Logging User Dynamically in ASP.NET

The entire authentication and authorization model in ASP.NET 2.0 is quite improved from the previous version. The addition of the new Login Controls and the whole Membership and Roles Management through provider model has really made the entire security architecture easy to use yet extremely customizable.

Last night I was looking for a way to Log-In user automatically (without his password) thorugh my code, actually the scenario is that the user actually logs in from another site and is redirected to my site with the username in the request. Now I have the username, no password and how do I log this user in (or create an authentication token for him). A post from Scott Guthrie came to the rescue. An authentication token for any user even if you do not have him password can be set with

FormsAuthentication.SetAuthCookie(LoggedInUserName, False)

Where LoggedInUserName is the username for which you want to set the authentication token. Now ok I can authenticate the user and log him in but the authorization of my website is set to deny the anonymous user so the user cannot even access the Default.aspx where I actually write the above code for creating a token.

<system.web>

<authorization>

            <deny users=”?” />

</authorization>

</system.web>

There is a simple workaround to this also as you can specify different authorization for any particular path/location in your website. So the following will allow access to the default page to anonymous users but restrict rest of the site of the logged in user.

<location path=”default.aspx”>

      <system.web>

            <authorization>

                  <allow users =”*” />

            </authorization>

      </system.web>

</location>

Some good resources about ASP.NET 2.0 Authentication and Authorization and Security on the whole are as follows.

Scott Guthrie Post about ASP.NET 2.0 Security Resources

How To: Protect Forms Authentication in ASP.NET

Explained: Forms Authentication in ASP.NET 2.0

Security Guidelines: ASP.NET 2.0

Advertisements

One thought on “Logging User Dynamically in ASP.NET

  1. Howdy I am so delighted I found your blog page, I really found you by error, while I was looking
    on Aol for something else, Anyways I am here now and would just like
    to say thanks for a tremendous post and a all round entertaining blog (I also love the theme/design),
    I don’t have time to go through it all at the minute but I have book-marked it and also added in your RSS feeds, so when I have time I will be back to read more, Please do keep up the great work.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s