Re: DESPERATE: FormsAuthentication Problem
From: Ken Dopierala Jr. (kdopierala2_at_wi.rr.com)
Date: 01/11/05
- Next message: Teemu Keiski: "Re: ASP.NET WP memory consumption problem & debugging on AppDomain bas"
- Previous message: Curt_C [MVP]: "Re: vs.net 2003 or whidbey?"
- In reply to: Jeff B: "Re: DESPERATE: FormsAuthentication Problem"
- Next in thread: Matt Berther: "Re: DESPERATE: FormsAuthentication Problem"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 11 Jan 2005 11:52:34 -0600
Hi Jeff,
I don't know much about the machine.config. I searched and the only thing I
found was that the IsInRole will fail when the list of roles is more than
2048 bytes but that doesn't seem to apply to you. It doesn't seem to be a
permission thing because you are being authenticated. I wish I could help
but I'm out of ideas. The best thing I can recommend is maybe try the
microsoft.public.dotnet.framework.aspnet.security newsgroup. I think that
is where I found the 2048 byte limit thing but I don't remember what version
of the framework it applies to and it doesn't even look to affect you. I
hope you find an answer. This is a strange one. The only thing I can think
of trying is instead of creating your roles from the DB and using Split try
to hardcode a 3 element string array just for fun and see if that changes
things. If not then it probably has nothing to do with string functions and
is definitely something deeper. Ken.
"Jeff B" <jeffbrint@hotmail.com> wrote in message
news:OHawex%239EHA.3700@tk2msftngp13.phx.gbl...
> Ken,
>
> I have verified that both machines are running the same version of the
> Framework and that the web.config files are identical (except for SQL
> connection strings). Could there possibly be something in the
machine.config
> file causing this?
>
> Jeff
>
>
> "Ken Dopierala Jr." <kdopierala2@wi.rr.com> wrote in message
> news:u9GgOe39EHA.2632@TK2MSFTNGP10.phx.gbl...
> > Hi Jeff,
> >
> > I'm looking at the code and it seems just fine. Can you check that your
> > web.config file is identical between the two machines? Also can you
check
> > to see if they are running the same .Net 1.1 Service Pack? One other
> > thing
> > is can you test users that are only in 1 role each and see if that makes
> > it
> > work? These are all guess but hopefully they'll help spring up some
other
> > ideas. Good luck! Ken.
> >
> > --
> > Ken Dopierala Jr.
> > For great ASP.Net web hosting try:
> > http://www.webhost4life.com/default.asp?refid=Spinlight
> > If you sign up under me and need help, email me.
> >
> > "Jeff B" <jeffbrint@hotmail.com> wrote in message
> > news:ODkyNG29EHA.3124@TK2MSFTNGP11.phx.gbl...
> >> I am having a very perplexing problem with setting the user's roles. I
> > have
> >> tried to figure this out for 2 days now.
> >>
> >> When the user logs in to the site, I retrieve the roles from the
database
> >> and create a semicolon delimited string listing the roles returned and
> > store
> >> them in the forms authentication cookie. Then in the global.asax
> >> Application_AuthenticateRequest, I retrieve the
FormsAuthenticationTicket
> >> from the forms authentication cookie, create a new FormsIdentity
object,
> >> then create a new GenericPrincipal object passing in the FormsIdentity
> >> object and roles, and set the User to the new principal object.
> >>
> >> Now, when I check to see if
> > HttpContext.Current.User.IsInRole("TestRole1"),
> >> I get different results from two different machines.
> >>
> >> On my development machine, this works great.
> >> (As you can see from the code below) It returns:
> >> User is in TestRole1: True
> >> TestRole1;TestRole2;TestRole3
> >>
> >> On my production machine, this doesn't work.
> >> (As you can see from the code below) It returns:
> >> User is in TestRole1: False
> >> TestRole1;TestRole2;TestRole3
> >>
> >> The user is Authenticated and the roles are being set in
> >> FormsAuthenticationTicket correctly. As far as I can tell, the two
> > machines
> >> are set up the same:
> >> Development machine:
> >> WinXP SP2, .NET Framework v1.1, IIS 5.1
> >> Production machine:
> >> Win2000 SP4, .NET Framework v1.1, IIS 5.0 (I think?)
> >>
> >> I am desperately needing some insight into the problem. Does anyone
have
> > any
> >> idea as to what might be causing this? Is it a setting I forgot? I have
> > list
> >> some code that I am using below, to see if that helps.
> >>
> >> ========================================
> >> In my Login.aspx page, I have this code:
> >>
> >> ' Get ";" delimited string of the user's roles from the database
> >> Dim roles As String = myFunctionToGetRoles(userID)
> >>
> >> ' Create the authentication ticket
> >> Dim authTicket As FormsAuthenticationTicket = New
> >> FormsAuthenticationTicket(1, userName, DateTime.Now,
> >> DateTime.Now.AddMinutes(30), False, roles)
> >>
> >> ' Now encrypt the ticket
> >> Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)
> >>
> >> ' Create a cookie and add the encrypted ticket to the cookie as data
> >> Dim authCookie As HttpCookie = New
> >> HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
> >>
> >> ' Add the cookie to the outgoing cookies collection
> >> Response.Cookies.Add(authCookie)
> >>
> >> ' Redirect to the Authenticated page to avoid the misleading Security
> > Alert
> >> message box from popping up
> >> Response.Redirect("Authenticated.aspx?ReturnUrl=" &
> >> Request.QueryString.Item("ReturnUrl"), True)
> >>
> >>
> >> In my Global.asax, I have this code:
> >>
> >> Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
> >> EventArgs)
> >> ' Fires upon attempting to authenticate the user
> >>
> >> ' Extract the forms authentication cookie
> >> Dim authCookie As HttpCookie =
> >> Context.Request.Cookies(FormsAuthentication.FormsCookieName)
> >>
> >> If authCookie Is Nothing Then
> >> ' There is no authentication cookie
> >> Exit Sub
> >> End If
> >>
> >> Dim authTicket As FormsAuthenticationTicket
> >> Try
> >> authTicket = FormsAuthentication.Decrypt(authCookie.Value)
> >> Catch ex As Exception
> >> ' Log exception details omitted for simplicity
> >> Exit Sub
> >> End Try
> >>
> >> If authTicket Is Nothing Then
> >> ' Cookie failed to decrypt
> >> Exit Sub
> >> End If
> >>
> >> ' When the ticked was created, the UserData property was
> >> ' assigned a semicolon delimited string of role names.
> >> Dim roles As String() = authTicket.UserData.Split(";"c)
> >>
> >> ' Create an Identity object
> >> Dim id As FormsIdentity = New FormsIdentity(authTicket)
> >>
> >> ' This principal will flow throughout the request
> >> Dim principal As GenericPrincipal = New GenericPrincipal(id, roles)
> >>
> >> ' Attach the new principal object to the current HttpContext object
> >> Context.User = principal
> >>
> >> End Sub
> >>
> >> And on my Default.aspx page, I test the roles with this code:
> >> ' Test the User's Roles
> >> Dim curUser As System.Security.Principal.IPrincipal =
> >> HttpContext.Current.User
> >> If curUser.Identity.IsAuthenticated Then
> >> If thisUser.IsInRole("TestRole1") Then
> >> lblMessage.Text = "User is in TestRole1: True"
> >> Else
> >> lblMessage.Text = "User is in TestRole1: False"
> >> End If
> >>
> >> Dim id As FormsIdentity = CType(HttpContext.Current.User.Identity,
> >> FormsIdentity)
> >> Dim ticket As FormsAuthenticationTicket = id.Ticket
> >> ' Get the stored user-data, in this case, our roles
> >> ' stored in the User.Identity, and display them
> >> lblMessage.Text += "<br>" + ticket.UserData
> >> End If
> >>
> >>
> >> Thanks to everyone in advance,
> >> Jeff
> >>
> >>
> >
> >
>
>
- Next message: Teemu Keiski: "Re: ASP.NET WP memory consumption problem & debugging on AppDomain bas"
- Previous message: Curt_C [MVP]: "Re: vs.net 2003 or whidbey?"
- In reply to: Jeff B: "Re: DESPERATE: FormsAuthentication Problem"
- Next in thread: Matt Berther: "Re: DESPERATE: FormsAuthentication Problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
