RedirectFromLoginPage not redirecting

Discussion in 'ASP .Net Security' started by sean, May 10, 2004.

  1. sean

    sean Guest

    I'm attempting to use Forms/Roles based authentication and
    authorization. A subdirectory's web.config allows only
    "Admin" roles and it does kick browsers to a login page.
    However...when supplying proper credentials to the login
    page I'm never actually redirected to the page in the
    protected subdirectory. I've stepped through the code in
    the debugger and I can see the connection to the db open
    and the names of the roles getting fed to a cookie all just
    fine but at the last the redirect never happens. There's a
    blink (postback I'm assuming) and I stay at the login page.

    Any help greatly appreciated. Code to follow..
    ..........................................................
    web.config of protected directory:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
    <system.web>
    <authorization>
    <allow roles="Administrator" />
    <deny users="*" />
    </authorization>
    </system.web>
    </configuration>
    ..........................................................

    ..........................................................
    code in login.aspx onClick event handler:

    Dim cookieRoles As New StringBuilder

    While reader.Read()
    cookieRoles.Append(reader("Role").
    ToString())
    cookieRoles.Append(".")
    End While

    ' Save the Roles in a client Cookie for
    future requests
    Dim RoleCookie As HttpCookie = New
    HttpCookie("Roles")

    RoleCookie.Value = cookieRoles.ToString()

    Response.Cookies.Add(RoleCookie)

    FormsAuthentication.
    RedirectFromLoginPage(UserName.Text, PersistCookie.Checked)

    ..........................................................
     
    sean, May 10, 2004
    #1
    1. Advertising

  2. sean

    Janaka Guest

    If your wanting to use role-based authentication then you need to get the
    role information into the forms authentication ticket.
    Don't worry about making another cookie for your roles. Just redirect from
    login as you've done.
    In your global.asax try the following:

    protected void Application_AuthenticateRequest(Object sender, EventArgs e)

    {

    if (Request.IsAuthenticated)

    {

    string authName = Context.User.Identity.Name;

    // Get the role to store

    string[] roles = cookieRoles.Split(','); // this can be your own
    implementation

    // Add a principal

    GenericIdentity thisIdentity = new GenericIdentity(authName);


    Context.User = new GenericPrincipal(thisIdentity, roles);

    }

    }


    "sean" <> wrote in message
    news:a88e01c43688$08aca1c0$...
    > I'm attempting to use Forms/Roles based authentication and
    > authorization. A subdirectory's web.config allows only
    > "Admin" roles and it does kick browsers to a login page.
    > However...when supplying proper credentials to the login
    > page I'm never actually redirected to the page in the
    > protected subdirectory. I've stepped through the code in
    > the debugger and I can see the connection to the db open
    > and the names of the roles getting fed to a cookie all just
    > fine but at the last the redirect never happens. There's a
    > blink (postback I'm assuming) and I stay at the login page.
    >
    > Any help greatly appreciated. Code to follow..
    > .........................................................
    > web.config of protected directory:
    >
    > <?xml version="1.0" encoding="utf-8" ?>
    > <configuration>
    > <system.web>
    > <authorization>
    > <allow roles="Administrator" />
    > <deny users="*" />
    > </authorization>
    > </system.web>
    > </configuration>
    > .........................................................
    >
    > .........................................................
    > code in login.aspx onClick event handler:
    >
    > Dim cookieRoles As New StringBuilder
    >
    > While reader.Read()
    > cookieRoles.Append(reader("Role").
    > ToString())
    > cookieRoles.Append(".")
    > End While
    >
    > ' Save the Roles in a client Cookie for
    > future requests
    > Dim RoleCookie As HttpCookie = New
    > HttpCookie("Roles")
    >
    > RoleCookie.Value = cookieRoles.ToString()
    >
    > Response.Cookies.Add(RoleCookie)
    >
    > FormsAuthentication.
    > RedirectFromLoginPage(UserName.Text, PersistCookie.Checked)
    >
    > .........................................................
    >
    >
    >
     
    Janaka, May 10, 2004
    #2
    1. Advertising

  3. sean

    sean Guest

    Should have added..I have the following in my global.asax.
    vb and still no redirect:

    Sub Application_AuthenticateRequest(ByVal sender As Object,
    ByVal e As EventArgs)
    Dim context As HttpContext = HttpContext.Current
    If Not context.User Is Nothing AndAlso context.
    User.Identity.IsAuthenticated Then
    Dim userIdentity As GenericIdentity = New
    GenericIdentity(context.User.Identity.Name, "Forms")
    Dim userPrincipal As GenericPrincipal = New
    GenericPrincipal(userIdentity, context.Request.
    Cookies("Roles").Value.Split("."))
    context.User = userPrincipal
    End If
    End Sub

    thanks,
    s~

    >-----Original Message-----
    >If your wanting to use role-based authentication then you

    need to get the
    >role information into the forms authentication ticket.
    >Don't worry about making another cookie for your roles.

    Just redirect from
    >login as you've done.
    >In your global.asax try the following:
    >
    >protected void Application_AuthenticateRequest(Object

    sender, EventArgs e)
    >
    >{
    >
    >if (Request.IsAuthenticated)
    >
    >{
    >
    > string authName = Context.User.Identity.Name;
    >
    > // Get the role to store
    >
    > string[] roles = cookieRoles.Split(','); // this

    can be your own
    >implementation
    >
    > // Add a principal
    >
    > GenericIdentity thisIdentity = new

    GenericIdentity(authName);
    >
    >
    > Context.User = new GenericPrincipal(thisIdentity,

    roles);
    >
    >}
    >
    >}
    >
    >
    >"sean" <> wrote in

    message
    >news:a88e01c43688$08aca1c0$...
    >> I'm attempting to use Forms/Roles based authentication

    and
    >> authorization. A subdirectory's web.config allows only
    >> "Admin" roles and it does kick browsers to a login page.
    >> However...when supplying proper credentials to the login
    >> page I'm never actually redirected to the page in the
    >> protected subdirectory. I've stepped through the code in
    >> the debugger and I can see the connection to the db open
    >> and the names of the roles getting fed to a cookie all

    just
    >> fine but at the last the redirect never happens. There's

    a
    >> blink (postback I'm assuming) and I stay at the login

    page.
    >>
    >> Any help greatly appreciated. Code to follow..
    >> ........................................................

    ..
    >> web.config of protected directory:
    >>
    >> <?xml version="1.0" encoding="utf-8" ?>
    >> <configuration>
    >> <system.web>
    >> <authorization>
    >> <allow roles="Administrator" />
    >> <deny users="*" />
    >> </authorization>
    >> </system.web>
    >> </configuration>
    >> ........................................................

    ..
    >>
    >> ........................................................

    ..
    >> code in login.aspx onClick event handler:
    >>
    >> Dim cookieRoles As New StringBuilder
    >>
    >> While reader.Read()
    >> cookieRoles.Append(reader("Role").
    >> ToString())
    >> cookieRoles.Append(".")
    >> End While
    >>
    >> ' Save the Roles in a client Cookie for
    >> future requests
    >> Dim RoleCookie As HttpCookie = New
    >> HttpCookie("Roles")
    >>
    >> RoleCookie.Value = cookieRoles.ToString()
    >>
    >> Response.Cookies.Add(RoleCookie)
    >>
    >> FormsAuthentication.
    >> RedirectFromLoginPage(UserName.Text, PersistCookie.

    Checked)
    >>
    >> ........................................................

    ..
    >>
    >>
    >>

    >
    >
    >.
    >
     
    sean, May 10, 2004
    #3
  4. sean

    Janaka Guest

    sean

    try using the FormsAuthentication.GetAuthCookie() method instead and then
    doing a manual Response.Redirect()

    Janaka

    "sean" <> wrote in message
    news:ace301c43699$b50052d0$...
    > Should have added..I have the following in my global.asax.
    > vb and still no redirect:
    >
    > Sub Application_AuthenticateRequest(ByVal sender As Object,
    > ByVal e As EventArgs)
    > Dim context As HttpContext = HttpContext.Current
    > If Not context.User Is Nothing AndAlso context.
    > User.Identity.IsAuthenticated Then
    > Dim userIdentity As GenericIdentity = New
    > GenericIdentity(context.User.Identity.Name, "Forms")
    > Dim userPrincipal As GenericPrincipal = New
    > GenericPrincipal(userIdentity, context.Request.
    > Cookies("Roles").Value.Split("."))
    > context.User = userPrincipal
    > End If
    > End Sub
    >
    > thanks,
    > s~
    >
    > >-----Original Message-----
    > >If your wanting to use role-based authentication then you

    > need to get the
    > >role information into the forms authentication ticket.
    > >Don't worry about making another cookie for your roles.

    > Just redirect from
    > >login as you've done.
    > >In your global.asax try the following:
    > >
    > >protected void Application_AuthenticateRequest(Object

    > sender, EventArgs e)
    > >
    > >{
    > >
    > >if (Request.IsAuthenticated)
    > >
    > >{
    > >
    > > string authName = Context.User.Identity.Name;
    > >
    > > // Get the role to store
    > >
    > > string[] roles = cookieRoles.Split(','); // this

    > can be your own
    > >implementation
    > >
    > > // Add a principal
    > >
    > > GenericIdentity thisIdentity = new

    > GenericIdentity(authName);
    > >
    > >
    > > Context.User = new GenericPrincipal(thisIdentity,

    > roles);
    > >
    > >}
    > >
    > >}
    > >
    > >
    > >"sean" <> wrote in

    > message
    > >news:a88e01c43688$08aca1c0$...
    > >> I'm attempting to use Forms/Roles based authentication

    > and
    > >> authorization. A subdirectory's web.config allows only
    > >> "Admin" roles and it does kick browsers to a login page.
    > >> However...when supplying proper credentials to the login
    > >> page I'm never actually redirected to the page in the
    > >> protected subdirectory. I've stepped through the code in
    > >> the debugger and I can see the connection to the db open
    > >> and the names of the roles getting fed to a cookie all

    > just
    > >> fine but at the last the redirect never happens. There's

    > a
    > >> blink (postback I'm assuming) and I stay at the login

    > page.
    > >>
    > >> Any help greatly appreciated. Code to follow..
    > >> ........................................................

    > .
    > >> web.config of protected directory:
    > >>
    > >> <?xml version="1.0" encoding="utf-8" ?>
    > >> <configuration>
    > >> <system.web>
    > >> <authorization>
    > >> <allow roles="Administrator" />
    > >> <deny users="*" />
    > >> </authorization>
    > >> </system.web>
    > >> </configuration>
    > >> ........................................................

    > .
    > >>
    > >> ........................................................

    > .
    > >> code in login.aspx onClick event handler:
    > >>
    > >> Dim cookieRoles As New StringBuilder
    > >>
    > >> While reader.Read()
    > >> cookieRoles.Append(reader("Role").
    > >> ToString())
    > >> cookieRoles.Append(".")
    > >> End While
    > >>
    > >> ' Save the Roles in a client Cookie for
    > >> future requests
    > >> Dim RoleCookie As HttpCookie = New
    > >> HttpCookie("Roles")
    > >>
    > >> RoleCookie.Value = cookieRoles.ToString()
    > >>
    > >> Response.Cookies.Add(RoleCookie)
    > >>
    > >> FormsAuthentication.
    > >> RedirectFromLoginPage(UserName.Text, PersistCookie.

    > Checked)
    > >>
    > >> ........................................................

    > .
    > >>
    > >>
    > >>

    > >
    > >
    > >.
    > >
     
    Janaka, May 10, 2004
    #4
  5. sean

    sean Guest

    On the response.redirect I get System.Threading.
    ThreadAbortException and continue to get no redirect...

    thx for the feedback Janaka
    S~



    >-----Original Message-----
    >sean
    >
    >try using the FormsAuthentication.GetAuthCookie() method

    instead and then
    >doing a manual Response.Redirect()
    >
    >Janaka
    >
    >"sean" <> wrote in

    message
    >news:ace301c43699$b50052d0$...
    >> Should have added..I have the following in my global.

    asax.
    >> vb and still no redirect:
    >>
    >> Sub Application_AuthenticateRequest(ByVal sender As

    Object,
    >> ByVal e As EventArgs)
    >> Dim context As HttpContext = HttpContext.Current
    >> If Not context.User Is Nothing AndAlso context.
    >> User.Identity.IsAuthenticated Then
    >> Dim userIdentity As GenericIdentity = New
    >> GenericIdentity(context.User.Identity.Name, "Forms")
    >> Dim userPrincipal As GenericPrincipal = New
    >> GenericPrincipal(userIdentity, context.Request.
    >> Cookies("Roles").Value.Split("."))
    >> context.User = userPrincipal
    >> End If
    >> End Sub
    >>
    >> thanks,
    >> s~
    >>
    >> >-----Original Message-----
    >> >If your wanting to use role-based authentication then

    you
    >> need to get the
    >> >role information into the forms authentication ticket.
    >> >Don't worry about making another cookie for your roles.

    >> Just redirect from
    >> >login as you've done.
    >> >In your global.asax try the following:
    >> >
    >> >protected void Application_AuthenticateRequest(Object

    >> sender, EventArgs e)
    >> >
    >> >{
    >> >
    >> >if (Request.IsAuthenticated)
    >> >
    >> >{
    >> >
    >> > string authName = Context.User.Identity.Name;
    >> >
    >> > // Get the role to store
    >> >
    >> > string[] roles = cookieRoles.Split(','); // this

    >> can be your own
    >> >implementation
    >> >
    >> > // Add a principal
    >> >
    >> > GenericIdentity thisIdentity = new

    >> GenericIdentity(authName);
    >> >
    >> >
    >> > Context.User = new GenericPrincipal(thisIdentity,

    >> roles);
    >> >
    >> >}
    >> >
    >> >}
    >> >
    >> >
    >> >"sean" <> wrote in

    >> message
    >> >news:a88e01c43688$08aca1c0$...
    >> >> I'm attempting to use Forms/Roles based

    authentication
    >> and
    >> >> authorization. A subdirectory's web.config allows

    only
    >> >> "Admin" roles and it does kick browsers to a login

    page.
    >> >> However...when supplying proper credentials to the

    login
    >> >> page I'm never actually redirected to the page in the
    >> >> protected subdirectory. I've stepped through the code

    in
    >> >> the debugger and I can see the connection to the db

    open
    >> >> and the names of the roles getting fed to a cookie

    all
    >> just
    >> >> fine but at the last the redirect never happens.

    There's
    >> a
    >> >> blink (postback I'm assuming) and I stay at the login

    >> page.
    >> >>
    >> >> Any help greatly appreciated. Code to follow..
    >> >> .....................................................

    ....
    >> .
    >> >> web.config of protected directory:
    >> >>
    >> >> <?xml version="1.0" encoding="utf-8" ?>
    >> >> <configuration>
    >> >> <system.web>
    >> >> <authorization>
    >> >> <allow roles="Administrator" />
    >> >> <deny users="*" />
    >> >> </authorization>
    >> >> </system.web>
    >> >> </configuration>
    >> >> .....................................................

    ....
    >> .
    >> >>
    >> >> .....................................................

    ....
    >> .
    >> >> code in login.aspx onClick event handler:
    >> >>
    >> >> Dim cookieRoles As New StringBuilder
    >> >>
    >> >> While reader.Read()
    >> >> cookieRoles.Append(reader("Role").
    >> >> ToString())
    >> >> cookieRoles.Append(".")
    >> >> End While
    >> >>
    >> >> ' Save the Roles in a client Cookie for
    >> >> future requests
    >> >> Dim RoleCookie As HttpCookie = New
    >> >> HttpCookie("Roles")
    >> >>
    >> >> RoleCookie.Value = cookieRoles.ToString()
    >> >>
    >> >> Response.Cookies.Add(RoleCookie)
    >> >>
    >> >> FormsAuthentication.
    >> >> RedirectFromLoginPage(UserName.Text, PersistCookie.

    >> Checked)
    >> >>
    >> >> .....................................................

    ....
    >> .
    >> >>
    >> >>
    >> >>
    >> >
    >> >
    >> >.
    >> >

    >
    >
    >.
    >
     
    sean, May 10, 2004
    #5
  6. sean

    carol Guest

    I just solved the SAME problem with my site. The problem was solved after the following 3 things were corrected on the web server. There actually wasn't anything that needed to be changed with the code

    1 - make sure the server's system ennvironment variable PATH contains the path to the directory where .NET is installed.

    2 - make sure the subdirectories that contain the protected pages are not set up as applications within IIS

    3 - make sure web sharing is turned on for those same subdirectorie

    Good Luck
    - Carol
     
    carol, May 21, 2004
    #6
  7. sean

    carol Guest

    Another possible solution may be found in this link re: your threadabort error:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;31262

    For what it's worth, here's my global.asax code, different from yours..

    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
    'this fires each time someone hits a protected page. If they're alread
    'logged on, this routine checks their role in the cookie an
    'displays the page if they are authorized

    'find this user's cookie that was created when the user logged o
    Dim cookieName As String = FormsAuthentication.FormsCookieNam
    Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName

    If authCookie Is Nothing The
    'there's no authentication cooki
    Retur
    End I
    'extract and decrypt the authentication ticket from the forms authentication cooki
    Dim authTicket As FormsAuthenticationTicket = Nothin
    Tr
    authTicket = FormsAuthentication.Decrypt(authCookie.Value
    Catch 'unforseen erro
    Retur
    End Tr
    If authTicket Is Nothing The
    'cookie failed to decryp
    Retur
    End I
    'extract the roles from the user's cooki
    'When the ticket was created, the UserData property was assigned
    'comma delimited string of role names
    Dim roles As String() = authTicket.UserData.Split(","
    'Create an Identity objec
    Dim id As FormsIdentity = New FormsIdentity(authTicket
    'This principal will flow throughout the request
    Dim principal As GenericPrincipal = New GenericPrincipal(id, roles
    'Attach the new principal object to the current HttpContext objec
    Context.User = principa

    End Su

    good luc
    - Carol
     
    carol, May 21, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TaeHo Yoo
    Replies:
    1
    Views:
    544
    Teemu Keiski
    Jul 9, 2003
  2. Jacob Crossley
    Replies:
    0
    Views:
    425
    Jacob Crossley
    Apr 2, 2004
  3. Replies:
    4
    Views:
    5,547
    Patrick Olurotimi Ige
    Mar 1, 2005
  4. Jeremy Chapman
    Replies:
    1
    Views:
    2,984
    ajamrozek
    Sep 21, 2005
  5. Tim_Mac
    Replies:
    0
    Views:
    179
    Tim_Mac
    May 11, 2005
Loading...

Share This Page