L
Laurie Dvorak
I'm using forms authentication and I want to limit access to certain
directories only to users with certain roles. I have the following code
(simplified to isolate problem):
Web.config (main directory)
<authentication mode="Forms">
<forms name="WhsWebAuth" loginUrl="~/login.aspx" protection="None"
timeout="30"/>
</authentication>
Web.config (directory I want to protect)
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
login.aspx.cs
protected void OnButtonLoginClick(object sender,
System.Web.UI.ImageClickEventArgs e)
{
FormsAuthentication.RedirectFromLoginPage(textBoxUsername.Text, false);
}
global.asax.cs
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.Request.IsAuthenticated)
{
string[] roles = new string[]{"Admin"};
HttpContext.Current.User = new
GenericPrincipal(HttpContext.Current.User.Identity, roles);
}
}
This works fine on my devolopment machine and I've used it before on another
website. However, I'm working a new website and when I run it on the
client's ISP's server I can never get past the login screen. If I try to
go to a page in the protected directory it brings up the login screen
(fine). I login and then it immediately returns to the login screen. Even
if I try to manually type in the page I'm trying to go to after the login,
it returns me back to the login screen (so it's not just a matter of the
redirect failing). It's as if the roles that are being set in the
global.asax.cs file are being lost somehow.
I'm thinking the problem must lie in how the ISP has the IIS server setup
since this works fine on my machine and has worked on another website.
However since it is an ISP, I cannot look at the server myself and I'm not
sure what would cause this anyways.
Ideas anyone?
Thanks in advance,
Laurie
directories only to users with certain roles. I have the following code
(simplified to isolate problem):
Web.config (main directory)
<authentication mode="Forms">
<forms name="WhsWebAuth" loginUrl="~/login.aspx" protection="None"
timeout="30"/>
</authentication>
Web.config (directory I want to protect)
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
login.aspx.cs
protected void OnButtonLoginClick(object sender,
System.Web.UI.ImageClickEventArgs e)
{
FormsAuthentication.RedirectFromLoginPage(textBoxUsername.Text, false);
}
global.asax.cs
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.Request.IsAuthenticated)
{
string[] roles = new string[]{"Admin"};
HttpContext.Current.User = new
GenericPrincipal(HttpContext.Current.User.Identity, roles);
}
}
This works fine on my devolopment machine and I've used it before on another
website. However, I'm working a new website and when I run it on the
client's ISP's server I can never get past the login screen. If I try to
go to a page in the protected directory it brings up the login screen
(fine). I login and then it immediately returns to the login screen. Even
if I try to manually type in the page I'm trying to go to after the login,
it returns me back to the login screen (so it's not just a matter of the
redirect failing). It's as if the roles that are being set in the
global.asax.cs file are being lost somehow.
I'm thinking the problem must lie in how the ISP has the IIS server setup
since this works fine on my machine and has worked on another website.
However since it is an ISP, I cannot look at the server myself and I'm not
sure what would cause this anyways.
Ideas anyone?
Thanks in advance,
Laurie