine > > > > "Jasmine" wrote: > > > I am converting the asp.net application from window authentication to form > > authentication. > > > > originally, the application create identity , principal , add session under > > Session_Start event for window authentication, like: > > > > WindowIdentity wi=httpContext.current.user.Identity; > > GenericPrincipal pp= new GenraicPrincipal(wi,roles); > > Session.Add("myPrincipal", pp); > > > > After I convert the app to form authentioncation. the identity and principal > > code has been moved from Session_Start to Application_AuthenticateRequest:like > > > > FormsIdentity fi = new FormsIdentity(authTicket); > > GenericPrincipal pp= new GenraicPrincipal(Fi,roles); > > > > My question is : How could I implement the "Session.Add("myPrincipal", pp);"? > > > > the Session_start event start before the Application_AuthenticateRequest , > > thus I won't know the FomsIdentity (httpContext.Current.User.Identity) until > > I called Application_AuthenticateRequest , thus, I have to generate the > > principal object in the Application_AuthenticateRequest event, but > > "Session.add() " cann't be called in Application_AuthenticateRequest event, > > I got error("Session state is not availble in this context). > > > > Do you have any idea how to implement the "Session.Add("myPrincipal", pp);" > > for form authentication? > > > > Thanks, > > > > > > > > > > Hello Jasmine,
one question still remains - why do you want to store the identity in the session - it is globally available via Page/Context.User - you may have to convert that code. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > could someone help me with this question -- how to implement the > session manage for form authentication? > > Thanks, > > "Jasmine" wrote: > >> Can anyone help me for this issue? it bothers me a long time now.... >> >> thanks ,Jasmine >> >> "Jasmine" wrote: >> >>> I am converting the asp.net application from window authentication >>> to form authentication. >>> >>> originally, the application create identity , principal , add >>> session under Session_Start event for window authentication, like: >>> >>> WindowIdentity wi=httpContext.current.user.Identity; >>> GenericPrincipal pp= new GenraicPrincipal(wi,roles); >>> Session.Add("myPrincipal", pp); >>> >>> After I convert the app to form authentioncation. the identity and >>> principal code has been moved from Session_Start to >>> Application_AuthenticateRequest:like >>> >>> FormsIdentity fi = new FormsIdentity(authTicket); >>> GenericPrincipal pp= new GenraicPrincipal(Fi,roles); >>> My question is : How could I implement the >>> "Session.Add("myPrincipal", pp);"? >>> >>> the Session_start event start before the >>> Application_AuthenticateRequest , thus I won't know the FomsIdentity >>> (httpContext.Current.User.Identity) until I called >>> Application_AuthenticateRequest , thus, I have to generate the >>> principal object in the Application_AuthenticateRequest event, but >>> "Session.add() " cann't be called in Application_AuthenticateRequest >>> event, I got error("Session state is not availble in this context). >>> >>> Do you have any idea how to implement the >>> "Session.Add("myPrincipal", pp);" for form authentication? >>> >>> Thanks, >>> Hi Dominick,
The reason for storing the identity in the session is that the application has a page to display all user names who current login the application. ---- this was worked fine with "Window authentication", we add principal by "session.add( "myPrin", principle") in the session_ start event and delete the user when she/he exit at the "session_end" event. I am current converting the application from window authentication to Form authetication. I still want to keep the session (user)list function. --- do you have any idea how to avoid the session.add() again in the Application_preRequestHandlerExecute event after the Session_end get called? is there really no resolution to keep the user display function with form authentication? Thank you very much. Jasmine Show quoteHide quote "Dominick Baier [DevelopMentor]" wrote: > Hello Jasmine, > > one question still remains - why do you want to store the identity in the > session - it is globally available via Page/Context.User - you may have to > convert that code. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > could someone help me with this question -- how to implement the > > session manage for form authentication? > > > > Thanks, > > > > "Jasmine" wrote: > > > >> Can anyone help me for this issue? it bothers me a long time now.... > >> > >> thanks ,Jasmine > >> > >> "Jasmine" wrote: > >> > >>> I am converting the asp.net application from window authentication > >>> to form authentication. > >>> > >>> originally, the application create identity , principal , add > >>> session under Session_Start event for window authentication, like: > >>> > >>> WindowIdentity wi=httpContext.current.user.Identity; > >>> GenericPrincipal pp= new GenraicPrincipal(wi,roles); > >>> Session.Add("myPrincipal", pp); > >>> > >>> After I convert the app to form authentioncation. the identity and > >>> principal code has been moved from Session_Start to > >>> Application_AuthenticateRequest:like > >>> > >>> FormsIdentity fi = new FormsIdentity(authTicket); > >>> GenericPrincipal pp= new GenraicPrincipal(Fi,roles); > >>> My question is : How could I implement the > >>> "Session.Add("myPrincipal", pp);"? > >>> > >>> the Session_start event start before the > >>> Application_AuthenticateRequest , thus I won't know the FomsIdentity > >>> (httpContext.Current.User.Identity) until I called > >>> Application_AuthenticateRequest , thus, I have to generate the > >>> principal object in the Application_AuthenticateRequest event, but > >>> "Session.add() " cann't be called in Application_AuthenticateRequest > >>> event, I got error("Session state is not availble in this context). > >>> > >>> Do you have any idea how to implement the > >>> "Session.Add("myPrincipal", pp);" for form authentication? > >>> > >>> Thanks, > >>> > > > > 
Other interesting topics
User.IsInRole is always FALSE
Multi-Domain Authentication for Windows Services User Identity WS Security issues Storing user settings file Newbie Question - List of all available hash algorithms? DPAPI Decryption on different machine Set concurrent connections on share MemoryStream requires FileIOPermission ??? Bad Data CryptographicException when RSA decrypting |
|||||||||||||||||||||||
