asp.net problem

>
Hi

I have an asp.net 2.0 project and am experiencing a problem.

In the project, I am trying to make use of Membership.

I have one Role, called "Basic User" and two users - "admin" and "test".

"admin" is a member of the Role but "test" is not.

I have only a few pages in the project at the moment: -

. SecurePage.aspx - The page I want only authenticated users that are
members of the Role to use.

. Login.aspx - Login page

. Unauthorized.aspx - Informs user that they cannot view the secure page
because of a lack of permissions

SecurePage.aspx just contains a ChangePassword control.

Unauthorized.aspx has some text and a LoginStatus control.

So in the SecurePage.aspx, I have this code to handle this: -

Protected Sub form1_Load(ByVal sender As Object, ByVal e As
System.EventArgs)

If User.Identity.IsAuthenticated = False Then
Server.Transfer("login.aspx")
End If

If Roles.IsUserInRole("Basic User") = False Then
Server.Transfer("unauthorized.aspx")
End If

End Sub

If I go to the SecurePage and am not authenticated, it transfers me to
login.aspx.

If I then login with the user "admin", which is in the Role "Basic User",
it works ok.

If I first login with "test", which is NOT in the Role, then I am
transfered to the "unauthorized.aspx" page.

Upto this point, this is fine.

However, if I click "Logout" on the LoginStatus control on the
"unauthorized" page it refreshes and changes to display "Login".

So, if I then click "Login", I am taken back to the login page. The URL
in the address bar at this point is: -

http://localhost:1489/Lesson09/login...uthorized.aspx

If I then login with using "admin" - which is a member of the Role - this
is where I get a problem.

Instead of being taken to the SecurePage.aspx as expected, I get taken
back to the "unauthorized.aspx" page.

This is obviously wrong.

Now, I know that this should work but does anybody know why it is not
working?

Is there some settings or something I need to change on my PC? Am I
missing a step or not doing something?

I've checked the obvious things - like that the user was actually in the
Role etc.

However, I just cannot get this to work.

I am new to ASP.Net and so I don't really know where to start to look for
what the problem is?

I have gone through re-doing the project twice now and I still get the
same problem.

For info, I am using: -

- Visual Studio .Net 2005 (Professional) (up to date)
- Latest .Net installed
- Windows XP Pro
- Internet Explorer 6 (version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519) SP2

This project is actually from a training video from learnvisualstudio.net
(available also via www.asp.net). It is Lesson 09 on ASP basics. On the
video, this project works fine, but it does not on my PC.

I would very much appreciate any help or advice on this problem.

Thanks in advance.

Kind regards
Darren Brook
email: da*********@btconnect.com

You'll have to do a bit of testing then to determine if the ReturnUrl
parameter is to a spot you want. In the login code, usually what I do is
check to ensure that 1) there is a returnUrl parameter so if not I can
redirect them to a better default spot. 2) if it does exist it doesn't
equal a page that is innappropriate for them to be redirected to (which is
your case). It sounds as if the Logout page is being protected by the
login system. This probably isn't the best way to do it since it causes
exactly this sort of problem. If you have only particular directories
secured by authentication, that can make it a lot easier to show files
such as the logout.aspx without having this login problem (and lets you
show the message that they have successfully logged out). You actually
shouldn't have to bother with any code in the securepage.aspx identifying
whether the user is logged in or not. Create a directory to place your
secure pages. Then, create a web.config for that directory and put the
following:

<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</configuration>

This will tell the application that only authenticated users are allowed
in this directory. The deny ? users means anonymous and the allow * users
means authenticated. You could also deny/allow certain roles as well here.
--
Hope this helps,
Mark Fitzpatrick
Former Microsoft FrontPage MVP 199?-2006

"MS News Public" <br*****@btinternet.comwrote in message
news:Ob**************@TK2MSFTNGP02.phx.gbl...

>>
Hi

I have an asp.net 2.0 project and am experiencing a problem.

In the project, I am trying to make use of Membership.

I have one Role, called "Basic User" and two users - "admin" and "test".

"admin" is a member of the Role but "test" is not.

I have only a few pages in the project at the moment: -

. SecurePage.aspx - The page I want only authenticated users that are
members of the Role to use.

. Login.aspx - Login page

. Unauthorized.aspx - Informs user that they cannot view the secure page
because of a lack of permissions

SecurePage.aspx just contains a ChangePassword control.

Unauthorized.aspx has some text and a LoginStatus control.

So in the SecurePage.aspx, I have this code to handle this: -

Protected Sub form1_Load(ByVal sender As Object, ByVal e As
System.EventArgs)

If User.Identity.IsAuthenticated = False Then
Server.Transfer("login.aspx")
End If

If Roles.IsUserInRole("Basic User") = False Then
Server.Transfer("unauthorized.aspx")
End If

End Sub

If I go to the SecurePage and am not authenticated, it transfers me to
login.aspx.

If I then login with the user "admin", which is in the Role "Basic User",
it works ok.

If I first login with "test", which is NOT in the Role, then I am
transfered to the "unauthorized.aspx" page.

Upto this point, this is fine.

However, if I click "Logout" on the LoginStatus control on the
"unauthorized" page it refreshes and changes to display "Login".

So, if I then click "Login", I am taken back to the login page. The URL
in the address bar at this point is: -

http://localhost:1489/Lesson09/login...uthorized.aspx

If I then login with using "admin" - which is a member of the Role - this
is where I get a problem.

Instead of being taken to the SecurePage.aspx as expected, I get taken
back to the "unauthorized.aspx" page.

This is obviously wrong.

Now, I know that this should work but does anybody know why it is not
working?

Is there some settings or something I need to change on my PC? Am I
missing a step or not doing something?

I've checked the obvious things - like that the user was actually in the
Role etc.

However, I just cannot get this to work.

I am new to ASP.Net and so I don't really know where to start to look for
what the problem is?

I have gone through re-doing the project twice now and I still get the
same problem.

For info, I am using: -

- Visual Studio .Net 2005 (Professional) (up to date)
- Latest .Net installed
- Windows XP Pro
- Internet Explorer 6 (version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519)
SP2

This project is actually from a training video from learnvisualstudio.net
(available also via www.asp.net). It is Lesson 09 on ASP basics. On the
video, this project works fine, but it does not on my PC.

I would very much appreciate any help or advice on this problem.

Thanks in advance.

Kind regards
Darren Brook
email: da*********@btconnect.com