I have followed a tutorial to implement LDAP (Active Directory) authentication to an ASP.NET/C# 4.0 Web Application. I have the authentication working, and am able to log in under a user of our domain. The next step however is not covered in this tutorial, where I need to keep a session-specific object with some variable data.
Now that I have LDAP authentication working, I’m making a class to wrap the session. However, I’m not sure how I can create this session in a way that it will stay active through all this user’s requests. In Globals.asax, I have utilized Application_AuthenticateRequest as required in the tutorial. I’m assuming there’s something I need to do here, but since I’m new to C# (more familiar with Delphi), I don’t know where I need to actually declare/create this user class instance.
This class contains some things I’d like to keep accessible throughout this user’s session, assuming of course the server will stay running throughout this time. For example, a dataset containing product data, which the user may request various parts of this same dataset in different requests. Therefore, it must stay accessible throughout the entire user’s session, not just that single HTTP request.
I think you should have a look at Forms authentication for asp.net.
Web.config:
After you have managed to log in your visitor using ldap you can log in that visitor in your web-application with very little code:
I would also give you an advice about using Session. Jeffery gives you a simple example of how to use the Session object. But don’t go store multiple single values in Session; instead create a class like ‘VisitorInformation’ with all properties you will need. And then make a static manager that sets and gets that visitor information.
This way you won’t sprinkle your code with calls to session all over the place, with the increasing risk of spelling a key wrong or getting values out of sync.