468,309 Members | 1,109 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,309 developers. It's quick & easy.

Strange Role-Based authentication problem!

I was making a role-based authentication but it does't login with
correct password.

the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.

in the cs files, i write the code below

protected void SubmitBtn_Click(Object sender, EventArgs e)
{
if (Authenticate(UserName.Text, Password.Text))
{
FormsAuthentication.Initialize();
SqlConnection dsn = new
SqlConnection(ConfigurationSettings.AppSettings["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlStr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@UserId",
SqlDbType.NVarChar, 20);
myUserId.Value = UserName.Text.Trim();
myCommand.Parameters.Add(myUserId);
bool bIsAdmin =
Convert.ToBoolean(myCommand.ExecuteScalar().ToStri ng());
dsn.Close();

string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.aspx";
Session["TeacherID"]=teacherID;
}

//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), true, strRole,
FormsAuthentication.FormsCookiePath);
HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)));
FormsAuthentication.SetAuthCookie(UserName.Text,tr ue);

//Cache.Add(UserName.Text,strRole,null,DateTime.MaxV alue,TimeSpan.FromHours(1),CacheItemPriority.Below Normal,null);
string strRedirect =
FormsAuthentication.GetRedirectUrl(UserName.Text,t rue);
if(strRedirect=="/iPage/default.aspx")
Response.Redirect(strDefault);
else
Response.Redirect(strRedirect);

}
else
{
ErrorMsg.Visible = true;
}
}

the web.config file of subdir i wanted to protected is

<configuration>
<location path="digitaladmin.aspx">
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>

and the Application_AuthenticateRequest in Global.asax.cs is

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.IsAuthenticated )
{
if (HttpContext.Current.User.Identity.GetType() ==
typeof(FormsIdentity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Current.User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;

String[] astrRoles = fat.UserData.Split('|');
HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
}
}
}

any help would be appreciate!

Nov 19 '05 #1
5 1687
I'd run Trace=true on your page to see if you're getting two ASP.NET forms
authentication cookies. Since you're setting the cookie manually and then
callings FormsAuth.SetAuthCookie, it's also adding in its own cookie.

-Brock
DevelopMentor
http://staff.develop.com/ballen
I was making a role-based authentication but it does't login with
correct password.

the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.

in the cs files, i write the code below

protected void SubmitBtn_Click(Object sender, EventArgs e)
{
if (Authenticate(UserName.Text, Password.Text))
{
FormsAuthentication.Initialize();
SqlConnection dsn = new
SqlConnection(ConfigurationSettings.AppSettings["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlStr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@UserId",
SqlDbType.NVarChar, 20);
myUserId.Value = UserName.Text.Trim();
myCommand.Parameters.Add(myUserId);
bool bIsAdmin =
Convert.ToBoolean(myCommand.ExecuteScalar().ToStri ng());
dsn.Close();
string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.aspx";
Session["TeacherID"]=teacherID;
}
//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), true, strRole,
FormsAuthentication.FormsCookiePath);
HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)));
FormsAuthentication.SetAuthCookie(UserName.Text,tr ue);
//Cache.Add(UserName.Text,strRole,null,DateTime.MaxV alue,TimeSpan.From
Hours(1),CacheItemPriority.BelowNormal,null);
string strRedirect =
FormsAuthentication.GetRedirectUrl(UserName.Text,t rue);
if(strRedirect=="/iPage/default.aspx")
Response.Redirect(strDefault);
else
Response.Redirect(strRedirect);
}
else
{
ErrorMsg.Visible = true;
}
}
the web.config file of subdir i wanted to protected is

<configuration>
<location path="digitaladmin.aspx">
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
and the Application_AuthenticateRequest in Global.asax.cs is

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.IsAuthenticated )
{
if (HttpContext.Current.User.Identity.GetType() ==
typeof(FormsIdentity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Current.User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
String[] astrRoles = fat.UserData.Split('|');
HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
}
}
}
any help would be appreciate!


Nov 19 '05 #2
Try doing what Bruce adviced.
Patrick

*** Sent via Developersdex http://www.developersdex.com ***
Nov 19 '05 #3
Thank you for reply.
There are no problem with FormsAuth.SetAuthCookie.
I traced it, there is no Current.User property exist in Requst object

Nov 19 '05 #4
Archer..
Try going through Scotts example here at:-
http://aspnet.4guysfromrolla.com/articles/082703-1.aspx
Patrick
**Hope it helps!!


*** Sent via Developersdex http://www.developersdex.com ***
Nov 19 '05 #5
Thank you! I find the keypoint!
It is all because of that i haven't change the "<authentication
mode="None" />" in web.config of root dir. i just create new web.config
file in subdir which is need to be protected.

Nov 19 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by tracy | last post: by
4 posts views Thread by Tjerk Wolterink | last post: by
8 posts views Thread by Mark White | last post: by
1 post views Thread by CK | last post: by
4 posts views Thread by cybertoast | last post: by
2 posts views Thread by Anthony Smith | last post: by
reply views Thread by Teichintx | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.