Re: Strange Role-Based authentication problem!
- From: Brock Allen <ballen@xxxxxxxxxxxxxxxxx>
- Date: Mon, 25 Apr 2005 14:44:11 -0700
I'd run Trace=true on your page to see if you're getting two ASP.NET forms authentication cookies. Since you're setting the cookie manually and then callings FormsAuth.SetAuthCookie, it's also adding in its own cookie.
-Brock DevelopMentor http://staff.develop.com/ballen
I was making a role-based authentication but it does't login with correct password.
the HttpContext.Current.User recieved in Global.asax is always null. Request.IsAuthenticated is always false.
in the cs files, i write the code below
protected void SubmitBtn_Click(Object sender, EventArgs e) { if (Authenticate(UserName.Text, Password.Text)) { FormsAuthentication.Initialize(); SqlConnection dsn = new SqlConnection(ConfigurationSettings.AppSettings["conn"]); string SqlStr = "select IsAdmin from systeacherList where teacherAccount = @UserId"; SqlCommand myCommand = new SqlCommand(SqlStr,dsn); dsn.Open(); SqlParameter myUserId = new SqlParameter("@UserId", SqlDbType.NVarChar, 20); myUserId.Value = UserName.Text.Trim(); myCommand.Parameters.Add(myUserId); bool bIsAdmin = Convert.ToBoolean(myCommand.ExecuteScalar().ToString()); dsn.Close(); string strRole = ""; string strDefault = ""; if(bIsAdmin) { strRole = "Admin"; strDefault = "/iPage/Admin/adminindex.aspx"; } else { strRole = "Teacher"; strDefault = "/iPage/Admin/digitaladmin.aspx"; Session["TeacherID"]=teacherID; } //The AddMinutes determines how long the user will be logged in after leaving //the site if he doesn't log off. FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, UserName.Text, DateTime.Now, DateTime.Now.AddMinutes(30), true, strRole, FormsAuthentication.FormsCookiePath); HttpContext.Current.Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(fat))); FormsAuthentication.SetAuthCookie(UserName.Text,true); //Cache.Add(UserName.Text,strRole,null,DateTime.MaxValue,TimeSpan.From Hours(1),CacheItemPriority.BelowNormal,null); string strRedirect = FormsAuthentication.GetRedirectUrl(UserName.Text,true); if(strRedirect=="/iPage/default.aspx") Response.Redirect(strDefault); else Response.Redirect(strRedirect); } else { ErrorMsg.Visible = true; } } the web.config file of subdir i wanted to protected is
<configuration> <location path="digitaladmin.aspx"> <system.web> <authentication mode="Forms"> <forms name="iPage" loginUrl="/iPage/Login.aspx" /> </authentication> <authorization> <allow roles="Admin" /> <allow roles="Teacher" /> <deny users="*" /> </authorization> </system.web> </location> <system.web> <authentication mode="Forms"> <forms name="iPage" loginUrl="/iPage/Login.aspx" /> </authentication> <authorization> <allow roles="Admin" /> <allow users="Archer"/> <deny users="*" /> </authorization> </system.web> </configuration> and the Application_AuthenticateRequest in Global.asax.cs is
if (!(HttpContext.Current.User == null)) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity.GetType() == typeof(FormsIdentity)) { FormsIdentity fi = (FormsIdentity) HttpContext.Current.User.Identity; FormsAuthenticationTicket fat = fi.Ticket; String[] astrRoles = fat.UserData.Split('|'); HttpContext.Current.User = new GenericPrincipal(fi, astrRoles); } } } any help would be appreciate!
.
- Follow-Ups:
- Re: Strange Role-Based authentication problem!
- From: Archer
- Re: Strange Role-Based authentication problem!
- From: Patrick Olurotimi Ige
- Re: Strange Role-Based authentication problem!
- References:
- Strange Role-Based authentication problem!
- From: Archer
- Strange Role-Based authentication problem!
- Prev by Date: Re: Any good Shopping Carts out there?
- Next by Date: Re: CheckSuspiciousVirtualPath
- Previous by thread: Strange Role-Based authentication problem!
- Next by thread: Re: Strange Role-Based authentication problem!
- Index(es):
Relevant Pages
|
