Forms Authentication. Roles problem in IIS7. Any idea? Anyone?


S

shapper

Hello,

I have my own membership system but that uses form authentication.

I am able to login and logout with not problems both when I am testing
the web application in VS2008 or in IIS 7.

However, while in VS2008 testing, after login, the user gets its roles
in IIS7 the user contains no roles.

I really have no idea why this is happening ... specially because it
is only Roles in IIS7!

My Login code:

User user = _userService.GetByUsername(username);
if (user != null) {

// Create authentication ticket
FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(1, user.Username, DateTime.UtcNow,
DateTime.UtcNow.AddMinutes(30), true, String.Join(",",
user.Roles.Select(r => r.Name).ToArray()),
FormsAuthentication.FormsCookiePath);

// Encrypt cookie with machine key
String hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie
(FormsAuthentication.FormsCookieName, hash);

// Define experation time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;

// Add cookie to outgoing response
HttpContext.Current.Response.Cookies.Add(cookie);

And I have the following module:

// MembershipModule
public class MembershipModule : IHttpModule {

public void Init(HttpApplication application) {

application.AuthenticateRequest += new EventHandler
(this.OnAuthenticateRequest);

} // Init

public void Dispose() {
} // Dispose

public void OnAuthenticateRequest(Object sender, EventArgs e) {

// Check current user
if (HttpContext.Current.User != null) {

// Check if authenticated
if (HttpContext.Current.User.Identity.IsAuthenticated) {

// Check identity
if (HttpContext.Current.User.Identity is FormsIdentity) {

// Define ticket
FormsAuthenticationTicket ticket =
FormsAuthentication.Decrypt(HttpContext.Current.Request.Cookies
[FormsAuthentication.FormsCookieName].Value);

// Define roles
String[] roles = ticket.UserData.Split(',');

// Define user
FormsIdentity id = (FormsIdentity)
HttpContext.Current.User.Identity;
HttpContext.Current.User = new GenericPrincipal(id,
roles);

}
}
}

} // OnAuthenticateRequest

Does anyone has any idea what is going wrong?

Thanks,
Miguel
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top