Forms Authentication losing IsAuthenticated after 1 page

Discussion in 'ASP .Net Security' started by vipergtsrz@gmail.com, Sep 17, 2005.

  1. Guest

    I am wanting to use Forms Authentication on my site, and I have the
    exact same code on another site I am using, but it's not working on
    this one.

    I only want to limit the "admin" folder to require me to log in, so I
    have this in my web config:

    <location path="admin" >
    <system.web>
    <authorization>
    <allow roles="Administrator" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>

    When I first go to the admin section of the site, it redirects me to
    the login page like it should. I log in, and it goes to the admin
    section just fine. Then, if I go to the normal part of the site that
    isn't "protected", it seems to lose my login. When I use
    User.IsInRole("Administrator") or User.Identity.IsAuthenticated they
    always return false. I am still able to go to the admin section, but I
    am not authenticated.

    Here is the code I am putting in my global.asax file:

    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e
    As EventArgs)
    If Request.IsAuthenticated Then
    Dim UserID As New SqlParameter("@Username",
    User.Identity.Name)
    Dim reader As SqlDataReader =
    SqlHelper.ExecuteReader(ConfigurationSettings.AppSettings("connectionString"),
    CommandType.StoredProcedure, "rolesForUser", UserID)
    Dim roleList As New ArrayList
    Do While reader.Read
    roleList.Add(reader("Name"))
    Loop
    Dim roleListArray As String() =
    roleList.ToArray(GetType(String))
    HttpContext.Current.User() = New
    GenericPrincipal(User.Identity, roleListArray)
    End If
    End Sub

    The problem is that Request.IsAuthenticated is returning "False" after
    I go to another page. Here is the rest of my web.config file to: (that
    have to do with this)

    <authentication mode="Forms">
    <forms name="Form1" loginUrl="login.aspx" protection="All"
    timeout="30" path="/"/>
    </authentication>

    Any help with this would be greatly appreciated. I am sure it's
    probably something wrong with some random IIS setting I have or
    something that's messing it up. Thank you for your time!
    , Sep 17, 2005
    #1
    1. Advertising

  2. Hello ,

    can you confirm that the browser is sending the authentication cookie on
    subsequent requests?

    use a tool like www.fiddlertool.com to check that

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I am wanting to use Forms Authentication on my site, and I have the
    > exact same code on another site I am using, but it's not working on
    > this one.
    >
    > I only want to limit the "admin" folder to require me to log in, so I
    > have this in my web config:
    >
    > <location path="admin" >
    > <system.web>
    > <authorization>
    > <allow roles="Administrator" />
    > <deny users="*" />
    > </authorization>
    > </system.web>
    > </location>
    > When I first go to the admin section of the site, it redirects me to
    > the login page like it should. I log in, and it goes to the admin
    > section just fine. Then, if I go to the normal part of the site that
    > isn't "protected", it seems to lose my login. When I use
    > User.IsInRole("Administrator") or User.Identity.IsAuthenticated they
    > always return false. I am still able to go to the admin section, but I
    > am not authenticated.
    >
    > Here is the code I am putting in my global.asax file:
    >
    > Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal
    > e
    > As EventArgs)
    > If Request.IsAuthenticated Then
    > Dim UserID As New SqlParameter("@Username",
    > User.Identity.Name)
    > Dim reader As SqlDataReader =
    > SqlHelper.ExecuteReader(ConfigurationSettings.AppSettings("connectionS
    > tring"),
    > CommandType.StoredProcedure, "rolesForUser", UserID)
    > Dim roleList As New ArrayList
    > Do While reader.Read
    > roleList.Add(reader("Name"))
    > Loop
    > Dim roleListArray As String() =
    > roleList.ToArray(GetType(String))
    > HttpContext.Current.User() = New
    > GenericPrincipal(User.Identity, roleListArray)
    > End If
    > End Sub
    > The problem is that Request.IsAuthenticated is returning "False" after
    > I go to another page. Here is the rest of my web.config file to: (that
    > have to do with this)
    >
    > <authentication mode="Forms">
    > <forms name="Form1" loginUrl="login.aspx" protection="All"
    > timeout="30" path="/"/>
    > </authentication>
    >
    > Any help with this would be greatly appreciated. I am sure it's
    > probably something wrong with some random IIS setting I have or
    > something that's messing it up. Thank you for your time!
    >
    Dominick Baier [DevelopMentor], Sep 18, 2005
    #2
    1. Advertising

  3. Chad Guest

    Thank you very much for your response. I actually found out what it was.
    I was so frustrated with it that I just put a breakpoint on every page
    to follow through the entire process and found that I had put a
    Session.Abandon() in there somewhere a long time ago before I had
    implemented the Forms Authentication. I had a feeling like it was
    something stupid on my part.

    It's working perfectly now. Thanks again!

    --
    Sent via .NET Newsgroups
    http://www.dotnetnewsgroups.com
    Chad, Sep 18, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bob
    Replies:
    1
    Views:
    11,915
    Joe Fallon
    Apr 29, 2004
  2. ChInKPoInt [No MCSD]
    Replies:
    0
    Views:
    792
    ChInKPoInt [No MCSD]
    Dec 4, 2004
  3. Johnnie Norsworthy
    Replies:
    2
    Views:
    549
    Johnnie Norsworthy
    Nov 15, 2005
  4. =?Utf-8?B?ZG90bmV0dGVzdGVy?=

    custom authentication and Request.isAuthenticated

    =?Utf-8?B?ZG90bmV0dGVzdGVy?=, Dec 14, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    710
    =?Utf-8?B?ZG90bmV0dGVzdGVy?=
    Dec 14, 2005
  5. Bob Hansen

    Forms Authentication problem with IsAuthenticated

    Bob Hansen, Feb 4, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    176
    Madan Nayak
    Feb 6, 2004
Loading...

Share This Page