473,545 Members | 1,773 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Strange Role-Based authentication problem!

I was making a role-based authentication but it does't login with
correct password.

the HttpContext.Cur rent.User recieved in Global.asax is always null.
Request.IsAuthe nticated is always false.

in the cs files, i write the code below

protected void SubmitBtn_Click (Object sender, EventArgs e)
{
if (Authenticate(U serName.Text, Password.Text))
{
FormsAuthentica tion.Initialize ();
SqlConnection dsn = new
SqlConnection(C onfigurationSet tings.AppSettin gs["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlS tr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@ UserId",
SqlDbType.NVarC har, 20);
myUserId.Value = UserName.Text.T rim();
myCommand.Param eters.Add(myUse rId);
bool bIsAdmin =
Convert.ToBoole an(myCommand.Ex ecuteScalar().T oString());
dsn.Close();

string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx ";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.as px";
Session["TeacherID"]=teacherID;
}

//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthentica tionTicket fat = new FormsAuthentica tionTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.Ad dMinutes(30), true, strRole,
FormsAuthentica tion.FormsCooki ePath);
HttpContext.Cur rent.Response.C ookies.Add(new
HttpCookie(Form sAuthentication .FormsCookieNam e,
FormsAuthentica tion.Encrypt(fa t)));
FormsAuthentica tion.SetAuthCoo kie(UserName.Te xt,true);

//Cache.Add(UserN ame.Text,strRol e,null,DateTime .MaxValue,TimeS pan.FromHours(1 ),CacheItemPrio rity.BelowNorma l,null);
string strRedirect =
FormsAuthentica tion.GetRedirec tUrl(UserName.T ext,true);
if(strRedirect= ="/iPage/default.aspx")
Response.Redire ct(strDefault);
else
Response.Redire ct(strRedirect) ;

}
else
{
ErrorMsg.Visibl e = true;
}
}

the web.config file of subdir i wanted to protected is

<configuratio n>
<location path="digitalad min.aspx">
<system.web>
<authenticati on mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorizatio n>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authenticati on mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorizatio n>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>

and the Application_Aut henticateReques t in Global.asax.cs is

if (!(HttpContext. Current.User == null))
{
if (HttpContext.Cu rrent.User.Iden tity.IsAuthenti cated)
{
if (HttpContext.Cu rrent.User.Iden tity.GetType() ==
typeof(FormsIde ntity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Cur rent.User.Ident ity;
FormsAuthentica tionTicket fat = fi.Ticket;

String[] astrRoles = fat.UserData.Sp lit('|');
HttpContext.Cur rent.User = new GenericPrincipa l(fi, astrRoles);
}
}
}

any help would be appreciate!

Nov 19 '05 #1
5 1913
I'd run Trace=true on your page to see if you're getting two ASP.NET forms
authentication cookies. Since you're setting the cookie manually and then
callings FormsAuth.SetAu thCookie, it's also adding in its own cookie.

-Brock
DevelopMentor
http://staff.develop.com/ballen
I was making a role-based authentication but it does't login with
correct password.

the HttpContext.Cur rent.User recieved in Global.asax is always null.
Request.IsAuthe nticated is always false.

in the cs files, i write the code below

protected void SubmitBtn_Click (Object sender, EventArgs e)
{
if (Authenticate(U serName.Text, Password.Text))
{
FormsAuthentica tion.Initialize ();
SqlConnection dsn = new
SqlConnection(C onfigurationSet tings.AppSettin gs["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlS tr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@ UserId",
SqlDbType.NVarC har, 20);
myUserId.Value = UserName.Text.T rim();
myCommand.Param eters.Add(myUse rId);
bool bIsAdmin =
Convert.ToBoole an(myCommand.Ex ecuteScalar().T oString());
dsn.Close();
string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx ";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.as px";
Session["TeacherID"]=teacherID;
}
//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthentica tionTicket fat = new FormsAuthentica tionTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.Ad dMinutes(30), true, strRole,
FormsAuthentica tion.FormsCooki ePath);
HttpContext.Cur rent.Response.C ookies.Add(new
HttpCookie(Form sAuthentication .FormsCookieNam e,
FormsAuthentica tion.Encrypt(fa t)));
FormsAuthentica tion.SetAuthCoo kie(UserName.Te xt,true);
//Cache.Add(UserN ame.Text,strRol e,null,DateTime .MaxValue,TimeS pan.From
Hours(1),CacheI temPriority.Bel owNormal,null);
string strRedirect =
FormsAuthentica tion.GetRedirec tUrl(UserName.T ext,true);
if(strRedirect= ="/iPage/default.aspx")
Response.Redire ct(strDefault);
else
Response.Redire ct(strRedirect) ;
}
else
{
ErrorMsg.Visibl e = true;
}
}
the web.config file of subdir i wanted to protected is

<configuratio n>
<location path="digitalad min.aspx">
<system.web>
<authenticati on mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorizatio n>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authenticati on mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorizatio n>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
and the Application_Aut henticateReques t in Global.asax.cs is

if (!(HttpContext. Current.User == null))
{
if (HttpContext.Cu rrent.User.Iden tity.IsAuthenti cated)
{
if (HttpContext.Cu rrent.User.Iden tity.GetType() ==
typeof(FormsIde ntity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Cur rent.User.Ident ity;
FormsAuthentica tionTicket fat = fi.Ticket;
String[] astrRoles = fat.UserData.Sp lit('|');
HttpContext.Cur rent.User = new GenericPrincipa l(fi, astrRoles);
}
}
}
any help would be appreciate!


Nov 19 '05 #2
Try doing what Bruce adviced.
Patrick

*** Sent via Developersdex http://www.developersdex.com ***
Nov 19 '05 #3
Thank you for reply.
There are no problem with FormsAuth.SetAu thCookie.
I traced it, there is no Current.User property exist in Requst object

Nov 19 '05 #4
Archer..
Try going through Scotts example here at:-
http://aspnet.4guysfromrolla.com/articles/082703-1.aspx
Patrick
**Hope it helps!!


*** Sent via Developersdex http://www.developersdex.com ***
Nov 19 '05 #5
Thank you! I find the keypoint!
It is all because of that i haven't change the "<authenticatio n
mode="None" />" in web.config of root dir. i just create new web.config
file in subdir which is need to be protected.

Nov 19 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
7158
copy a role
by: tracy | last post by:
hi, just wonder, can we copy a role then add some new priviledges to the new role. hm.. i means, example; now i have a role named role_a. Then I copy role_a to create role_b. After I created role_b from role_a, i would like to revoke some privileges in role_b without affecting role_a. Can I and how to write the script? regards, tracy
Oracle Database
2
8551
Granting the privileges of existing objects within a schema to a new role
by: Ted | last post by:
How do I grant all privileges for a schema that has a large number of existing tables, procedures, functions, etc to a newly created role, without having to issue a grant statement for each object and each privilege? I want the role to have all of the rights of the schema owner. Is there any kind of blanket granting of all privileges to a...
Oracle Database
1
2010
How to write a function that will return true if user is in a certain role?
by: Tom Dauria | last post by:
I have a SQL database with an Access front end. In the database I have a read only and a read write role. When a read only user opens the database I want all the fields on the form to be locked so that the user will not try to change data and get an error from the server. Right now I am doing that with a table. But it's a hassle to have...
Microsoft SQL Server
2
5432
Script to copy permissions for all objects given to a user or a role
by: gudia | last post by:
How would I, using a sql script, copy permissions assigned to a user or a role in one or more databases to another user or a role in their respective databases? Help appreciated
Microsoft SQL Server
4
1533
strange xml xpath xsl error:
by: Tjerk Wolterink | last post by:
I've xml code like this: roles.xml: <?xml version="1.0" encoding="ISO-8859-1"?> <roles xmlns="http://www.wolterinkwebdesign.com/xml/roles"> <!-- ! The admin role. ! And admin should have all permisions to do its task !
.NET Framework
8
4884
Role of current windows login user
by: Mark White | last post by:
Hey everyone I'm having a great deal of problems finding this information through google and yahoo, so I turn to you on this. I have a Windows app running on XP. I am able to caputre the user's Name property in the WindowsPrincipal's IIdentity interface. Where can I find the role that the user is assigned for the current login? I only...
C# / C Sharp
0
2068
Sorting gridview withe role and membership data
by: ferherra | last post by:
Hi, Hope someone can help... I databind my gridview (asp.net 2.0) like this: GridView1.DataSource = Membership.GetAllUsers(); (MembershipUserCollection) GridView1.DataBind(); In the GridView1_RowDataBound eventhandler I'm getting the user role for each user (each user will only have and
C# / C Sharp
1
4793
Custom Role Provider
by: CK | last post by:
Does anyone have any experience with this? We have an exisitng sql database with user and role info. I need to write a custom role provider to use this data. Does anyone have any examples of this being done? I have googled it and I see on MSDN an XMLReadOnlyRoleProvider. I need something similiar to this. When writing a custom role provider,...
ASP.NET
4
3519
automated role creation
by: cybertoast | last post by:
i seem to have some misunderstanding about how roles work in sql server 2005. i see that i can add a role to a database (dbname->->properties->permissions->. THis allows me to add either users or roles. Users can be added programmatically using sp_grantdbaccess @username, but this does not allow for addition of roles to access the database...
Microsoft SQL Server
2
1872
Design question: User objects and a Role object
by: Anthony Smith | last post by:
I have a user object that is set when a user logs in. There are also permissions that I get about the user from a web service. Currently I take the results from those web services and store them as XML in the user object so I can parse it when I need to look at them. I wanted to turn the xml permissions into ROle objects, but does that mean...
PHP
0
7457
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
General
0
7391
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
Windows Server
0
7651
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
C / C++
0
7802
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
Online Marketing
1
7410
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
Windows Server
1
5320
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
Microsoft Access / VBA
0
3438
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
1010
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
693
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us