All geek questions in one place

ASP.NET C # - Old School Login Page w / Create your own authentication scheme through the AppBase.BaseLogin class

I am trying to set up the code to check the username and password with the values ​​in the database and the role of the user as (user-agent, marketer or administrator) and load the page \ USMap.aspx accordingly. The website searches for insurance plans based on state and zip code. Administrator users will gain access to the admin page to create new users and allow users access to certain states for searching, and that’s all.

Problem: I need code for the login page. I want to clear the code from the old site, pull out any links to appBase, make the code work with the new site and the old database and extract the links to create any temporary tables, but I'm not sure if all this mess of code does, and I'm not too good familiar with authentication. I believe the old site used IIS Active Directory Authentication? How to set it up for a new site. For a new site, I'm just working on a C # template for a web application. Is there anything better I should use? I do not see where the code really validates and issues the username and password in the database ....

Additional information: Received error: the namespace type or name does not exist in the namespace namespace (is there no assembly reference?) For BaseLogin when I add AppBase.BaseLogin to a new project. What else do I need to add to make this work? Here is the code from the old site that needs to be cleaned:

public partial class SignIn : System.Web.UI.UserControl { private void Page_Load(object sender, System.EventArgs e) { // Put user code to initialize the page here string userName; string passWord; userName = Request.QueryString["u"]; passWord = Request.QueryString["p"]; if (userName!=null && passWord!=null) { Login(DecryString(userName.Trim()),DecryString(passWord.Trim())); return; } string ls_redirectpage=""; int iCondition=0; if (userName!=null) { iCondition = userName.LastIndexOf("\\"); userName = userName.Substring(iCondition+1,userName.Length-iCondition-1); } if (userName!="" && userName!=null) { //show check the database AppBase.BaseLogin lg = new AppBase.BaseLogin(); if (lg.SignIn(userName,passWord)) { lg = null; ls_redirectpage = System.Configuration.ConfigurationManager.AppSettings.Get("RedirectPage"); if ((ls_redirectpage==null) || (ls_redirectpage=="")) { msg.Text = "Please setup 'RedirectPage' in the web.config."; } else { System.Web.HttpContext.Current.Response.Redirect(ls_redirectpage); } } lg = null; } } private void Button1_Click(object sender, System.EventArgs e) { } private void login() { bool lb_ok = false; string ls_username,ls_password, ls_sql; string ls_redirectpage=""; int li_rows=0; ls_username = username.Text; ls_password = password.Text; ls_username = ls_username.Trim(); ls_password = ls_password.Trim(); ls_sql = "ssp_sign_in_web_common"; System.Data.DataTable dt ; AppBase.BaseDbCommon dc = new AppBase.BaseDbCommon(); System.Collections.ArrayList ao_parm = new System.Collections.ArrayList (2); ao_parm.Add (dc.MakeOleInParm("as_username",System.Data.SqlDbType.VarChar,ls_username)); ao_parm.Add (dc.MakeOleInParm("as_password",System.Data.SqlDbType.VarChar,ls_password)); dt = dc.GetOleDataTable(ls_sql,ao_parm,dc.GetOleConnection()); dc = null; if (dt!=null) { li_rows = dt.Rows.Count; if (li_rows !=1) { lb_ok = false; goto condition; } if (dt.Rows[0].ItemArray.GetUpperBound(0)!=5) lb_ok = false; else lb_ok = true; } else lb_ok = false; condition: if (lb_ok) { if ((dt.Rows[0].ItemArray[5].ToString()=="1") || (dt.Rows[0].ItemArray[5].ToString()=="Y")) { Session["LogonId"] = ls_username; Session["PassWord"] = ls_password; Session["FirstName"] = dt.Rows[0].ItemArray[0].ToString(); Session["LastName"] = dt.Rows[0].ItemArray[1].ToString(); Session["Email"] = dt.Rows[0].ItemArray[2].ToString(); Session["AdminFlag"] = dt.Rows[0].ItemArray[3].ToString(); Session["LoginType"] = dt.Rows[0].ItemArray[4].ToString(); ls_redirectpage = System.Configuration.ConfigurationManager.AppSettings.Get("RedirectPage"); if ((ls_redirectpage==null) || (ls_redirectpage=="")) { msg.Text = "Please setup 'RedirectPage' in the web.config."; } else { dc = null; dt = null; Response.Redirect(ls_redirectpage); } } else msg.Text = "You are not an active account now. please contact admin."; } else { msg.Text = "Please check your user ID and password."; } dc = null; dt = null; } #region Web Form Designer generated code override protected void OnInit(EventArgs e) { // // CODEGEN: This call is required by the ASP.NET Web Form Designer. // InitializeComponent(); base.OnInit(e); } /// <summary> /// Required method for Designer support - do not modify /// the contents of this method with the code editor. /// </summary> private void InitializeComponent() { this.ImageButton1.Click += new System.Web.UI.ImageClickEventHandler(this.ImageButton1_Click); this.Load += new System.EventHandler(this.Page_Load); } #endregion private void ImageButton1_Click(object sender, System.Web.UI.ImageClickEventArgs e) { // string ls_username,ls_password; ls_username = username.Text; ls_password = password.Text; ls_username = ls_username.Trim(); ls_password = ls_password.Trim(); Login(ls_username,ls_password); } private void Login(string user,string pass) { string ls_redirectpage; bool lb_signin=false; AppBase.BaseLogin lg = new AppBase.BaseLogin(); lb_signin = lg.SignIn(user,pass,msg,Session); lg = null; if (lb_signin) { ls_redirectpage = System.Configuration.ConfigurationManager.AppSettings.Get("RedirectPage"); string path = System.Configuration.ConfigurationManager.AppSettings.Get("VirtualDirectory"); if (path.EndsWith("/")) { if (ls_redirectpage.StartsWith("/")) { ls_redirectpage = ls_redirectpage.Substring(1); } } else { if (!ls_redirectpage.StartsWith("/")) { ls_redirectpage = "/"+ls_redirectpage; } } path = path + ls_redirectpage; Response.Redirect(path); ; } } private string DecryString(string as_source) { int li_len; string temp,sTarget; char b; sTarget = ""; temp = ""; li_len = as_source.Length; if (li_len < 1) return ""; for (int li_i=0;li_i<li_len;li_i++) { temp = as_source.Substring(li_i,1); if ((int)temp.ToCharArray()[0]>96) { b = (char)(219 - (temp.ToCharArray())[0]); sTarget = sTarget + b.ToString(); } else if((int)temp.ToCharArray()[0]>64 && (int)temp.ToCharArray()[0]<91) { b = (char)(155 - (temp.ToCharArray())[0]); sTarget = sTarget + b.ToString(); } else if((int)temp.ToCharArray()[0]>47 && (int)temp.ToCharArray()[0]<58) { b = (char)(105 - (temp.ToCharArray())[0]); sTarget = sTarget + b.ToString(); } else sTarget = sTarget+temp; } return sTarget; } }

}

Any suggestions would be much appreciated! If you need any other information, let me know. Thank you !!!

0
source share
1 answer

The code above demonstrates the complete folding of your own authentication scheme. The login magic is in your AppBase.BaseLogin class. This class would have to be responsible for verifying the username and password, as well as maintaining the login state (cookie, session, database ..)

It is impossible to say - looking at this code, why the project did not use forms-based authentication. The code can be quite old (i.e. Pre ASP.NET 2.0) before the provider structure has been implemented. In this case, this may have been the only way to achieve the desired behavior. You should be able to replace everything that has been done here with forms authentication and a user membership provider. Again, this is impossible to say without knowing much more about your project.

+2
source

Source: https://habr.com/ru/post/1342688/

More articles:


All Articles