I have an .aspx page that contains an <asp:Login>
web control.
For authentication, I have another class (MyMembershipProvider
) that inherits the System.Web.Security.MembershipProvider
class.
The login process is working fine - i.e. username/password is properly authenticated by the MyMembershipProvider
object.
My question is in regards to setting System.Web.SessionState.HttpSessionState.Session
variables.
After a user has been successfully authenticated (by the MyMembershipProvider
class), I would like to create custom Session
vars for that user.
Initially, I thought I would be able to set the Session
variables in the <asp:Login>
control's LoggedIn
event handler - something like this:
protected void LoginUser_LoggedIn(object sender, EventArgs e)
{
//Get the UserName of the authenticated user
string userName = Thread.CurrentPrincipal.Identity.Name;
//Call the business layer to get more info on the authenticated user
Entities.User user = BizLayer.GetUser(userName);
//Set session vars for the authenticated user
Session["LastName"] = user.LastName;
Session["FirstName"] = user.FirstName;
Session["Email"] = user.Email;
}
The problem that I am noticing is that when the LoggedIn
event is fired the Thread.CurrentPrincipal.Identity.Name
has not yet been set to the Username that was used when the user logged in. Therefore, the call to the BizLayer.GetUser()
returns an empty User
object which, of course, causes the Session
setters to be useless.
My guess is that since I'm using a custom MembershipProvider
, the <asp:Login>
event handlers (LoggedIn
, Authenticated
, LoggingIn
) are not working as I am expecting them to.
Is there another event handler that I should be using to set the Session
variables? Or, can you point me in the right direction that would accomplish the same thing that I am describing?
Until I hear of a better way, I have implemented the following:
I changed the DestinationPageUrl
attribute of the <asp:Login>
control to point to a page that will do the job of setting the Session
vars. Then, after I set the Session
vars, I call Response.Redirect()
to go the page that used to be set in the DestinationPageUrl
attribute.
The pertinent code looks something like this:
Login.aspx web page has a Login control similar to...
<asp:Login ID="LoginUser" runat="server" DestinationPageUrl="SetSessionVars.aspx">
SetSessionVars.aspx web page has a method that sets the Session vars and redirects user to some page...
protected void Page_Load(object sender, EventArgs e)
{
this.SetSessionVars();
Response.Redirect("foo.aspx");
}
private void SetSessionVars()
{
//Get the UserName of the authenticated user
string userName = Thread.CurrentPrincipal.Identity.Name;
//Call the business layer to get more info on the authenticated user
Entities.User user = BizLayer.GetUser(userName);
//Set session vars for the authenticated user
Session["UserId"] = user.UserId;
Session["LastName"] = user.LastName;
Session["FirstName"] = user.FirstName;
Session["Email"] = user.Email;
}