How to set asp.net authenticated properties

Question

Hi,

I have the following settings in my web.config file. It basically restricts access to a page if the user is not logged in. If I don't want to use the asp login controls or implement a membership provider, how can I 'tell' asp that the loginregister.aspx page has authorized the request if I want to implement my own login system?

Thanks.

<authentication mode="Forms">
            <forms loginUrl="~/loginregister.aspx"
                   name=".ASPXFORMSAUTH" />
        </authentication>

        <authorization>
            <deny users="?" />
        </authorization>

<location path="~/secretpage.aspx" allowOverride="true">
        <system.web>
            <compilation debug="true" />
            <authorization>
                <deny users="?" />
            </authorization>
        </system.web>
    </location>

Answer 1

If you don't want to do ANYTHING with the .NET system, it is going to be a bit hard.

If you are ok with some, just use the "FormsAuthentication.RedirectFromLoginPage" on your login to set the cookie that shows a user as logged in.

Answer 2

After you validate your user, set a ticket....

    Response.Cookies.Add(TicketHelper.CreateAuthCookie(Login1.UserName, userData, Login1.RememberMeSet /*persistent cookie*/));

using this helper class...

If using a login control, do it in Authenticated event handler.

using System;
using System.Web;
using System.Web.Security;

namespace CustomAuthRepurposingFormsAuth
{
    public static class TicketHelper
    {
        /// <summary>
        /// 
        /// </summary>
        /// <param name="userName"></param>
        /// <param name="userData">be mindful of the cookie size or you will be chasing ghosts</param>
        /// <param name="persistent"></param>
        /// <returns></returns>
        public static HttpCookie CreateAuthCookie(string userName, string userData, bool persistent)
        {
            DateTime issued = DateTime.Now;
            // formsAuth does not expose timeout!? have to hack around the
            // spoiled parts and keep moving..
            HttpCookie fooCookie = FormsAuthentication.GetAuthCookie("foo", true);
            int formsTimeout = Convert.ToInt32((fooCookie.Expires - DateTime.Now).TotalMinutes);

            DateTime expiration = DateTime.Now.AddMinutes(formsTimeout);
            string cookiePath = FormsAuthentication.FormsCookiePath;

            var ticket = new FormsAuthenticationTicket(0, userName, issued, expiration, true, userData, cookiePath);
            return CreateAuthCookie(ticket, expiration, persistent);
        }

        public static HttpCookie CreateAuthCookie(FormsAuthenticationTicket ticket, DateTime expiration, bool persistent)
        {
            string creamyFilling = FormsAuthentication.Encrypt(ticket);
            var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, creamyFilling)
                             {
                                 Domain = FormsAuthentication.CookieDomain,
                                 Path = FormsAuthentication.FormsCookiePath
                             };
            if (persistent)
            {
                cookie.Expires = expiration;
            }

            return cookie;
        }
    }