Re: DESPERATE: FormsAuthentication Problem

From: Matt Berther (mberther_at_hotmail.com)
Date: 01/11/05 

Date: Tue, 11 Jan 2005 10:00:53 -0800

Hello Jeff,

Since the sql connection strings are different (as you stated), are the databases
different (ie: is the production user really not in TestRole1 in that database)? 

--
Matt Berther
http://www.mattberther.com
> Ken,
> 
> I have verified that both machines are running the same version of the
> Framework and that the web.config files are identical (except for SQL
> connection strings). Could there possibly be something in the
> machine.config file causing this?
> 
> Jeff
> 
> "Ken Dopierala Jr." <kdopierala2@wi.rr.com> wrote in message
> news:u9GgOe39EHA.2632@TK2MSFTNGP10.phx.gbl...
> 
>> Hi Jeff,
>> 
>> I'm looking at the code and it seems just fine.  Can you check that
>> your
>> web.config file is identical between the two machines?  Also can you
>> check
>> to see if they are running the same .Net 1.1 Service Pack?  One other
>> thing
>> is can you test users that are only in 1 role each and see if that
>> makes
>> it
>> work?  These are all guess but hopefully they'll help spring up some
>> other
>> ideas.  Good luck!  Ken.
>> --
>> Ken Dopierala Jr.
>> For great ASP.Net web hosting try:
>> http://www.webhost4life.com/default.asp?refid=Spinlight
>> If you sign up under me and need help, email me.
>> "Jeff B" <jeffbrint@hotmail.com> wrote in message
>> news:ODkyNG29EHA.3124@TK2MSFTNGP11.phx.gbl...
>>> I am having a very perplexing problem with setting the user's roles.
>>> I
>>> 
>> have
>> 
>>> tried to figure this out for 2 days now.
>>> 
>>> When the user logs in to the site, I retrieve the roles from the
>>> database and create a semicolon delimited string listing the roles
>>> returned and
>>> 
>> store
>> 
>>> them in the forms authentication cookie. Then in the global.asax
>>> Application_AuthenticateRequest, I retrieve the
>>> FormsAuthenticationTicket from the forms authentication cookie,
>>> create a new FormsIdentity object, then create a new
>>> GenericPrincipal object passing in the FormsIdentity object and
>>> roles, and set the User to the new principal object.
>>> 
>>> Now, when I check to see if
>>> 
>> HttpContext.Current.User.IsInRole("TestRole1"),
>> 
>>> I get different results from two different machines.
>>> 
>>> On my development machine, this works great.
>>> (As you can see from the code below) It returns:
>>> User is in TestRole1: True
>>> TestRole1;TestRole2;TestRole3
>>> On my production machine, this doesn't work.
>>> (As you can see from the code below) It returns:
>>> User is in TestRole1: False
>>> TestRole1;TestRole2;TestRole3
>>> The user is Authenticated and the roles are being set in
>>> FormsAuthenticationTicket correctly. As far as I can tell, the two
>>> 
>> machines
>> 
>>> are set up the same:
>>> Development machine:
>>> WinXP SP2, .NET Framework v1.1, IIS 5.1
>>> Production machine:
>>> Win2000 SP4, .NET Framework v1.1, IIS 5.0 (I think?)
>>> I am desperately needing some insight into the problem. Does anyone
>>> have
>>> 
>> any
>> 
>>> idea as to what might be causing this? Is it a setting I forgot? I
>>> have
>>> 
>> list
>> 
>>> some code that I am using below, to see if that helps.
>>> 
>>> ========================================
>>> In my Login.aspx page, I have this code:
>>> ' Get ";" delimited string of the user's roles from the database Dim
>>> roles As String = myFunctionToGetRoles(userID)
>>> 
>>> ' Create the authentication ticket
>>> Dim authTicket As FormsAuthenticationTicket = New
>>> FormsAuthenticationTicket(1, userName, DateTime.Now,
>>> DateTime.Now.AddMinutes(30), False, roles)
>>> ' Now encrypt the ticket
>>> Dim encryptedTicket As String =
>>> FormsAuthentication.Encrypt(authTicket)
>>> ' Create a cookie and add the encrypted ticket to the cookie as data
>>> Dim authCookie As HttpCookie = New
>>> HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
>>> 
>>> ' Add the cookie to the outgoing cookies collection
>>> Response.Cookies.Add(authCookie)
>>> 
>>> ' Redirect to the Authenticated page to avoid the misleading
>>> Security
>>> 
>> Alert
>> 
>>> message box from popping up
>>> Response.Redirect("Authenticated.aspx?ReturnUrl=" &
>>> Request.QueryString.Item("ReturnUrl"), True)
>>> 
>>> In my Global.asax, I have this code:
>>> 
>>> Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e
>>> As
>>> EventArgs)
>>> ' Fires upon attempting to authenticate the user
>>> ' Extract the forms authentication cookie
>>> Dim authCookie As HttpCookie =
>>> Context.Request.Cookies(FormsAuthentication.FormsCookieName)
>>> If authCookie Is Nothing Then
>>> ' There is no authentication cookie
>>> Exit Sub
>>> End If
>>> Dim authTicket As FormsAuthenticationTicket
>>> Try
>>> authTicket = FormsAuthentication.Decrypt(authCookie.Value)
>>> Catch ex As Exception
>>> ' Log exception details omitted for simplicity
>>> Exit Sub
>>> End Try
>>> If authTicket Is Nothing Then
>>> ' Cookie failed to decrypt
>>> Exit Sub
>>> End If
>>> ' When the ticked was created, the UserData property was ' assigned
>>> a semicolon delimited string of role names. Dim roles As String() =
>>> authTicket.UserData.Split(";"c)
>>> 
>>> ' Create an Identity object
>>> Dim id As FormsIdentity = New FormsIdentity(authTicket)
>>> ' This principal will flow throughout the request
>>> Dim principal As GenericPrincipal = New GenericPrincipal(id, roles)
>>> ' Attach the new principal object to the current HttpContext object
>>> Context.User = principal
>>> 
>>> End Sub
>>> 
>>> And on my Default.aspx page, I test the roles with this code:
>>> ' Test the User's Roles
>>> Dim curUser As System.Security.Principal.IPrincipal =
>>> HttpContext.Current.User
>>> If curUser.Identity.IsAuthenticated Then
>>> If thisUser.IsInRole("TestRole1") Then
>>> lblMessage.Text = "User is in TestRole1: True"
>>> Else
>>> lblMessage.Text = "User is in TestRole1: False"
>>> End If
>>> Dim id As FormsIdentity = CType(HttpContext.Current.User.Identity,
>>> FormsIdentity)
>>> Dim ticket As FormsAuthenticationTicket = id.Ticket
>>> ' Get the stored user-data, in this case, our roles
>>> ' stored in the User.Identity, and display them
>>> lblMessage.Text += "<br>" + ticket.UserData
>>> End If
>>> Thanks to everyone in advance,
>>> Jeff

Relevant Pages

  • Re: DESPERATE: FormsAuthentication Problem
    ... > them in the forms authentication cookie. ... > ' Get ";" delimited string of the user's roles from the database ... > Dim authTicket As FormsAuthenticationTicket = New ...
    (microsoft.public.dotnet.framework.aspnet)
  • DESPERATE: FormsAuthentication Problem
    ... them in the forms authentication cookie. ... from the forms authentication cookie, create a new FormsIdentity object, ... ' Get ";" delimited string of the user's roles from the database ... Dim authTicket As FormsAuthenticationTicket = New ...
    (microsoft.public.dotnet.framework.aspnet)
  • DESPERATE: FormsAuthentication Problem
    ... them in the forms authentication cookie. ... from the forms authentication cookie, create a new FormsIdentity object, ... ' Get ";" delimited string of the user's roles from the database ... Dim authTicket As FormsAuthenticationTicket = New ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Ticket disappears when browser is closed
    ... be careful - if the cookie is save to the users harddrive - anyone who has access to that directory can grab the cookie and bypass authentication. ... Dim New DatabaseUser ... Dim userData As String = DatabaseUser.UserData ... ByVal PersonID As Integer, ByVal roles As String) ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Cannot retrieve UserData in Forms Authentication
    ... and am getting user data back from the cookie. ... I assume your setting the ticket in a login page. ... >Dim authTicket As New FormsAuthenticationTicket(1, ... >Dim encryptedTicket As String = ...
    (microsoft.public.dotnet.framework.aspnet.security)