472,782 Members | 920 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > strange role-based authentication problem!

Join Bytes to post your question to a community of 472,782 software developers and data experts.

Strange Role-Based authentication problem!

I was making a role-based authentication but it does't login with
correct password.

the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.

in the cs files, i write the code below

protected void SubmitBtn_Click(Object sender, EventArgs e)
{
if (Authenticate(UserName.Text, Password.Text))
{
FormsAuthentication.Initialize();
SqlConnection dsn = new
SqlConnection(ConfigurationSettings.AppSettings["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlStr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@UserId",
SqlDbType.NVarChar, 20);
myUserId.Value = UserName.Text.Trim();
myCommand.Parameters.Add(myUserId);
bool bIsAdmin =
Convert.ToBoolean(myCommand.ExecuteScalar().ToStri ng());
dsn.Close();

string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.aspx";
Session["TeacherID"]=teacherID;
}

//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), true, strRole,
FormsAuthentication.FormsCookiePath);
HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)));
FormsAuthentication.SetAuthCookie(UserName.Text,tr ue);

//Cache.Add(UserName.Text,strRole,null,DateTime.MaxV alue,TimeSpan.FromHours(1),CacheItemPriority.Below Normal,null);
string strRedirect =
FormsAuthentication.GetRedirectUrl(UserName.Text,t rue);
if(strRedirect=="/iPage/default.aspx")
Response.Redirect(strDefault);
else
Response.Redirect(strRedirect);

}
else
{
ErrorMsg.Visible = true;
}
}

the web.config file of subdir i wanted to protected is

<configuration>
<location path="digitaladmin.aspx">
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>

and the Application_AuthenticateRequest in Global.asax.cs is

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.IsAuthenticated )
{
if (HttpContext.Current.User.Identity.GetType() ==
typeof(FormsIdentity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Current.User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;

String[] astrRoles = fat.UserData.Split('|');
HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
}
}
}

any help would be appreciate!

Nov 19 '05 #1
5 1862
I'd run Trace=true on your page to see if you're getting two ASP.NET forms
authentication cookies. Since you're setting the cookie manually and then
callings FormsAuth.SetAuthCookie, it's also adding in its own cookie.

-Brock
DevelopMentor
http://staff.develop.com/ballen
I was making a role-based authentication but it does't login with
correct password.

the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.

in the cs files, i write the code below

protected void SubmitBtn_Click(Object sender, EventArgs e)
{
if (Authenticate(UserName.Text, Password.Text))
{
FormsAuthentication.Initialize();
SqlConnection dsn = new
SqlConnection(ConfigurationSettings.AppSettings["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlStr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@UserId",
SqlDbType.NVarChar, 20);
myUserId.Value = UserName.Text.Trim();
myCommand.Parameters.Add(myUserId);
bool bIsAdmin =
Convert.ToBoolean(myCommand.ExecuteScalar().ToStri ng());
dsn.Close();
string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.aspx";
Session["TeacherID"]=teacherID;
}
//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), true, strRole,
FormsAuthentication.FormsCookiePath);
HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)));
FormsAuthentication.SetAuthCookie(UserName.Text,tr ue);
//Cache.Add(UserName.Text,strRole,null,DateTime.MaxV alue,TimeSpan.From
Hours(1),CacheItemPriority.BelowNormal,null);
string strRedirect =
FormsAuthentication.GetRedirectUrl(UserName.Text,t rue);
if(strRedirect=="/iPage/default.aspx")
Response.Redirect(strDefault);
else
Response.Redirect(strRedirect);
}
else
{
ErrorMsg.Visible = true;
}
}
the web.config file of subdir i wanted to protected is

<configuration>
<location path="digitaladmin.aspx">
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
and the Application_AuthenticateRequest in Global.asax.cs is

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.IsAuthenticated )
{
if (HttpContext.Current.User.Identity.GetType() ==
typeof(FormsIdentity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Current.User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
String[] astrRoles = fat.UserData.Split('|');
HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
}
}
}
any help would be appreciate!


Nov 19 '05 #2
Try doing what Bruce adviced.
Patrick

*** Sent via Developersdex http://www.developersdex.com ***
Nov 19 '05 #3
Thank you for reply.
There are no problem with FormsAuth.SetAuthCookie.
I traced it, there is no Current.User property exist in Requst object

Nov 19 '05 #4
Archer..
Try going through Scotts example here at:-
http://aspnet.4guysfromrolla.com/articles/082703-1.aspx
Patrick
**Hope it helps!!


*** Sent via Developersdex http://www.developersdex.com ***
Nov 19 '05 #5
Thank you! I find the keypoint!
It is all because of that i haven't change the "<authentication
mode="None" />" in web.config of root dir. i just create new web.config
file in subdir which is need to be protected.

Nov 19 '05 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
copy a role
by: tracy | last post by:
hi, just wonder, can we copy a role then add some new priviledges to the new role. hm.. i means, example; now i have a role named role_a. Then I copy role_a to create role_b. After I created...
Oracle Database
2
Granting the privileges of existing objects within a schema to a new role
by: Ted | last post by:
How do I grant all privileges for a schema that has a large number of existing tables, procedures, functions, etc to a newly created role, without having to issue a grant statement for each object...
Oracle Database
1
How to write a function that will return true if user is in a certain role?
by: Tom Dauria | last post by:
I have a SQL database with an Access front end. In the database I have a read only and a read write role. When a read only user opens the database I want all the fields on the form to be locked...
Microsoft SQL Server
2
Script to copy permissions for all objects given to a user or a role
by: gudia | last post by:
How would I, using a sql script, copy permissions assigned to a user or a role in one or more databases to another user or a role in their respective databases? Help appreciated
Microsoft SQL Server
4
strange xml xpath xsl error:
by: Tjerk Wolterink | last post by:
I've xml code like this: roles.xml: <?xml version="1.0" encoding="ISO-8859-1"?> <roles xmlns="http://www.wolterinkwebdesign.com/xml/roles"> <!-- ! The admin role. ! And admin should have...
.NET Framework
8
Role of current windows login user
by: Mark White | last post by:
Hey everyone I'm having a great deal of problems finding this information through google and yahoo, so I turn to you on this. I have a Windows app running on XP. I am able to caputre the...
C# / C Sharp
0
Sorting gridview withe role and membership data
by: ferherra | last post by:
Hi, Hope someone can help... I databind my gridview (asp.net 2.0) like this: GridView1.DataSource = Membership.GetAllUsers(); (MembershipUserCollection) GridView1.DataBind(); In the...
C# / C Sharp
1
Custom Role Provider
by: CK | last post by:
Does anyone have any experience with this? We have an exisitng sql database with user and role info. I need to write a custom role provider to use this data. Does anyone have any examples of this...
ASP.NET
4
automated role creation
by: cybertoast | last post by:
i seem to have some misunderstanding about how roles work in sql server 2005. i see that i can add a role to a database (dbname->->properties->permissions->. THis allows me to add either users or...
Microsoft SQL Server
2
Design question: User objects and a Role object
by: Anthony Smith | last post by:
I have a user object that is set when a user logs in. There are also permissions that I get about the user from a web service. Currently I take the results from those web services and store them as...
PHP
0
How to Become a Cyber Security Engineer
by: Rina0 | last post by:
Cybersecurity engineering is a specialized field that focuses on the design, development, and implementation of systems, processes, and technologies that protect against cyber threats and...
Security
3
isladogs
Access Europe meeting on Wed 2 August - An Access Developer Guide to creating applications in Blazor
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 2 August 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
linyimin
Speedup your spring application
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
General
0
Development of Funny H5 Game - Toy Claw
by: kcodez | last post by:
As a H5 game development enthusiast, I recently wrote a very interesting little game - Toy Claw ((http://claw.kjeek.com/))。Here I will summarize and share the development experience here, and hope it...
HTML / CSS
14
DJRhino1175
Cancel Print Action if Sub form has No Records
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
Microsoft Access / VBA
5
To verify entry of a dropdown
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
Microsoft Access / VBA
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
0
How does React native implement an English player?
by: lllomh | last post by:
How does React native implement an English player?
Mobile Development
2
Windows 11 and Access Combo Box Issue
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!