windows authentication and putting queried data into session state

  • Thread starter Thread starter nem.usenet
  • Start date Start date
N

nem.usenet

Hi everyone,

I searched for this but with little luck. I'm working on a project and
need to do the following:
1. have a user authenticate to an ASP.net site using windows
authentication
2. take either HttpContext.User or HttpContext.Current.User as the
parameter for a stored procedure that will draw some simple data on
that user.
3. put those bits of data into session (just a handful of fields,
nothing big).
4. then use that session data for prepopulating forms, pulling up
relevant data and navigation, etc.

I will use security settings from IIS to control access to particular
directories or files, but wondered if this is a smart way to do it?
Any big security risks? I want to capitalize on about 200 users
already having active directory accounts, but favor using session to
hold data that AD doesn't have in it.

Any suggestions? What would that query look like (from #2 above)?

thanks,
NEM
 
Hi everyone,

I searched for this but with little luck. I'm working on a project and
need to do the following:
1. have a user authenticate to an ASP.net site using windows
authentication
2. take either HttpContext.User or HttpContext.Current.User as the
parameter for a stored procedure that will draw some simple data on
that user.
3. put those bits of data into session (just a handful of fields,
nothing big).
4. then use that session data for prepopulating forms, pulling up
relevant data and navigation, etc.

I will use security settings from IIS to control access to particular
directories or files, but wondered if this is a smart way to do it?
Any big security risks? I want to capitalize on about 200 users
already having active directory accounts, but favor using session to
hold data that AD doesn't have in it.

Any suggestions? What would that query look like (from #2 above)?

thanks,
NEM
Click to expand...

In your web.config file you would be using
<system.web>
<authentication mode="Windows">
</system.web>

To get the username you would use the following code:
HttpContext.Current.User.Identity.Name

What I have done in the past is to create my own CustomUser class that
takes care of that for me. So you would have properties for all of
the various things you are storing in the database (first name, last
name, email, birthdate, etc). Then I would have a constructor with no
parameters that grabs the username from the current context (as above)
and then calls a stored procedure that would return the information
and set all of the properties of the object.

That way you still use an object to store your user information
keeping it all in one tightly bundled place instead of using
Session["userFirstName"], Session["userLastName"], etc. You can still
store the CustomUser object in Session so that you don't ahve to hit
up the database every page.

Hope that helps.
 
Back
Top