Dealing with Secured Users


Sams Teach Yourself ASP.NET in 21 Days, Second Edition
By Chris Payne
Table of Contents
Day 21.  Securing Your ASP.NET Applications

Now that you've authenticated users who access your site, what can you do with them? Authorization and impersonation happen automatically without your intervention, but what if you need to access information about the user explicitly? For example, imagine you built a forms authentication page where the user enters her username and password. Assuming authentication is successful, the user moves into the site, the first page of which needs to display a welcome message with the user's username.

This sounds like a simple task, but may be more involved than you think. If you didn't store the user's information from the login page manually, you won't have access to it on any other page, unless you ask the user for it again.

Luckily, ASP.NET has got you covered. When you implement security in your Web site, ASP.NET attaches what is known as a Windows principal (represented by the WindowsPrincipal class). The WindowsPrincipal class allows your applications to check information about the currently authenticated user.

Unfortunately, though, dealing with Windows principals and such is not a fun task. There is a whole slew of advanced security topics that deal with principals. ASP.NET has simplified the process for you so the Windows principal objects are behind the scenes and out-of-mind (but they are there if you need to use them).

The Page object has a User property that represents the currently authenticated user; it returns a WindowsPrincipal object. This object has only one property that we're interested in: Identity. The Identity property returns a WindowsIdentity object that contains the actual user information. (It's not as complex as it sounds you'll see once we get into an example.) The WindowsIdentity class has the properties listed in Table 21.1.

Table 21.1. WindowsIdentity Properties
Property Description
AuthenticationType The type of authentication used to authenticate the user.
IsAnonymous Indicates if the user is anonymous.
IsAuthenticated Indicates if the user is authenticated.
IsGuest Indicates if the user is using the system Guest account.
IsSystem Indicates if the user is using the System account.
Name The user's logon name.
Token The Windows token for the user.

The following code snippet shows how to display the current user's logon name:

 sub Page_Load(Sender as Object, e as EventArgs)    lblName.Text = User.Identity.Name end sub ... <asp:Label  runat="server"/> 

That's all there is to it. All you really need to know about Windows principals here is the User.Identity property. This will allow you access to the user's information.


    Sams Teach Yourself ASP. NET in 21 Days
    Sams Teach Yourself ASP.NET in 21 Days (2nd Edition)
    ISBN: 0672324458
    EAN: 2147483647
    Year: 2003
    Pages: 307
    Authors: Chris Payne

    Similar book on Amazon © 2008-2017.
    If you may any questions please contact us: