473,398 Members | 2,188 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > strange role-based authentication problem!

Join Bytes to post your question to a community of 473,398 software developers and data experts.

Strange Role-Based authentication problem!

I was making a role-based authentication but it does't login with
correct password.

the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.

in the cs files, i write the code below

protected void SubmitBtn_Click(Object sender, EventArgs e)
{
if (Authenticate(UserName.Text, Password.Text))
{
FormsAuthentication.Initialize();
SqlConnection dsn = new
SqlConnection(ConfigurationSettings.AppSettings["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlStr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@UserId",
SqlDbType.NVarChar, 20);
myUserId.Value = UserName.Text.Trim();
myCommand.Parameters.Add(myUserId);
bool bIsAdmin =
Convert.ToBoolean(myCommand.ExecuteScalar().ToStri ng());
dsn.Close();

string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.aspx";
Session["TeacherID"]=teacherID;
}

//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), true, strRole,
FormsAuthentication.FormsCookiePath);
HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)));
FormsAuthentication.SetAuthCookie(UserName.Text,tr ue);

//Cache.Add(UserName.Text,strRole,null,DateTime.MaxV alue,TimeSpan.FromHours(1),CacheItemPriority.Below Normal,null);
string strRedirect =
FormsAuthentication.GetRedirectUrl(UserName.Text,t rue);
if(strRedirect=="/iPage/default.aspx")
Response.Redirect(strDefault);
else
Response.Redirect(strRedirect);

}
else
{
ErrorMsg.Visible = true;
}
}

the web.config file of subdir i wanted to protected is

<configuration>
<location path="digitaladmin.aspx">
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>

and the Application_AuthenticateRequest in Global.asax.cs is

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.IsAuthenticated )
{
if (HttpContext.Current.User.Identity.GetType() ==
typeof(FormsIdentity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Current.User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;

String[] astrRoles = fat.UserData.Split('|');
HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
}
}
}

any help would be appreciate!

Nov 19 '05 #1
5 1900
I'd run Trace=true on your page to see if you're getting two ASP.NET forms
authentication cookies. Since you're setting the cookie manually and then
callings FormsAuth.SetAuthCookie, it's also adding in its own cookie.

-Brock
DevelopMentor
http://staff.develop.com/ballen
I was making a role-based authentication but it does't login with
correct password.

the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.

in the cs files, i write the code below

protected void SubmitBtn_Click(Object sender, EventArgs e)
{
if (Authenticate(UserName.Text, Password.Text))
{
FormsAuthentication.Initialize();
SqlConnection dsn = new
SqlConnection(ConfigurationSettings.AppSettings["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlStr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@UserId",
SqlDbType.NVarChar, 20);
myUserId.Value = UserName.Text.Trim();
myCommand.Parameters.Add(myUserId);
bool bIsAdmin =
Convert.ToBoolean(myCommand.ExecuteScalar().ToStri ng());
dsn.Close();
string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.aspx";
Session["TeacherID"]=teacherID;
}
//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), true, strRole,
FormsAuthentication.FormsCookiePath);
HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)));
FormsAuthentication.SetAuthCookie(UserName.Text,tr ue);
//Cache.Add(UserName.Text,strRole,null,DateTime.MaxV alue,TimeSpan.From
Hours(1),CacheItemPriority.BelowNormal,null);
string strRedirect =
FormsAuthentication.GetRedirectUrl(UserName.Text,t rue);
if(strRedirect=="/iPage/default.aspx")
Response.Redirect(strDefault);
else
Response.Redirect(strRedirect);
}
else
{
ErrorMsg.Visible = true;
}
}
the web.config file of subdir i wanted to protected is

<configuration>
<location path="digitaladmin.aspx">
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
and the Application_AuthenticateRequest in Global.asax.cs is

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.IsAuthenticated )
{
if (HttpContext.Current.User.Identity.GetType() ==
typeof(FormsIdentity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Current.User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
String[] astrRoles = fat.UserData.Split('|');
HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
}
}
}
any help would be appreciate!


Nov 19 '05 #2
Try doing what Bruce adviced.
Patrick

*** Sent via Developersdex http://www.developersdex.com ***
Nov 19 '05 #3
Thank you for reply.
There are no problem with FormsAuth.SetAuthCookie.
I traced it, there is no Current.User property exist in Requst object

Nov 19 '05 #4
Archer..
Try going through Scotts example here at:-
http://aspnet.4guysfromrolla.com/articles/082703-1.aspx
Patrick
**Hope it helps!!


*** Sent via Developersdex http://www.developersdex.com ***
Nov 19 '05 #5
Thank you! I find the keypoint!
It is all because of that i haven't change the "<authentication
mode="None" />" in web.config of root dir. i just create new web.config
file in subdir which is need to be protected.

Nov 19 '05 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
copy a role
by: tracy | last post by:
hi, just wonder, can we copy a role then add some new priviledges to the new role. hm.. i means, example; now i have a role named role_a. Then I copy role_a to create role_b. After I created...
Oracle Database
2
Granting the privileges of existing objects within a schema to a new role
by: Ted | last post by:
How do I grant all privileges for a schema that has a large number of existing tables, procedures, functions, etc to a newly created role, without having to issue a grant statement for each object...
Oracle Database
1
How to write a function that will return true if user is in a certain role?
by: Tom Dauria | last post by:
I have a SQL database with an Access front end. In the database I have a read only and a read write role. When a read only user opens the database I want all the fields on the form to be locked...
Microsoft SQL Server
2
Script to copy permissions for all objects given to a user or a role
by: gudia | last post by:
How would I, using a sql script, copy permissions assigned to a user or a role in one or more databases to another user or a role in their respective databases? Help appreciated
Microsoft SQL Server
4
strange xml xpath xsl error:
by: Tjerk Wolterink | last post by:
I've xml code like this: roles.xml: <?xml version="1.0" encoding="ISO-8859-1"?> <roles xmlns="http://www.wolterinkwebdesign.com/xml/roles"> <!-- ! The admin role. ! And admin should have...
.NET Framework
8
Role of current windows login user
by: Mark White | last post by:
Hey everyone I'm having a great deal of problems finding this information through google and yahoo, so I turn to you on this. I have a Windows app running on XP. I am able to caputre the...
C# / C Sharp
0
Sorting gridview withe role and membership data
by: ferherra | last post by:
Hi, Hope someone can help... I databind my gridview (asp.net 2.0) like this: GridView1.DataSource = Membership.GetAllUsers(); (MembershipUserCollection) GridView1.DataBind(); In the...
C# / C Sharp
1
Custom Role Provider
by: CK | last post by:
Does anyone have any experience with this? We have an exisitng sql database with user and role info. I need to write a custom role provider to use this data. Does anyone have any examples of this...
ASP.NET
4
automated role creation
by: cybertoast | last post by:
i seem to have some misunderstanding about how roles work in sql server 2005. i see that i can add a role to a database (dbname->->properties->permissions->. THis allows me to add either users or...
Microsoft SQL Server
2
Design question: User objects and a Role object
by: Anthony Smith | last post by:
I have a user object that is set when a user logs in. There are also permissions that I get about the user from a web service. Currently I take the results from those web services and store them as...
PHP
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!