Using BlogEngineNet Login Information

Oct 8, 2010 at 9:33 PM

First off, I am so happy and glad I use this Blog, I love it!

I know very little how the login process works on BlogEngineNet however I do believe the system uses cookies to save login information and the like.

How can I use this login cookie on the rest of my site? I would like to only have one login for the whole site and I love how the blog handles the users in the database. I am just looking for something to show the user he is logged in, like right now I look up and see it says "fafhrdd" is logged in. I would also want other things to be done, like the ability to vote on pages outside my blog or have side bar comments outside the blog (yes I understand the blog has a great page feature and you can vote/comment on it but I am looking for something outside this area).

While I am not a huge coder I know my way around but would love any input, any insight, or any help I can get! My server is running ASP on a windows server if that matters.

THANKS!

Coordinator
Oct 10, 2010 at 4:37 AM

BE is using the built-in ASP.NET Membership and Role system.

If your other pages are in the same website/application, you could access the logged in user via User.Identity.Name, for example.

There's some good tutorials on this here.

Oct 11, 2010 at 8:26 PM

Thank you for the quick reply!

Yes my other pages are located on the same server with the same database however I am slightly confused. I am using ASP Classic for my pages and applications that I am making and not ASP.net which is odd since I did not know my host did ASP.net since I have not upgraded it but it must work if the blog works.

Thanks again! I will check out what posted and I will see what I find out :)

Oct 14, 2010 at 1:56 AM

Does the blog use IIS settings, cookies, or third party components to handle the authentication of users? If I wanted to see what part of the blog does user authentication what file would I look at?

I was looking at the login.aspx and login.aspx.cs and it seems like something I would start with but that is if you call up the login page. How does each page on the blog (or the blogs main page) validate the user (or the admin for that matter) and pull up the admin's control panel?

Thanks!

Coordinator
Oct 14, 2010 at 8:42 AM

BE is configured to use Forms Authentication, the main authentication method available in ASP.NET.  You can see this in the Web.config file:

 

<authentication mode="Forms">
	<forms timeout="129600" name=".AUXBLOGENGINE" protection="All"
		slidingExpiration="true" loginUrl="~/Account/login.aspx" cookieless="UseCookies"/>
</authentication>

 

Forms authentication is configured here to use the cookie .AUXBLOGENGINE (see above).  Roles are also being used.  This is configured in the Web.config file too:

<roleManager defaultProvider="XmlRoleProvider" enabled="true"
    cacheRolesInCookie="true" cookieName=".BLOGENGINEROLES">

Typically though, I don't believe you can access ASP.NET Forms authentication or roles data from classic ASP.  The forms authentication cookie and roles are encrypted and decrypted within the ASP.NET environment.  There might exist some ways to access the login data from classic ASP ... a Google search would probably turn up a bunch of hits.

The BE login page is using the built-in ASP.NET Login control which handles passing the information entered in to the membership provider to check and make sure the password is correct.  This process can be done manually without using the Login control as well.  It can be done manually because the membership system exposes an API to log people in under, check their roles, etc.

The admin menu (to go to the control panel) is defined in the Web.sitemap file in the root folder.  This defines the menu items as well as the Roles required for the user to have in order to access those menu items.  In the /admin folder there's a file named menu.ascx.cs that looks at this Web.sitemap file and outputs hyperlinks that the current user has access to.

Security is also enforced with the Web.config files in the subfolders.  There's a Web.config file in the /admin folder, as well as the /admin/pages folder, and some other folders as well.  These Web.config files define which users and which roles are allowed to access the folder and pages within the folder.

In summary, there's basically a lot of different components at work that make up the whole system.  Some of the authentication is handled by BE code when it checks a user's role to see if they can do something.  But a lot of of the authentication is automatically enforced by ASP.NET.  If a web.config file says that only "admins" can access a page, ASP.NET makes sure that when that page is being accessed, the person accessing it is logged in and in the "admins" role.  This type of security automatically occurs without any special coding.

Jan 22, 2011 at 1:06 PM

I have been trying to get this to work in ASP classic (not ASP.NET) for some time now... I either ran into a dead end or I have found something.

I am currently working off of this concept: http://www.4guysfromrolla.com/webtech/050499-1.shtml

If you look at the site I posted above you can see the conpect... I have created an global.asa file and inside that setup a session to indicate a false log in (Session("bolAuthenticated") = False).

Now I would like to, if the user's login is false, instead of forwarding the user to the "/authenticate.asp" page in the example I could forward the user to blogengine.net auth page.

The only step left would be to add SOMETHING into the blogengine.net authenticate process or page that changes the Session("bolAuthenticated") to true. Not knowing much about ASP.NET could you lead me in the right direction? I would image this is doable even though I am creating a session in ASP classic and just editing that same session varable in ASP.NET?