Forms Auth (roles being ignored)

W

WhiskeyRomeo

Please ignore my previous post as I am way past that now.

Below is the code I am using in the login page. Below that are settings
within Web.config file. The procedure responsible for checking the password
just sets a session variable call "WebRoles" and returns True. In this case
I am setting a role that should be denied access to the requested page
eventhough the user is authenticated. But the code below always results in a
redirection to the protected page. In this website there is only one page in
the root directory (Login.aspx) and there is a Public subfolder which has two
pages RegUpdate.aspx and Appt.aspx.

For authenticated users the redirection happens just fine. But, somehow, I
thought the following line would fail for denied roles:

'Redirect the request
FormsAuthentication.RedirectFromLoginPage(Trim(sUserName), False)

What I am missing?

********************CODE************
Partial Class Login
Inherits System.Web.UI.Page

Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load

End Sub

Private Function CheckPassWord(ByVal sUser As String, ByVal sPassword As
String) As Boolean
Session("WebRoles") = "Photog" 'THIS ROLE IS NOT ALLOWED ACCESSED TO
THE PUBLIC FOLDER PER WEB.CONFIG FILE.
Return True
End Function


Protected Sub btnLogIn_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles btnLogIn.Click
Try
If Not (Session("UserName")) Is Nothing Then
FormsAuthentication.SignOut()
End If

Select Case CheckPassWord(Trim(tbUserName.Text),
Trim(tbPassWord.Text))

Case True
Call RedirectUser(Trim(tbUserName.Text))
Case False
lblmsg.Text = "UserName or Password not found. Please
try again." + vbCrLf + lblmsg.Text
ViewState("tries") = ViewState("tries") + 1
If ViewState("tries") > 3 Then
Response.Redirect("Denied.aspx")
End If
End Select
Catch ex As Exception

End Try
End Sub

Private Sub RedirectUser(ByVal sUserName As String)

'create authentication ticket
Dim authTicket As New FormsAuthenticationTicket(1, sUserName,
DateTime.Now, DateTime.Now.AddMinutes(20), False, Session("WebRoles"))

'Create encrypted string representation of ticket
Dim sEncryptedTicket As String = ""
Try
sEncryptedTicket = FormsAuthentication.Encrypt(authTicket)
Catch ex As Exception
Session("StringEncrptFailed") = ex.Message
End Try

'Store it within a HttpCookie Object
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, sEncryptedTicket)
authCookie.Path = FormsAuthentication.FormsCookiePath
Dim strCookiePath As String = authCookie.Path
'Add it the cookie to the outgoing cookie collection
Try
Response.Cookies.Add(authCookie)
Catch ex As Exception
Session("CookieAddFailed") = ex.Message
End Try

'Redirect the request
FormsAuthentication.RedirectFromLoginPage(Trim(sUserName), False)

End Sub

End Class
*************WEB.CONFIG FILE*******
<?xml version="1.0"?>
..
..
..
<system.web>
..
..
..
<roleManager enabled ="true" />
<authentication mode="Forms">
<forms name="Appointment" loginUrl="Login.aspx" slidingExpiration="true"
protection="All" timeout="20" path="/">
<credentials passwordFormat="Clear"></credentials>
</forms>
</authentication>
<machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate"/>
<authorization>
<deny users="?"/>
</authorization>
</system.web>

<location path="Public">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Public"/>
<deny roles="Photog"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
..
..
..
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top