Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Authentication: Need to re-login for every directory

Reply
Thread Tools

Authentication: Need to re-login for every directory

 
 
Homa
Guest
Posts: n/a
 
      10-29-2003
Hi,
I am using a role-based Forms Authentication. I have several
directories that have different levels of authorization. When I try to
access another directory, the page bounce me back to the login page
everytime. After I re-login, I can access the page.

I can't figure out what happened. I saved the roles to the User so
when I access another page, they should able to see that before they
bounce me out.

Here is the settings:

I have a directory structure: //root/secure/admin/ where "secure" and
"admin" requires authorization.

in the "secure" directory, I have:
<configuration>
<system.web>
<customErrors mode="Off"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

in the "admin" directory, I have:
<configuration>
<system.web>
<customErrors mode="Off"/>
<authorization>
<allow roles="Admin"/>
<deny users="?" />
</authorization>
</system.web>
</configuration>

and in the Application_AuthenticateRequest event, I have:
if (Request.IsAuthenticated)
{
string[] roles = rtkShirts.Component.adminBO.getPrivilege(HttpConte xt.Current.User.Identity.Name);
if (roles != null)
{
HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(User.Id entity, roles);
}
}

I test the page as follows:
1. go to a page under "secure" directory.
2. bounced to login.aspx (under root)
3. logged in, return to the page I suppose to go (and I check in the
Application_AuthenticateRequest event that I have "Admin" as one of
the entry inside [string[] roles]).
4. I click on a link to a page under "secure/admin"
5. I got bounced back to login.aspx (shouldn't happen)
6. I re-login and now I reach the page I want to go.


Please help. I'm pretty new to the field so please pardon me if some
of the wording I used sounds funny.

Thanks for concern,
Homa Wong
 
Reply With Quote
 
 
 
 
Homa
Guest
Posts: n/a
 
      10-29-2003
Hi,
nevermind. I found out what's the problem. I'm using VS.NET to
develop the page. And I set the page to start at the page within the
secure folder. For some reason, the very first request made by VS.NET
is different than the others. ASP.NET consider it as a different user,
so that's why I ask me to login twice. After I logged in the second
time, everything works fine; same as when I run the site directly by
typing the URL in browser.

Thanks and Happy programming.

Homa Wong

http://www.velocityreviews.com/forums/(E-Mail Removed) (Homa) wrote in message news:<(E-Mail Removed). com>...
> Hi,
> I am using a role-based Forms Authentication. I have several
> directories that have different levels of authorization. When I try to
> access another directory, the page bounce me back to the login page
> everytime. After I re-login, I can access the page.
>
> I can't figure out what happened. I saved the roles to the User so
> when I access another page, they should able to see that before they
> bounce me out.
>
> Here is the settings:
>
> I have a directory structure: //root/secure/admin/ where "secure" and
> "admin" requires authorization.
>
> in the "secure" directory, I have:
> <configuration>
> <system.web>
> <customErrors mode="Off"/>
> <authorization>
> <deny users="?" />
> </authorization>
> </system.web>
> </configuration>
>
> in the "admin" directory, I have:
> <configuration>
> <system.web>
> <customErrors mode="Off"/>
> <authorization>
> <allow roles="Admin"/>
> <deny users="?" />
> </authorization>
> </system.web>
> </configuration>
>
> and in the Application_AuthenticateRequest event, I have:
> if (Request.IsAuthenticated)
> {
> string[] roles = rtkShirts.Component.adminBO.getPrivilege(HttpConte xt.Current.User.Identity.Name);
> if (roles != null)
> {
> HttpContext.Current.User = new
> System.Security.Principal.GenericPrincipal(User.Id entity, roles);
> }
> }
>
> I test the page as follows:
> 1. go to a page under "secure" directory.
> 2. bounced to login.aspx (under root)
> 3. logged in, return to the page I suppose to go (and I check in the
> Application_AuthenticateRequest event that I have "Admin" as one of
> the entry inside [string[] roles]).
> 4. I click on a link to a page under "secure/admin"
> 5. I got bounced back to login.aspx (shouldn't happen)
> 6. I re-login and now I reach the page I want to go.
>
>
> Please help. I'm pretty new to the field so please pardon me if some
> of the wording I used sounds funny.
>
> Thanks for concern,
> Homa Wong

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict access to a directory, for every user Brian Roisentul ASP .Net Security 0 09-22-2008 08:45 PM
ASA server allows every user in Active Directory to get in! Richard Herb Cisco 4 02-14-2008 08:40 PM
Explorer.exe error report every time access every type of video me =?Utf-8?B?SXJ3YW5zeWFo?= ASP .Net 4 10-30-2007 07:49 AM
System.IO.Directory.GetDirectories() and System.IO.Directory.GetFiles() are not returning the specified directory Nathan Sokalski ASP .Net 2 09-06-2007 03:58 PM
Why does aspnet_regiis -c put the aspnet_client directory under every website? richard.warner@zurich.com ASP .Net 0 08-16-2005 09:34 AM



Advertisments