How to sessioning user role, location, in my ASP.NET page (without ASP.NET identity).

Question

0.00/5 (No votes)

See more:

I have a webform application in C# using SSO (Single Sign On). The Admin have to register the email account from a user and once a user has been registered to the database they can sign in into the app with their SSO Password.

My problem here is once they can enter to the site i want to get their role and their organization location code.
I have store their username in session.

Their username (their username is their email) stored in database sec_user.
Their location and role stored in database sec_role table.

C++

<pre lang="c#">

C#

string path = "LDAP://kemenkeu.go.id";

        public string HakAkses
        {
            get { return (string)Session["HakAkses"]; }
            set { Session["HakAkses"] = value; }
        }

        public bool AuthenticateUser(string path, string user, string pass)
        {
            //Return True

            DirectoryEntry de = new DirectoryEntry(path, user, pass, AuthenticationTypes.Secure);
            try
            {
                DirectorySearcher ds = new DirectorySearcher(de);
                ds.FindOne();
                return true;
            }
            catch
            {
                return false;

            }
        }

        protected void btn_entrance_Click(object sender, EventArgs e)
        {
            if (AuthenticateUser(path, txt_username.Text, txt_password.Text) == true)
            {
                string CS = ConfigurationManager.ConnectionStrings["nikita_app"].ConnectionString;
                using (SqlConnection sfe = new SqlConnection(CS))
                {
                    using (SqlCommand cbn = new SqlCommand("xp_otorisasi_user", sfe))
                    {
                        cbn.CommandType = CommandType.StoredProcedure;
                        SqlParameter paramUsername = new SqlParameter("@user_email", txt_username.Text);
                        cbn.Parameters.Add(paramUsername);
                        sfe.Open();
                        int returnCode = (int)cbn.ExecuteScalar();
                        if (returnCode == 1)
                        {
                            Response.Redirect("accueil.aspx");
                            Session["userid"] = txt_username.Text;
                        }
                        else
                        {
                            lbl_info.Text = "Daftarkan Terlebih Dahulu Username Anda ke Admin PK";
                        }
                    }
                }
            }
            else
            {
                lbl_info.Text = "Username/Password anda salah";
            }
        }

This is my c# code and here is my stored procedure

SQL

CREATE PROCEDURE [dbo].[xp_otorisasi_user]
@user_email varchar(60)

AS
BEGIN
	DECLARE @Count AS INT

	SELECT @Count = COUNT (user_email) from sec_user
	WHERE [user_email]=@user_email

	IF(@Count=1)
		BEGIN	
		SELECT 1 AS ReturnCode
	END
	ELSE
		BEGIN
		SELECT -1 AS ReturnCode
	END

END

I want to querying userrole and userlocation from database
and retrieve them in session (in asp.net page)

What I have tried:

I have try make select inside

IF(@Count=1)
BEGIN
SELECT user_role, user_location FROM sec_role WHERE user_email=@user_email
SELECT 1 AS ReturnCode
END

But i dont know whow to retrieve the user_role and user_location that have been selected to my asp.net web page

Posted 27-Sep-16 6:21am

Andreas Syaloom Kurniawan

Updated 27-Sep-16 11:21am

Sean Ewington

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Foothill · Answer 1 · 2016-09-27T11:21:00

I can't answer the location bit but for users, once a user has been authenticated, you can package a users session information (session id & other info) in an encrypted cookie that you add to each HttpWebResponse. Each HttpWebRequest made will have that cookie. It adds a bit of overhead but all you need to do is decrypt the cookie and cross-reference it against a session list maintained on the server. I have done this myself and used AES encryption for the cookies with a unique key generated for each new login. For flavor, I also made it so new keys are generated every five minutes (mitigates session hacking) and stale sessions are dropped after X minutes. You can even use a SHA512 to hash the security cookie to check for alterations on the returned cookie (mitigates man-in-the-middle attacks).