StrataFrame Forum

How to know is logged in?

http://forum.strataframe.net/Topic20856.aspx

By Chan - 11/22/2008

Hi,

How could I know if user has logged in system in Web environment?



Thank you
By Ivan George Borges - 11/23/2008

CurrentUser Overview

The MicroFour.StrataFrame.Security.SecurityBasics.CurrentUser property contains an object reference to the currently logged on user for the application. This property defaults to an instance of the MicroFour.StrataFrame.Security.AdminUser class so that all permissions will be granted unless the CurrentUser is set to another object. This default functionality provides support for the application framework when security is not being used by the application.

The SecurityBasics.CurrentUser property returns an object reference that implements the MicroFour.StrataFrame.Security.ISecurityUser interface. This interface describes methods and properties that can be used to access:

  • User's primary key (UserID or UserPK)
  • User's login name
  • User's login time
  • User's session lockout time
  • User's permissions

For more information on accessing the current user’s permissions, see Accessing Permissions Programmatically, and for more information on accessing the user’s properties, see Accessing CurrentUser Information.

The classes within the StrataFrame application framework and the StrataFrame security module that implement the ISecurityUser interface are:

  • AdminUser - When the built-in administrator credentials are used to log into the application.
  • SecurityMaintenanceUser - When the built-in security maintenance credentials were used to log into the application.
  • LoggedInUser - When a standard user’s credentials were used to log into the application.

--------------------------------------------------------------------------------------------

Differences in Web Security

Security within a web project is different than security within a Windows project in the following ways:

  • CurrentUser - SecurityBasics.CurrentUser must be configured to store an ISecurityUser object for each session.
  • Maintenance Forms - To maintain users, roles, and restriction sets, you must either create custom web-based maintenance forms or use the winform-based maintenance forms provided.
  • Object Permissions - Object permission function much the same as when using winforms, with the primary exception being the lack of form-level security keys.
  • Session Locking - Session locking is not supported within web applications.
  • Programmatic Access - Programmatic access within a web project is exactly the same as within a Windows project.

CurrentUser

When using security on the web, the SecurityBasics.CurrentUser property must be configured to store a different ISecurityUser object for each session, rather than just one for the whole AppDomain. 

This is accomplished via a configuration setting which indicates that the application is being run within a web environment.  This tells the CurrentUser property to use the current session object to retrieve and store the current ISecurityUser.  For more information, refer to the Required Global.asax Code topic.

By Chan - 11/24/2008

Hi,

Huh? do you meant I got to check Session in order to know if is logged in?
By Dustin Taylor - 11/25/2008

This is described in the help docs. As the snippet that Ivan posted points out, you use the SecurityBasics.CurrentUser property to get the currently logged in user. When operating in a web environment, you will need to make a configuration change so that the CurrentUser property will function correctly.  This configuration change is outlined in the Required Global.asax Code topic.

The pertinent instructions from that help topic are pasted below:

IsWebEnvironment

The MicroFour.StrataFrame.Security.SecurityBasics class contains the shared (static) property IsWebEnvironment.  This property is used to indicate to the security module that the security is being run from within a web application and that the session objects should be used to store the CurrentUser and other session specific data. The IsWebEnvironment property should be set at the top of the Application_Start() method within the Global.asax file.

Sample - Setting the IsWebEnvironment Property [Visual Basic]
Imports MicroFour.StrataFrame.Security
...
Protected Sub Application_Start(ByVal sender As Object, ByVal e As EventArgs)
    '-- Set the property
    SecurityBasics.IsWebEnvironment = True
End Sub


 

Sample - Setting the IsWebEnvironment Property [C#]
using MicroFour.StrataFrame.Security;
...
protected void Application_Start(object sender, EventArgs e)
{
    //-- Set the property
    SecurityBasics.IsWebEnvironment = true;
}
By Chan - 11/25/2008

Hi,

Yeah. I have set SecurityBasics.IsWebEnvironment = True. However, I still don't know how to determine whether user has already log in to system or he/she just try to access page via direct url.
By Chan - 11/27/2008

Hi,

May I know how to do it?

I still unable to figure out.



Thank you
By Hugo R. Figueroa - 11/28/2008

Hi Chan,

In Page_Load I check for the permissions of the user (if the user is a "client")

if (SecurityBasics.CurrentUser.GetPermission("client").Action != PermissionAction.Grant  )

{

Response.Redirect("default.aspx");

}

By Guillermo Vilas - 11/28/2008

Hello guys,

I think that Chan means finding a way to know if a user is already logged in into the web application. I´m pretty sure that there´s a post in here asking this functionality but in windows environment and the answer was to handle this flag using an extra table. I´ll try to find that post. Cool
By Guillermo Vilas - 11/28/2008

Ok there it is:



[url=http://forum.strataframe.net/Topic4402-21-1.aspx][/url]
By Chan - 11/28/2008

Hello guys,

I think that Chan means finding a way to know if a user is already logged in into the web application. I´m pretty sure that there´s a post in here asking this functionality but in windows environment and the answer was to handle this flag using an extra table. I´ll try to find that post.




Hi,

Yes, it is what I meant.

However, use table for this purpose might not accurate as well. It need extra afford to maintain the table.

I was thinking just to check if Session[SecurityBasics.CurrentUserWebSessionVariable] != null to determine it. Do you think it is fine?



Thank you