Roles not loaded at in LoggedIn event

G

Guest

I've a simple asp.net applicaiton in which I'm using the login control.

I trap the LoggedIn event and then decide which pages to redirect the user
to based on their role.

The problem is that no roles appear to be loaded at this point.

Curiously, if I login twice, the second time the roles are available and in
general if I log in then the roles shown seem to be for the PREVIOUS login.

I can find no way to force the reloading of roles and I have no idea what is
happening here despite some hours spent scouring the net!

No doubt it is obvious, but sadly, not to me!

Iain
 
G

Guest

Iain said:
I've a simple asp.net applicaiton in which I'm using the login control.

I trap the LoggedIn event and then decide which pages to redirect the user
to based on their role.

The problem is that no roles appear to be loaded at this point.
Click to expand...
Does anyone have any ideas about this? It would seem that I'm either doing
something terribly stupid or there is a serious flaw in the way in which the
Roles are handled. I prefer the first option (<g>), but I can't see it!


Iain
 
P

Peter Bradley

I've never used the login control, but presumably the onus is on you to get
the roles. A quick look at the help for the login control doesn't show that
it provides any features such as role retrieval.

Roles could, for example, be stored in an RDBMS or in some sort of Directory
Service, or in an XML file or even in a text file. How have you arranged
for the roles to be retrieve?

HTH


Peter
 
G

Guest

Peter Bradley said:
I've never used the login control, but presumably the onus is on you to get
the roles. A quick look at the help for the login control doesn't show that
it provides any features such as role retrieval.
Click to expand...

Hi, Peter.

YOu will see from my first post that a resubmit of the login page picks up
the roles correctly. The roles are present in the same SQLExpress database
as the users.

The symptoms are as if the roles are not loaded until after the LoggedIn
event is called, which is plain bizzare.

Iain
 
P

Peter Bradley

Where is your code that loads the roles?


Peter

Iain said:
Hi, Peter.

YOu will see from my first post that a resubmit of the login page picks up
the roles correctly. The roles are present in the same SQLExpress
database
as the users.

The symptoms are as if the roles are not loaded until after the LoggedIn
event is called, which is plain bizzare.

Iain
Click to expand...
 
P

Peter Bradley

Just had a look at the help for the control:
<quote>
Notes to Implementers Custom authentication schemes should set the
Authenticated property to true to indicate that a user has been
authenticated. When a user submits his or her login information, the Login
control first raises the LoggingIn event, then the Authenticate event, and
finally the LoggedIn event.

</quote>

So, if it were me, I'd retrieve the roles in the Authenticate event. Since
we use Forms authentication, I'd then store them as a delimited string in a
FormsAuthenticationTicket, which I'd then encrypt and store in a cookie.
The Application_AuthenticateRequest event handler can then retrieve and
decrypt the cookie, get the roles stored and put them into an Identity
object in a Principal object.

HTH



Peter
 
G

Guest

Peter Bradley said:
Just had a look at the help for the control:
<quote>
Notes to Implementers Custom authentication schemes should set the
Authenticated property to true to indicate that a user has been
authenticated. When a user submits his or her login information, the Login
control first raises the LoggingIn event, then the Authenticate event, and
finally the LoggedIn event.

</quote>

So, if it were me, I'd retrieve the roles in the Authenticate event. Since
we use Forms authentication, I'd then store them as a delimited string in a
FormsAuthenticationTicket, which I'd then encrypt and store in a cookie.
The Application_AuthenticateRequest event handler can then retrieve and
decrypt the cookie, get the roles stored and put them into an Identity
object in a Principal object.
Click to expand...
Hi, Peter.

I'm not using custom authentication and as I'm checking roles (with
User.IsInRole("MyRole")) in the LoggedIn Event this should be equivalent to
doing it in the Authenticated event. I've worked around this, by not
checking the role in the login form, but rather redirecting the form to a
holding page, checking there for the role (which works) and then redirecting
again if need be.

I would have to regard this as a bug. It's not the way I would expect it to
work.

Other oddities I've picked up (which I think are plain wrong!) are..

If you login without first logging out, the login does not work. YOu remain
logged in as the previous user.

If you login as a new user, the session is not restarted.

My work around is to use FormsAuthentication.SignOut() to force a log off
(why is this not part of the Membership class?) and also to clear the session
in the LogginIn event.

Dear Microsoft, a spoonful of documentation would have saved me a
considerable time of messing around.

Iain
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

LoggedIn doesn't seem to be 0
roles in web.config 1
AuthenticateRequest event and Roles 1
Forms Authentication. Roles problem in IIS7. Any idea? Anyone? 0
Context.User is Null in the LoggedIn method of the Login Control 0
When are User Roles Initialized? 2
Login event handler in 2.0 2
Multiple DestinationPageUrl in 2.0 based NOT on roles, but user table field 4

Members online

No members online now.
Total: 30 (members: 0, guests: 30)
Robots: 198

Forum statistics

Threads
473,756
Messages
2,569,535
Members
45,008
Latest member
obedient dusk

Latest Threads

Top