Strange Role-Based authentication problem!

A

Archer

I was making a role-based authentication but it does't login with
correct password.

the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.

in the cs files, i write the code below

protected void SubmitBtn_Click(Object sender, EventArgs e)
{
if (Authenticate(UserName.Text, Password.Text))
{
FormsAuthentication.Initialize();
SqlConnection dsn = new
SqlConnection(ConfigurationSettings.AppSettings["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlStr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@UserId",
SqlDbType.NVarChar, 20);
myUserId.Value = UserName.Text.Trim();
myCommand.Parameters.Add(myUserId);
bool bIsAdmin =
Convert.ToBoolean(myCommand.ExecuteScalar().ToString());
dsn.Close();

string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.aspx";
Session["TeacherID"]=teacherID;
}

//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), true, strRole,
FormsAuthentication.FormsCookiePath);
HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)));
FormsAuthentication.SetAuthCookie(UserName.Text,true);

//Cache.Add(UserName.Text,strRole,null,DateTime.MaxValue,TimeSpan.FromHours(1),CacheItemPriority.BelowNormal,null);
string strRedirect =
FormsAuthentication.GetRedirectUrl(UserName.Text,true);
if(strRedirect=="/iPage/default.aspx")
Response.Redirect(strDefault);
else
Response.Redirect(strRedirect);

}
else
{
ErrorMsg.Visible = true;
}
}

the web.config file of subdir i wanted to protected is

<configuration>
<location path="digitaladmin.aspx">
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>

and the Application_AuthenticateRequest in Global.asax.cs is

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity.GetType() ==
typeof(FormsIdentity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Current.User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;

String[] astrRoles = fat.UserData.Split('|');
HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
}
}
}



any help would be appreciate!
 
B

Brock Allen

I'd run Trace=true on your page to see if you're getting two ASP.NET forms
authentication cookies. Since you're setting the cookie manually and then
callings FormsAuth.SetAuthCookie, it's also adding in its own cookie.




I was making a role-based authentication but it does't login with
correct password.

the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.

in the cs files, i write the code below

protected void SubmitBtn_Click(Object sender, EventArgs e)
{
if (Authenticate(UserName.Text, Password.Text))
{
FormsAuthentication.Initialize();
SqlConnection dsn = new
SqlConnection(ConfigurationSettings.AppSettings["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlStr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@UserId",
SqlDbType.NVarChar, 20);
myUserId.Value = UserName.Text.Trim();
myCommand.Parameters.Add(myUserId);
bool bIsAdmin =
Convert.ToBoolean(myCommand.ExecuteScalar().ToString());
dsn.Close();
string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.aspx";
Session["TeacherID"]=teacherID;
}
//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), true, strRole,
FormsAuthentication.FormsCookiePath);
HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)));
FormsAuthentication.SetAuthCookie(UserName.Text,true);
//Cache.Add(UserName.Text,strRole,null,DateTime.MaxValue,TimeSpan.From
Hours(1),CacheItemPriority.BelowNormal,null);
string strRedirect =
FormsAuthentication.GetRedirectUrl(UserName.Text,true);
if(strRedirect=="/iPage/default.aspx")
Response.Redirect(strDefault);
else
Response.Redirect(strRedirect);
}
else
{
ErrorMsg.Visible = true;
}
}
the web.config file of subdir i wanted to protected is

<configuration>
<location path="digitaladmin.aspx">
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
and the Application_AuthenticateRequest in Global.asax.cs is

if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity.GetType() ==
typeof(FormsIdentity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Current.User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
String[] astrRoles = fat.UserData.Split('|');
HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
}
}
}
any help would be appreciate!
Click to expand...
 
A

Archer

Thank you for reply.
There are no problem with FormsAuth.SetAuthCookie.
I traced it, there is no Current.User property exist in Requst object
 
A

Archer

Thank you! I find the keypoint!
It is all because of that i haven't change the "<authentication
mode="None" />" in web.config of root dir. i just create new web.config
file in subdir which is need to be protected.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms Authentication 0
Forms Authentication / Role based security 1
Form-based Authentication 2
Forms Authentication. Roles problem in IIS7. Any idea? Anyone? 0
Strange role behaviour 0
Role-based authentication and Forms and System.UnauthorizedAccessException 5
Forms Authentication Problem... 2
Forms Authentication for multiple applications 1

Members online

Total: 27 (members: 1, guests: 26)
Robots: 390

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,020
Latest member
GenesisGai

Latest Threads

Top