A
Archer
I was making a role-based authentication but it does't login with
correct password.
the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.
in the cs files, i write the code below
protected void SubmitBtn_Click(Object sender, EventArgs e)
{
if (Authenticate(UserName.Text, Password.Text))
{
FormsAuthentication.Initialize();
SqlConnection dsn = new
SqlConnection(ConfigurationSettings.AppSettings["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlStr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@UserId",
SqlDbType.NVarChar, 20);
myUserId.Value = UserName.Text.Trim();
myCommand.Parameters.Add(myUserId);
bool bIsAdmin =
Convert.ToBoolean(myCommand.ExecuteScalar().ToString());
dsn.Close();
string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.aspx";
Session["TeacherID"]=teacherID;
}
//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), true, strRole,
FormsAuthentication.FormsCookiePath);
HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)));
FormsAuthentication.SetAuthCookie(UserName.Text,true);
//Cache.Add(UserName.Text,strRole,null,DateTime.MaxValue,TimeSpan.FromHours(1),CacheItemPriority.BelowNormal,null);
string strRedirect =
FormsAuthentication.GetRedirectUrl(UserName.Text,true);
if(strRedirect=="/iPage/default.aspx")
Response.Redirect(strDefault);
else
Response.Redirect(strRedirect);
}
else
{
ErrorMsg.Visible = true;
}
}
the web.config file of subdir i wanted to protected is
<configuration>
<location path="digitaladmin.aspx">
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
and the Application_AuthenticateRequest in Global.asax.cs is
if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity.GetType() ==
typeof(FormsIdentity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Current.User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
String[] astrRoles = fat.UserData.Split('|');
HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
}
}
}
any help would be appreciate!
correct password.
the HttpContext.Current.User recieved in Global.asax is always null.
Request.IsAuthenticated is always false.
in the cs files, i write the code below
protected void SubmitBtn_Click(Object sender, EventArgs e)
{
if (Authenticate(UserName.Text, Password.Text))
{
FormsAuthentication.Initialize();
SqlConnection dsn = new
SqlConnection(ConfigurationSettings.AppSettings["conn"]);
string SqlStr = "select IsAdmin from systeacherList where
teacherAccount = @UserId";
SqlCommand myCommand = new SqlCommand(SqlStr,dsn);
dsn.Open();
SqlParameter myUserId = new SqlParameter("@UserId",
SqlDbType.NVarChar, 20);
myUserId.Value = UserName.Text.Trim();
myCommand.Parameters.Add(myUserId);
bool bIsAdmin =
Convert.ToBoolean(myCommand.ExecuteScalar().ToString());
dsn.Close();
string strRole = "";
string strDefault = "";
if(bIsAdmin)
{
strRole = "Admin";
strDefault = "/iPage/Admin/adminindex.aspx";
}
else
{
strRole = "Teacher";
strDefault = "/iPage/Admin/digitaladmin.aspx";
Session["TeacherID"]=teacherID;
}
//The AddMinutes determines how long the user will be logged in
after leaving
//the site if he doesn't log off.
FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
UserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(30), true, strRole,
FormsAuthentication.FormsCookiePath);
HttpContext.Current.Response.Cookies.Add(new
HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(fat)));
FormsAuthentication.SetAuthCookie(UserName.Text,true);
//Cache.Add(UserName.Text,strRole,null,DateTime.MaxValue,TimeSpan.FromHours(1),CacheItemPriority.BelowNormal,null);
string strRedirect =
FormsAuthentication.GetRedirectUrl(UserName.Text,true);
if(strRedirect=="/iPage/default.aspx")
Response.Redirect(strDefault);
else
Response.Redirect(strRedirect);
}
else
{
ErrorMsg.Visible = true;
}
}
the web.config file of subdir i wanted to protected is
<configuration>
<location path="digitaladmin.aspx">
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow roles="Teacher" />
<deny users="*" />
</authorization>
</system.web>
</location>
<system.web>
<authentication mode="Forms">
<forms name="iPage" loginUrl="/iPage/Login.aspx" />
</authentication>
<authorization>
<allow roles="Admin" />
<allow users="Archer"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
and the Application_AuthenticateRequest in Global.asax.cs is
if (!(HttpContext.Current.User == null))
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity.GetType() ==
typeof(FormsIdentity))
{
FormsIdentity fi = (FormsIdentity)
HttpContext.Current.User.Identity;
FormsAuthenticationTicket fat = fi.Ticket;
String[] astrRoles = fat.UserData.Split('|');
HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
}
}
}
any help would be appreciate!