473,378 Members | 1,454 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > problems with custom roleprovider and forms authentication

Join Bytes to post your question to a community of 473,378 software developers and data experts.

Problems With Custom RoleProvider and Forms Authentication

Hello Developers!

I have an interesting problem using my custom MembershipProvider,
RoleProvider and Forms Authentication.

Both MembershipProvider and RoleProvider require session state, where some
very important context data are stored during the Session_Start event. My
MembershipProvider and RoleProvider depend on this information.

It seems that authentication process works with no problems.
However, during the later authorization phase session state is not
available!

I found that during the login process, after a user presses the "Login"
button, events occur in the following order:

1. Application_AuthenticateRequest event fires
2. Application_AcquireRequestState event fires
3. MembershipProvider.ValidateUser() gets called
4. Application_AuthenticateRequest event fires
5. RoleProvider.GetRolesForUser() gets called

For any reason, AcquireRequestState does not fire after AuthenticateRequest
event, but before RoleProvider.GetRolesForUser() method gets called.

Is there any, even tricky, way session state can be forced to restore before
authorization?

Thank you for any hints.

Tomasz
Mar 17 '07 #1
8 5240
Hi Tomasz,

From your description, you're developing your custom Membership and role
provider which will rely on some state information(stored in sessionstate),
however, you found the certain Application processing event doesn't get
fired in the expected sequence and the SessionData is not correctly
accessed, correct?

According to the behavior, it is the expected one due to the ASP.NET
request's server-side processing pipeline. You can refer to the following
MSDN reference about the application processing sequence(the order of those
events in server-side pipeline):
#ASP.NET Application Life Cycle Overview
http://msdn2.microsoft.com/en-us/library/ms178473.aspx

Application_AcquireRequest event does occur after
Application_AuthenticationRequest and Application_AuthorizeRequest events.
Actually, session state will be loaded only after the httphandler(used to
process the request) has been determined.

Also, one important thing is that ASP.NET Forms Authentication's user
ticket is not designed to match a session state token. For example, a user
open two browsers on client may have two different session while it can
hold the login state of a single user (against server-side forms
authentication). Would you provide some further information or code logic
on how your custom membership/role provider will rely on those stateful
data? We can try looking for some other approach to hold such state data.

Please feel free to let me know if there is anything I missed or if you
have any other concerns here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


Mar 19 '07 #2
Hi Tomasz,

How are you doing on this issue, have you got any progress or does the
information in my last reply helps you a little? If there is anything else
we can help, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

Mar 21 '07 #3
Hello Steven,

In addition to SessionState I keep some of my session context data in
FormsAuthenticationTicket.UserData, so it is available during authorization.
It is not a perfect solution, but it works.

Sincerely,

Tomasz

"Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
news:wL**************@TK2MSFTNGHUB02.phx.gbl...
Hi Tomasz,

How are you doing on this issue, have you got any progress or does the
information in my last reply helps you a little? If there is anything
else
we can help, please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no
rights.

Mar 21 '07 #4
Thanks for your followup Tomasz,

Yes, the FormsAuthenticationTicket.UserData is a reasonable storage for
caching some small and simple data which need to keep between multiple
requests of an authenticated user context. Also, since this data will be
available right after the server-side get the Ticket from client cookie, it
is safe to use it at the ealier stage of server-side processing
pipeline(compare to other storage such as session or profile service).

Anyway, if you meet any new problem or have anything else we can help,
please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

Mar 22 '07 #5
Hello Steven,

The only problem with this approach I noticed so far is that
CreateUserWizard control clears FormsAuthenticationTicket.UserData after
when user gets created.
How, why, what for? - I have neither clue not time to further investigate.

Sincerely,

Tomasz

"Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
news:IX**************@TK2MSFTNGHUB02.phx.gbl...
Thanks for your followup Tomasz,

Yes, the FormsAuthenticationTicket.UserData is a reasonable storage for
caching some small and simple data which need to keep between multiple
requests of an authenticated user context. Also, since this data will be
available right after the server-side get the Ticket from client cookie,
it
is safe to use it at the ealier stage of server-side processing
pipeline(compare to other storage such as session or profile service).

Anyway, if you meet any new problem or have anything else we can help,
please feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no
rights.

Mar 22 '07 #6
Thanks for your reply Tomasz,

For the behavior that CreateUserWizard clear the current
FormsAuthenticaitonTicket, here is the answer:

CreateUserWizard control has a property named "LoginCreatedUser", this is
set to "true" by default. Thus, whenver you succesfully create a new user,
the CreateuserWizard will use the following code to login:

FormsAuthentication.SetAuthCookie(this.UserNameInt ernal, false);

Thus, the original forms Authenteication context(Ticket) is
replaced(UserData is lost).

#CreateUserWizard.LoginCreatedUser Property
http://msdn2.microsoft.com/en-us/lib...rols.createuse
rwizard.logincreateduser.aspx

You can set this property to "false" so as to make it not automatically
login the new created user.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

Mar 23 '07 #7
Thanks a lot!
Tomasz

"Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
news:hs**************@TK2MSFTNGHUB02.phx.gbl...
Thanks for your reply Tomasz,

For the behavior that CreateUserWizard clear the current
FormsAuthenticaitonTicket, here is the answer:

CreateUserWizard control has a property named "LoginCreatedUser", this is
set to "true" by default. Thus, whenver you succesfully create a new user,
the CreateuserWizard will use the following code to login:

FormsAuthentication.SetAuthCookie(this.UserNameInt ernal, false);

Thus, the original forms Authenteication context(Ticket) is
replaced(UserData is lost).

#CreateUserWizard.LoginCreatedUser Property
http://msdn2.microsoft.com/en-us/lib...rols.createuse
rwizard.logincreateduser.aspx

You can set this property to "false" so as to make it not automatically
login the new created user.

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no
rights.

Mar 24 '07 #8
You're welcome!

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

Mar 26 '07 #9
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Built-in controls with custom providers
by: John | last post by:
Hi I have created custom membership/role/profile providers as per the web.config below. My questions are; 1. Have I defined them correctly? 2. How can I make the Login and Create User...
ASP.NET
4
How to Remote a custom membership or profile provider ???
by: techsupport | last post by:
I have some experience with .NET Remoting, as well as ASP.NET 2.0, and have been wanting to remote a custom membership and profile provider. I want to take advantage of the new controls in ASP.NET...
ASP.NET
1
MembershipProvider/RoleProvider Problems
by: Mark Olbert | last post by:
I've written a custom MembershipProvider and a custom RoleProvider, and am trying to get them to work with the ASP.NET Configuration tool. Which is a royal pain in the butt, because there doesn't...
ASP.NET
1
Custom login will not work
by: Jakob Lithner | last post by:
When I started a new ASP project I was eager to use the login facilities offered in Framework 2.0/VS 2005. I wanted: - A custom principal that could hold my integer UserID from the database -...
ASP.NET
1
Problem with Login Control and Custom Membership provider
by: =?ISO-8859-1?Q?Carlos_Guzm=E1n_=C1lvarez?= | last post by:
Hello: I have custom Membership and Role providers for an ASP.NET application, the problem comes when the Authentication gets done ( and i'm using the Login control, it finished properly ) but...
ASP.NET
5
Custom Role Provider give "can't load type error"
by: Alias | last post by:
Hi - I'm trying to implement a custom RoleProvider based on the SqlRoleProvider. I keep receiving a an error that it can't load type 'MyRoleTest.MyRoleProvider' when trying to load my...
ASP.NET
6
RoleProvider Capturing Authentication Events
by: =?Utf-8?B?Q2h1Y2sgUA==?= | last post by:
I have a Role Provider with a subdirectory protected via the web.config. Forms authentication is used. If a person who is not in the role tries to access a page in the directory, the browser is...
ASP.NET
7
Custom role provider not working
by: Tom Van den Brandt | last post by:
Hi all! I'm trying to implement a custom roleprovider in asp.net. The new roleprovider works fine when I access it programmaticaly. However, it doesn't seem to work with the standard controls....
ASP.NET
0
ASP.NET and hosting problems
by: senglory | last post by:
I wrote in web.config the following lines: <system.web> <customErrors mode="Off"/> </system.web>
ASP.NET
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!