473,320 Members | 2,000 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Roles not loaded at in LoggedIn event

I've a simple asp.net applicaiton in which I'm using the login control.

I trap the LoggedIn event and then decide which pages to redirect the user
to based on their role.

The problem is that no roles appear to be loaded at this point.

Curiously, if I login twice, the second time the roles are available and in
general if I log in then the roles shown seem to be for the PREVIOUS login.

I can find no way to force the reloading of roles and I have no idea what is
happening here despite some hours spent scouring the net!

No doubt it is obvious, but sadly, not to me!

Iain
Mar 8 '07 #1
6 1655


"Iain" wrote:
I've a simple asp.net applicaiton in which I'm using the login control.

I trap the LoggedIn event and then decide which pages to redirect the user
to based on their role.

The problem is that no roles appear to be loaded at this point.
Does anyone have any ideas about this? It would seem that I'm either doing
something terribly stupid or there is a serious flaw in the way in which the
Roles are handled. I prefer the first option (<g>), but I can't see it!
Iain
Mar 15 '07 #2
I've never used the login control, but presumably the onus is on you to get
the roles. A quick look at the help for the login control doesn't show that
it provides any features such as role retrieval.

Roles could, for example, be stored in an RDBMS or in some sort of Directory
Service, or in an XML file or even in a text file. How have you arranged
for the roles to be retrieve?

HTH
Peter

"Iain" <Ia**@discussions.microsoft.comwrote in message
news:E9**********************************@microsof t.com...
>

"Iain" wrote:
>I've a simple asp.net applicaiton in which I'm using the login control.

I trap the LoggedIn event and then decide which pages to redirect the
user
to based on their role.

The problem is that no roles appear to be loaded at this point.
Does anyone have any ideas about this? It would seem that I'm either
doing
something terribly stupid or there is a serious flaw in the way in which
the
Roles are handled. I prefer the first option (<g>), but I can't see it!
Iain

Mar 15 '07 #3


"Peter Bradley" wrote:
I've never used the login control, but presumably the onus is on you to get
the roles. A quick look at the help for the login control doesn't show that
it provides any features such as role retrieval.
Hi, Peter.

YOu will see from my first post that a resubmit of the login page picks up
the roles correctly. The roles are present in the same SQLExpress database
as the users.

The symptoms are as if the roles are not loaded until after the LoggedIn
event is called, which is plain bizzare.

Iain
Mar 15 '07 #4
Where is your code that loads the roles?
Peter

"Iain" <Ia**@discussions.microsoft.comwrote in message
news:F5**********************************@microsof t.com...
>

"Peter Bradley" wrote:
>I've never used the login control, but presumably the onus is on you to
get
the roles. A quick look at the help for the login control doesn't show
that
it provides any features such as role retrieval.

Hi, Peter.

YOu will see from my first post that a resubmit of the login page picks up
the roles correctly. The roles are present in the same SQLExpress
database
as the users.

The symptoms are as if the roles are not loaded until after the LoggedIn
event is called, which is plain bizzare.

Iain

Mar 15 '07 #5
Just had a look at the help for the control:
<quote>
Notes to Implementers Custom authentication schemes should set the
Authenticated property to true to indicate that a user has been
authenticated. When a user submits his or her login information, the Login
control first raises the LoggingIn event, then the Authenticate event, and
finally the LoggedIn event.

</quote>

So, if it were me, I'd retrieve the roles in the Authenticate event. Since
we use Forms authentication, I'd then store them as a delimited string in a
FormsAuthenticationTicket, which I'd then encrypt and store in a cookie.
The Application_AuthenticateRequest event handler can then retrieve and
decrypt the cookie, get the roles stored and put them into an Identity
object in a Principal object.

HTH

Peter

"Iain" <Ia**@discussions.microsoft.comwrote in message
news:F5**********************************@microsof t.com...
>

"Peter Bradley" wrote:
>I've never used the login control, but presumably the onus is on you to
get
the roles. A quick look at the help for the login control doesn't show
that
it provides any features such as role retrieval.

Hi, Peter.

YOu will see from my first post that a resubmit of the login page picks up
the roles correctly. The roles are present in the same SQLExpress
database
as the users.

The symptoms are as if the roles are not loaded until after the LoggedIn
event is called, which is plain bizzare.

Iain

Mar 15 '07 #6


"Peter Bradley" wrote:
Just had a look at the help for the control:
<quote>
Notes to Implementers Custom authentication schemes should set the
Authenticated property to true to indicate that a user has been
authenticated. When a user submits his or her login information, the Login
control first raises the LoggingIn event, then the Authenticate event, and
finally the LoggedIn event.

</quote>

So, if it were me, I'd retrieve the roles in the Authenticate event. Since
we use Forms authentication, I'd then store them as a delimited string in a
FormsAuthenticationTicket, which I'd then encrypt and store in a cookie.
The Application_AuthenticateRequest event handler can then retrieve and
decrypt the cookie, get the roles stored and put them into an Identity
object in a Principal object.
Hi, Peter.

I'm not using custom authentication and as I'm checking roles (with
User.IsInRole("MyRole")) in the LoggedIn Event this should be equivalent to
doing it in the Authenticated event. I've worked around this, by not
checking the role in the login form, but rather redirecting the form to a
holding page, checking there for the role (which works) and then redirecting
again if need be.

I would have to regard this as a bug. It's not the way I would expect it to
work.

Other oddities I've picked up (which I think are plain wrong!) are..

If you login without first logging out, the login does not work. YOu remain
logged in as the previous user.

If you login as a new user, the session is not restarted.

My work around is to use FormsAuthentication.SignOut() to force a log off
(why is this not part of the Membership class?) and also to clear the session
in the LogginIn event.

Dear Microsoft, a spoonful of documentation would have saved me a
considerable time of messing around.

Iain
Mar 16 '07 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Peter Morris [Air Software Ltd] | last post by:
Hi I validate the username/password and then execute the following code System.Web.Security.FormsAuthentication.RedirectFromLoginPage( authorId, RememberCheckBox.Checked ); One folder I...
7
by: Matthias S. | last post by:
Hi, here is what I'm trying to do: I have a virtual directory called "WebApp". Under this one I've got 2 physical directories called "Customers" and "Admins". I implemented Forms-based...
1
by: Dave | last post by:
I'm using code similar to below. Is there a way to check if the Current.User object has roles assigned already. This event fires on every page request and I only need to have it fired once since...
3
by: VB Programmer | last post by:
I am using the Login control with ASP.NET 2.0. I want the redirect page to go to a page BASED on the role the user is in. Here's my code: Protected Sub Login1_LoggedIn(ByVal sender As Object,...
5
by: Shimon Sim | last post by:
I am working with LogIn control and need to set some property for profile after user is authenticated. I thought that LoggedIn event is the right place but system tells me that the property can't...
2
by: Jav | last post by:
I need to get at the ProviderUserKey of the logged in user. I would have thought that I could do something like: Dim u As MembershipUser = Membership.GetUser Dim ProvKey as Guid =...
1
by: Rusty Hill | last post by:
My site does not allow anonymous users. After a user has logged in and been authenticated I need to access some information in their profile object. I thought I would do this in the LoggedIn...
4
by: alexandis | last post by:
I extended Membership provider, put Login box onto the page, associated it with my provider. After successful login I need to redirect user based on one of the fields in my Logins (Users) table -...
2
by: Jonathan Wood | last post by:
I've set up ASP.NET membership. I can get the role(s) of the current user by calling Roles.GetRolesForUser(). It seems like it would be a good idea to store some role-specific calculations in...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.