T
Trollpower
Hello NG,
ive got authentication mode Forms. To access the root directory the
user needs to authenticate using the login form. Additionally ive got a
subfolder where the user has to authenticate again if he has not a
specific role ( which might be different from the root directory).
Everything works great so far, but as soon as the user returns from the
subfolder, there is no check for the right role. For example: The user
logs in at the rootDir with Role "A" (which is the only allowed role
here). He moves on to the subfolder and logs in as role "B". Now he
returns to the root directory ( still as role "B"), but no check for
the allowed role is made.
Does anyone know why the appropriate check isnt made here again (he
doesnt get redirected to the login page). While in the subfolder the
user has role "B" only, since i made a whole new assignment to the
FormsAuthenticationTicket using role "B" only. The siwtch back to the
root Dir is made with a Button not with the Backbutton of the Browser.
If i make a FormAuthentication.SignOut() the login-page appears, but i
dont want to use this call since it is possible that the user takes the
credentials of a user who has both roles "A" and "B", so that he dont
have to login to the subfolder. If he returns to the rootfolder that
way he has to login again, though he has a valid role for the
rootdirectory.
Any hints on how to solve the problem is appreciated.
Jens
ive got authentication mode Forms. To access the root directory the
user needs to authenticate using the login form. Additionally ive got a
subfolder where the user has to authenticate again if he has not a
specific role ( which might be different from the root directory).
Everything works great so far, but as soon as the user returns from the
subfolder, there is no check for the right role. For example: The user
logs in at the rootDir with Role "A" (which is the only allowed role
here). He moves on to the subfolder and logs in as role "B". Now he
returns to the root directory ( still as role "B"), but no check for
the allowed role is made.
Does anyone know why the appropriate check isnt made here again (he
doesnt get redirected to the login page). While in the subfolder the
user has role "B" only, since i made a whole new assignment to the
FormsAuthenticationTicket using role "B" only. The siwtch back to the
root Dir is made with a Button not with the Backbutton of the Browser.
If i make a FormAuthentication.SignOut() the login-page appears, but i
dont want to use this call since it is possible that the user takes the
credentials of a user who has both roles "A" and "B", so that he dont
have to login to the subfolder. If he returns to the rootfolder that
way he has to login again, though he has a valid role for the
rootdirectory.
Any hints on how to solve the problem is appreciated.
Jens