P
Paul Prewett
Hello all,
I have a simple role based security model setup in a web application. My
problem is that, while everything works perfectly here on my test machine, I
can't seem to get the web server to remember that I've been authenticated
past a postback.
So I request the protected page (protected w/ a web.config setting), it
redirects me to the login page (good so far), I enter my UID/PWD and submit,
and it authenticates me (good so far), but then, when it redirects me back
to the page I had originally asked for, aspnet spits me back to the login
page.
I have successfully verified that the admin login page is recongnizing who I
am, and executing the following code after it determines that:
FormsAuthentication.SetAuthCookie(txtUserName.Text, true);
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true);
It looks and smells like some server setting that I'm missing (Win2k SP4 --
IIS5), but I'm unaware of any server setting that has to be set so that
role/forms based authentication will work.
So my code is as follows. My main web.config file
authentication/authorization section looks like this:
<authentication mode="Forms">
<forms
name=".mywebsitename"
loginUrl="adminLogin.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
and the protected subdirectory has a web.config in it that looks like this:
<configuration>
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
My global Application_AuthenticateRequest looks like this:
if(Request.IsAuthenticated)
{
dataFactory df = new
dataFactory(ConfigurationSettings.AppSettings["dataProvider"]);
IImagineData data = df.Create(ConfigurationSettings.AppSettings["strCon"]);
string userName = User.Identity.Name;
string[] roles = ahb.User.GetUserRoles(userName,data);
GenericIdentity id = new GenericIdentity(userName);
Context.User = new GenericPrincipal(id,roles);
data.Dispose();
}
and the adminLogin does the following once someone enters their password:
if(ahb.User.Authenticate(txtUserName.Text,txtPassword.Text,data))
{
FormsAuthentication.SetAuthCookie(txtUserName.Text, true);
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true);
} // the if block is being evaluated as true. So I am getting redirected,
and then sent back to try again
So... what am I missing here? Is there something that needs to be setup on
the server for this thing to work? Remember that all this code and whatnot
works perfectly on my winXP Pro development box. I'm trying to export the
site to a Win2k SP4 machine.
Any ideas/suggestions would be greatly appreciated.
-Paul Prewett
I have a simple role based security model setup in a web application. My
problem is that, while everything works perfectly here on my test machine, I
can't seem to get the web server to remember that I've been authenticated
past a postback.
So I request the protected page (protected w/ a web.config setting), it
redirects me to the login page (good so far), I enter my UID/PWD and submit,
and it authenticates me (good so far), but then, when it redirects me back
to the page I had originally asked for, aspnet spits me back to the login
page.
I have successfully verified that the admin login page is recongnizing who I
am, and executing the following code after it determines that:
FormsAuthentication.SetAuthCookie(txtUserName.Text, true);
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true);
It looks and smells like some server setting that I'm missing (Win2k SP4 --
IIS5), but I'm unaware of any server setting that has to be set so that
role/forms based authentication will work.
So my code is as follows. My main web.config file
authentication/authorization section looks like this:
<authentication mode="Forms">
<forms
name=".mywebsitename"
loginUrl="adminLogin.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
and the protected subdirectory has a web.config in it that looks like this:
<configuration>
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
My global Application_AuthenticateRequest looks like this:
if(Request.IsAuthenticated)
{
dataFactory df = new
dataFactory(ConfigurationSettings.AppSettings["dataProvider"]);
IImagineData data = df.Create(ConfigurationSettings.AppSettings["strCon"]);
string userName = User.Identity.Name;
string[] roles = ahb.User.GetUserRoles(userName,data);
GenericIdentity id = new GenericIdentity(userName);
Context.User = new GenericPrincipal(id,roles);
data.Dispose();
}
and the adminLogin does the following once someone enters their password:
if(ahb.User.Authenticate(txtUserName.Text,txtPassword.Text,data))
{
FormsAuthentication.SetAuthCookie(txtUserName.Text, true);
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true);
} // the if block is being evaluated as true. So I am getting redirected,
and then sent back to try again
So... what am I missing here? Is there something that needs to be setup on
the server for this thing to work? Remember that all this code and whatnot
works perfectly on my winXP Pro development box. I'm trying to export the
site to a Win2k SP4 machine.
Any ideas/suggestions would be greatly appreciated.
-Paul Prewett