Authentication: Need to re-login for every directory

Discussion in 'ASP .Net' started by Homa, Oct 29, 2003.

  1. Homa

    Homa Guest

    Hi,
    I am using a role-based Forms Authentication. I have several
    directories that have different levels of authorization. When I try to
    access another directory, the page bounce me back to the login page
    everytime. After I re-login, I can access the page.

    I can't figure out what happened. I saved the roles to the User so
    when I access another page, they should able to see that before they
    bounce me out.

    Here is the settings:

    I have a directory structure: //root/secure/admin/ where "secure" and
    "admin" requires authorization.

    in the "secure" directory, I have:
    <configuration>
    <system.web>
    <customErrors mode="Off"/>
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>
    </configuration>

    in the "admin" directory, I have:
    <configuration>
    <system.web>
    <customErrors mode="Off"/>
    <authorization>
    <allow roles="Admin"/>
    <deny users="?" />
    </authorization>
    </system.web>
    </configuration>

    and in the Application_AuthenticateRequest event, I have:
    if (Request.IsAuthenticated)
    {
    string[] roles = rtkShirts.Component.adminBO.getPrivilege(HttpContext.Current.User.Identity.Name);
    if (roles != null)
    {
    HttpContext.Current.User = new
    System.Security.Principal.GenericPrincipal(User.Identity, roles);
    }
    }

    I test the page as follows:
    1. go to a page under "secure" directory.
    2. bounced to login.aspx (under root)
    3. logged in, return to the page I suppose to go (and I check in the
    Application_AuthenticateRequest event that I have "Admin" as one of
    the entry inside [string[] roles]).
    4. I click on a link to a page under "secure/admin"
    5. I got bounced back to login.aspx (shouldn't happen)
    6. I re-login and now I reach the page I want to go.


    Please help. I'm pretty new to the field so please pardon me if some
    of the wording I used sounds funny.

    Thanks for concern,
    Homa Wong
     
    Homa, Oct 29, 2003
    #1
    1. Advertising

  2. Homa

    Homa Guest

    Hi,
    nevermind. I found out what's the problem. I'm using VS.NET to
    develop the page. And I set the page to start at the page within the
    secure folder. For some reason, the very first request made by VS.NET
    is different than the others. ASP.NET consider it as a different user,
    so that's why I ask me to login twice. After I logged in the second
    time, everything works fine; same as when I run the site directly by
    typing the URL in browser.

    Thanks and Happy programming.

    Homa Wong

    (Homa) wrote in message news:<>...
    > Hi,
    > I am using a role-based Forms Authentication. I have several
    > directories that have different levels of authorization. When I try to
    > access another directory, the page bounce me back to the login page
    > everytime. After I re-login, I can access the page.
    >
    > I can't figure out what happened. I saved the roles to the User so
    > when I access another page, they should able to see that before they
    > bounce me out.
    >
    > Here is the settings:
    >
    > I have a directory structure: //root/secure/admin/ where "secure" and
    > "admin" requires authorization.
    >
    > in the "secure" directory, I have:
    > <configuration>
    > <system.web>
    > <customErrors mode="Off"/>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    > </system.web>
    > </configuration>
    >
    > in the "admin" directory, I have:
    > <configuration>
    > <system.web>
    > <customErrors mode="Off"/>
    > <authorization>
    > <allow roles="Admin"/>
    > <deny users="?" />
    > </authorization>
    > </system.web>
    > </configuration>
    >
    > and in the Application_AuthenticateRequest event, I have:
    > if (Request.IsAuthenticated)
    > {
    > string[] roles = rtkShirts.Component.adminBO.getPrivilege(HttpContext.Current.User.Identity.Name);
    > if (roles != null)
    > {
    > HttpContext.Current.User = new
    > System.Security.Principal.GenericPrincipal(User.Identity, roles);
    > }
    > }
    >
    > I test the page as follows:
    > 1. go to a page under "secure" directory.
    > 2. bounced to login.aspx (under root)
    > 3. logged in, return to the page I suppose to go (and I check in the
    > Application_AuthenticateRequest event that I have "Admin" as one of
    > the entry inside [string[] roles]).
    > 4. I click on a link to a page under "secure/admin"
    > 5. I got bounced back to login.aspx (shouldn't happen)
    > 6. I re-login and now I reach the page I want to go.
    >
    >
    > Please help. I'm pretty new to the field so please pardon me if some
    > of the wording I used sounds funny.
    >
    > Thanks for concern,
    > Homa Wong
     
    Homa, Oct 29, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?SXJ3YW5zeWFo?=
    Replies:
    4
    Views:
    2,483
    =?Utf-8?B?SXJ3YW5zeWFo?=
    Oct 30, 2007
  2. Harry Clendening
    Replies:
    0
    Views:
    993
    Harry Clendening
    Nov 27, 2009
  3. Pascal Blanchard
    Replies:
    0
    Views:
    271
    Pascal Blanchard
    Aug 17, 2004
  4. Pascal Blanchard
    Replies:
    1
    Views:
    302
    Pascal Blanchard
    Aug 18, 2004
  5. Keltex
    Replies:
    1
    Views:
    446
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
Loading...

Share This Page