By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,028 Members | 1,784 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,028 IT Pros & Developers. It's quick & easy.

asp.net problem

P: n/a

Hi

I have an asp.net 2.0 project and am experiencing a problem.

In the project, I am trying to make use of Membership.

I have one Role, called "Basic User" and two users - "admin" and "test".

"admin" is a member of the Role but "test" is not.

I have only a few pages in the project at the moment: -

.. SecurePage.aspx - The page I want only authenticated users that are
members of the Role to use.

.. Login.aspx - Login page

.. Unauthorized.aspx - Informs user that they cannot view the secure page
because of a lack of permissions

SecurePage.aspx just contains a ChangePassword control.

Unauthorized.aspx has some text and a LoginStatus control.

So in the SecurePage.aspx, I have this code to handle this: -

Protected Sub form1_Load(ByVal sender As Object, ByVal e As
System.EventArgs)

If User.Identity.IsAuthenticated = False Then
Server.Transfer("login.aspx")
End If

If Roles.IsUserInRole("Basic User") = False Then
Server.Transfer("unauthorized.aspx")
End If

End Sub

If I go to the SecurePage and am not authenticated, it transfers me to
login.aspx.

If I then login with the user "admin", which is in the Role "Basic User", it
works ok.

If I first login with "test", which is NOT in the Role, then I am transfered
to the "unauthorized.aspx" page.

Upto this point, this is fine.

However, if I click "Logout" on the LoginStatus control on the
"unauthorized" page it refreshes and changes to display "Login".

So, if I then click "Login", I am taken back to the login page. The URL in
the address bar at this point is: -

http://localhost:1489/Lesson09/login...uthorized.aspx

If I then login with using "admin" - which is a member of the Role - this is
where I get a problem.

Instead of being taken to the SecurePage.aspx as expected, I get taken back
to the "unauthorized.aspx" page.

This is obviously wrong.

Now, I know that this should work but does anybody know why it is not
working?

Is there some settings or something I need to change on my PC? Am I missing
a step or not doing something?

I've checked the obvious things - like that the user was actually in the
Role etc.

However, I just cannot get this to work.

I am new to ASP.Net and so I don't really know where to start to look for
what the problem is?

I have gone through re-doing the project twice now and I still get the same
problem.

For info, I am using: -

- Visual Studio .Net 2005 (Professional) (up to date)
- Latest .Net installed
- Windows XP Pro
- Internet Explorer 6 (version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519) SP2

This project is actually from a training video from learnvisualstudio.net
(available also via www.asp.net). It is Lesson 09 on ASP basics. On the
video, this project works fine, but it does not on my PC.

I would very much appreciate any help or advice on this problem.

Thanks in advance.

Kind regards
Darren Brook
email: da*********@btconnect.com


Nov 2 '06 #1
Share this Question
Share on Google+
2 Replies


P: n/a
You'll have to do a bit of testing then to determine if the ReturnUrl
parameter is to a spot you want. In the login code, usually what I do is
check to ensure that 1) there is a returnUrl parameter so if not I can
redirect them to a better default spot. 2) if it does exist it doesn't
equal a page that is innappropriate for them to be redirected to (which is
your case). It sounds as if the Logout page is being protected by the login
system. This probably isn't the best way to do it since it causes exactly
this sort of problem. If you have only particular directories secured by
authentication, that can make it a lot easier to show files such as the
logout.aspx without having this login problem (and lets you show the message
that they have successfully logged out). You actually shouldn't have to
bother with any code in the securepage.aspx identifying whether the user is
logged in or not. Create a directory to place your secure pages. Then,
create a web.config for that directory and put the following:

<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</configuration>

This will tell the application that only authenticated users are allowed in
this directory. The deny ? users means anonymous and the allow * users means
authenticated. You could also deny/allow certain roles as well here.
--
Hope this helps,
Mark Fitzpatrick
Former Microsoft FrontPage MVP 199?-2006

"MS News Public" <br*****@btinternet.comwrote in message
news:Ob**************@TK2MSFTNGP02.phx.gbl...
>
Hi

I have an asp.net 2.0 project and am experiencing a problem.

In the project, I am trying to make use of Membership.

I have one Role, called "Basic User" and two users - "admin" and "test".

"admin" is a member of the Role but "test" is not.

I have only a few pages in the project at the moment: -

. SecurePage.aspx - The page I want only authenticated users that are
members of the Role to use.

. Login.aspx - Login page

. Unauthorized.aspx - Informs user that they cannot view the secure page
because of a lack of permissions

SecurePage.aspx just contains a ChangePassword control.

Unauthorized.aspx has some text and a LoginStatus control.

So in the SecurePage.aspx, I have this code to handle this: -

Protected Sub form1_Load(ByVal sender As Object, ByVal e As
System.EventArgs)

If User.Identity.IsAuthenticated = False Then
Server.Transfer("login.aspx")
End If

If Roles.IsUserInRole("Basic User") = False Then
Server.Transfer("unauthorized.aspx")
End If

End Sub

If I go to the SecurePage and am not authenticated, it transfers me to
login.aspx.

If I then login with the user "admin", which is in the Role "Basic User",
it works ok.

If I first login with "test", which is NOT in the Role, then I am
transfered to the "unauthorized.aspx" page.

Upto this point, this is fine.

However, if I click "Logout" on the LoginStatus control on the
"unauthorized" page it refreshes and changes to display "Login".

So, if I then click "Login", I am taken back to the login page. The URL
in the address bar at this point is: -

http://localhost:1489/Lesson09/login...uthorized.aspx

If I then login with using "admin" - which is a member of the Role - this
is where I get a problem.

Instead of being taken to the SecurePage.aspx as expected, I get taken
back to the "unauthorized.aspx" page.

This is obviously wrong.

Now, I know that this should work but does anybody know why it is not
working?

Is there some settings or something I need to change on my PC? Am I
missing a step or not doing something?

I've checked the obvious things - like that the user was actually in the
Role etc.

However, I just cannot get this to work.

I am new to ASP.Net and so I don't really know where to start to look for
what the problem is?

I have gone through re-doing the project twice now and I still get the
same problem.

For info, I am using: -

- Visual Studio .Net 2005 (Professional) (up to date)
- Latest .Net installed
- Windows XP Pro
- Internet Explorer 6 (version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519) SP2

This project is actually from a training video from learnvisualstudio.net
(available also via www.asp.net). It is Lesson 09 on ASP basics. On the
video, this project works fine, but it does not on my PC.

I would very much appreciate any help or advice on this problem.

Thanks in advance.

Kind regards
Darren Brook
email: da*********@btconnect.com


Nov 2 '06 #2

P: n/a
Thanks for the reply.

Do you know why the project (which you can download from www.asp.net) works
okay in the training video but not on my PC?

I am totally new to asp.net -the "ReturnUrl" in the address bar appears
after I click the LoginStatus control on the unauthorized page, when
LoginStatus displays "Login". When I click on it, it takes me back to the
login page and that's when the "ReturnUrl" appears in the address bar. I've
not set it in any properties or coded it etc.

But the "DestinationUrl" for a successful login on the actual login control
is set to the secure page. I do not understand what is happening, why the
project works in the video but not on my PC, nor how it is "supposed" to
work (which is why I am trying to go through these videos!). It is very
frustrating!

Thanks
Darren
"Mark Fitzpatrick" <ma******@fitzme.comwrote in message
news:OV**************@TK2MSFTNGP02.phx.gbl...
You'll have to do a bit of testing then to determine if the ReturnUrl
parameter is to a spot you want. In the login code, usually what I do is
check to ensure that 1) there is a returnUrl parameter so if not I can
redirect them to a better default spot. 2) if it does exist it doesn't
equal a page that is innappropriate for them to be redirected to (which is
your case). It sounds as if the Logout page is being protected by the
login system. This probably isn't the best way to do it since it causes
exactly this sort of problem. If you have only particular directories
secured by authentication, that can make it a lot easier to show files
such as the logout.aspx without having this login problem (and lets you
show the message that they have successfully logged out). You actually
shouldn't have to bother with any code in the securepage.aspx identifying
whether the user is logged in or not. Create a directory to place your
secure pages. Then, create a web.config for that directory and put the
following:

<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</configuration>

This will tell the application that only authenticated users are allowed
in this directory. The deny ? users means anonymous and the allow * users
means authenticated. You could also deny/allow certain roles as well here.
--
Hope this helps,
Mark Fitzpatrick
Former Microsoft FrontPage MVP 199?-2006

"MS News Public" <br*****@btinternet.comwrote in message
news:Ob**************@TK2MSFTNGP02.phx.gbl...
>>
Hi

I have an asp.net 2.0 project and am experiencing a problem.

In the project, I am trying to make use of Membership.

I have one Role, called "Basic User" and two users - "admin" and "test".

"admin" is a member of the Role but "test" is not.

I have only a few pages in the project at the moment: -

. SecurePage.aspx - The page I want only authenticated users that are
members of the Role to use.

. Login.aspx - Login page

. Unauthorized.aspx - Informs user that they cannot view the secure page
because of a lack of permissions

SecurePage.aspx just contains a ChangePassword control.

Unauthorized.aspx has some text and a LoginStatus control.

So in the SecurePage.aspx, I have this code to handle this: -

Protected Sub form1_Load(ByVal sender As Object, ByVal e As
System.EventArgs)

If User.Identity.IsAuthenticated = False Then
Server.Transfer("login.aspx")
End If

If Roles.IsUserInRole("Basic User") = False Then
Server.Transfer("unauthorized.aspx")
End If

End Sub

If I go to the SecurePage and am not authenticated, it transfers me to
login.aspx.

If I then login with the user "admin", which is in the Role "Basic User",
it works ok.

If I first login with "test", which is NOT in the Role, then I am
transfered to the "unauthorized.aspx" page.

Upto this point, this is fine.

However, if I click "Logout" on the LoginStatus control on the
"unauthorized" page it refreshes and changes to display "Login".

So, if I then click "Login", I am taken back to the login page. The URL
in the address bar at this point is: -

http://localhost:1489/Lesson09/login...uthorized.aspx

If I then login with using "admin" - which is a member of the Role - this
is where I get a problem.

Instead of being taken to the SecurePage.aspx as expected, I get taken
back to the "unauthorized.aspx" page.

This is obviously wrong.

Now, I know that this should work but does anybody know why it is not
working?

Is there some settings or something I need to change on my PC? Am I
missing a step or not doing something?

I've checked the obvious things - like that the user was actually in the
Role etc.

However, I just cannot get this to work.

I am new to ASP.Net and so I don't really know where to start to look for
what the problem is?

I have gone through re-doing the project twice now and I still get the
same problem.

For info, I am using: -

- Visual Studio .Net 2005 (Professional) (up to date)
- Latest .Net installed
- Windows XP Pro
- Internet Explorer 6 (version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519)
SP2

This project is actually from a training video from learnvisualstudio.net
(available also via www.asp.net). It is Lesson 09 on ASP basics. On the
video, this project works fine, but it does not on my PC.

I would very much appreciate any help or advice on this problem.

Thanks in advance.

Kind regards
Darren Brook
email: da*********@btconnect.com



Nov 2 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.