getting info from login control

Question

I'm a student writing project for my degree and I'm trying to understand asp.net Membership and user management.

I read a lot of articles, some were handy but some just confused me. after reading this: Examining ASP.NET's Membership, Roles, and Profile

I defined a SqlMembershipProvider which created user database for me in my sql server. Then I defined some users from .net's administration tool and added a login control to my aspx page.

my questions are:

• where does the control save the information about the user logged in? and how can I access it?

• how can I define a login function myself which validates the user and redirect him to another page?

• how do I use the loginstatus control in the new page to show information about different users logged in or anonymous?

• I want to restrict certain pages to certain users, and to builid dynamic pages based on different users. do I need to define roles and check for a user role?

• what more membership functions can I use to help me manage users and roles?

this the config file after defining the provider and the connection string:

<configuration>
    <connectionStrings>
        <add name="igroup20_test2ConnectionString" connectionString="Data Source=Media.ruppin.ac.il;Initial Catalog=igroup20_test2;User ID=igroup20;Password=********" providerName="System.Data.SqlClient"/>
    </connectionStrings>
    <system.web>
        <authentication mode="Forms"/>
        <compilation debug="true" targetFramework="4.0"/>
        <membership defaultProvider="CustomizedProvider">
            <providers>
                <add name="CustomizedProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="igroup20_test2ConnectionString" applicationName="ScottsProject" minRequiredPasswordLength="4" minRequiredNonalphanumericCharacters="0"/>
            </providers>
        </membership>
    </system.web>
</configuration>

Those are the tables the provider created in the ms sql server:

aspnet_Applications
aspnet_Membership
aspnet_Paths
aspnet_PersonalizationAllUsers
aspnet_PersonalizationPerUser
aspnet_Profile
aspnet_Roles
aspnet_SchemaVersions
aspnet_Users
aspnet_UsersInRoles
aspnet_WebEvent_Events

I would really appriciate your answers : )

Answer 1

where does the control save the information about the user logged in? and how can I access it?

You probably means here, where the login control saves the credential informations and let that user login and see the secure pages. All the informations are stored encrypted on the login cookie. Its only save on the database the last login, and on a counter for the total fails.

You can read it by:

var authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];

I want to restrict certain pages to certain users, and to builid dynamic pages based on different users. do I need to define roles and check for a user role?

Yes this is what you must do.

how can I define a login function myself which validates the user and redirect him to another page?

Here you can ether use the login control to interfere with the login process using the OnLoggingIn="OnLogginIn" and return e.Cancel = true; to cancel the login or true to let it continue.

Or you can create a new credential cookie, eg: How can I manually create a authentication cookie instead of the default method?

what more membership functions can I use to help me manage users and roles?

From the moment you know the database tables of the login module and the way they work, you can direct change them using SQL.

how can I define a login function myself which validates the user and redirect him to another page?

You can use the User Profile to store extra parameters and then use them on your code. Storing user preferences in Web Application

On the login control the OnLoggedIn="OnLoggedIn" is the final call that you can read that parametre and send the user to the correct page.