«

I'm attempting to use Forms/Roles based authentication and
authorization. A subdirectory's web.config allows only
"Admin" roles and it does kick browsers to a login page.
However...when supplying proper credentials to the login
page I'm never actually redirected to the page in the
protected subdirectory. I've stepped through the code in
the debugger and I can see the connection to the db open
and the names of the roles getting fed to a cookie all just
fine but at the last the redirect never happens. There's a
blink (postback I'm assuming) and I stay at the login page.

Any help greatly appreciated. Code to follow..
.................................................. ........
web.config of protected directory:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
.................................................. ........

.................................................. ........
code in login.aspx onClick event handler:

Dim cookieRoles As New StringBuilder

While reader.Read()
cookieRoles.Append(reader("Role").
ToString())
cookieRoles.Append(".")
End While

' Save the Roles in a client Cookie for
future requests
Dim RoleCookie As HttpCookie = New
HttpCookie("Roles")

RoleCookie.Value = cookieRoles.ToString()

Response.Cookies.Add(RoleCookie)

FormsAuthentication.
RedirectFromLoginPage(UserName.Text, PersistCookie.Checked)

.................................................. ........

If your wanting to use role-based authentication then you need to get the
role information into the forms authentication ticket.
Don't worry about making another cookie for your roles. Just redirect from
login as you've done.
In your global.asax try the following:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

{

if (Request.IsAuthenticated)

{

string authName = Context.User.Identity.Name;

// Get the role to store

string[] roles = cookieRoles.Split(','); // this can be your own
implementation

// Add a principal

GenericIdentity thisIdentity = new GenericIdentity(authName);


Context.User = new GenericPrincipal(thisIdentity, roles);

}

}


"sean" <> wrote in message
news:a88e01c43688$08aca1c0$...
> I'm attempting to use Forms/Roles based authentication and
> authorization. A subdirectory's web.config allows only
> "Admin" roles and it does kick browsers to a login page.
> However...when supplying proper credentials to the login
> page I'm never actually redirected to the page in the
> protected subdirectory. I've stepped through the code in
> the debugger and I can see the connection to the db open
> and the names of the roles getting fed to a cookie all just
> fine but at the last the redirect never happens. There's a
> blink (postback I'm assuming) and I stay at the login page.
>
> Any help greatly appreciated. Code to follow..
> .................................................. .......
> web.config of protected directory:
>
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
> <system.web>
> <authorization>
> <allow roles="Administrator" />
> <deny users="*" />
> </authorization>
> </system.web>
> </configuration>
> .................................................. .......
>
> .................................................. .......
> code in login.aspx onClick event handler:
>
> Dim cookieRoles As New StringBuilder
>
> While reader.Read()
> cookieRoles.Append(reader("Role").
> ToString())
> cookieRoles.Append(".")
> End While
>
> ' Save the Roles in a client Cookie for
> future requests
> Dim RoleCookie As HttpCookie = New
> HttpCookie("Roles")
>
> RoleCookie.Value = cookieRoles.ToString()
>
> Response.Cookies.Add(RoleCookie)
>
> FormsAuthentication.
> RedirectFromLoginPage(UserName.Text, PersistCookie.Checked)
>
> .................................................. .......
>
>
>

Should have added..I have the following in my global.asax.
vb and still no redirect:

Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal e As EventArgs)
Dim context As HttpContext = HttpContext.Current
If Not context.User Is Nothing AndAlso context.
User.Identity.IsAuthenticated Then
Dim userIdentity As GenericIdentity = New
GenericIdentity(context.User.Identity.Name, "Forms")
Dim userPrincipal As GenericPrincipal = New
GenericPrincipal(userIdentity, context.Request.
Cookies("Roles").Value.Split("."))
context.User = userPrincipal
End If
End Sub

thanks,
s~

>-----Original Message-----
>If your wanting to use role-based authentication then you
need to get the
>role information into the forms authentication ticket.
>Don't worry about making another cookie for your roles.
Just redirect from
>login as you've done.
>In your global.asax try the following:
>
>protected void Application_AuthenticateRequest(Object
sender, EventArgs e)
>
>{
>
>if (Request.IsAuthenticated)
>
>{
>
> string authName = Context.User.Identity.Name;
>
> // Get the role to store
>
> string[] roles = cookieRoles.Split(','); // this
can be your own
>implementation
>
> // Add a principal
>
> GenericIdentity thisIdentity = new
GenericIdentity(authName);
>
>
> Context.User = new GenericPrincipal(thisIdentity,
roles);
>
>}
>
>}
>
>
>"sean" <> wrote in
message
>news:a88e01c43688$08aca1c0$...
>> I'm attempting to use Forms/Roles based authentication
and
>> authorization. A subdirectory's web.config allows only
>> "Admin" roles and it does kick browsers to a login page.
>> However...when supplying proper credentials to the login
>> page I'm never actually redirected to the page in the
>> protected subdirectory. I've stepped through the code in
>> the debugger and I can see the connection to the db open
>> and the names of the roles getting fed to a cookie all
just
>> fine but at the last the redirect never happens. There's
a
>> blink (postback I'm assuming) and I stay at the login
page.
>>
>> Any help greatly appreciated. Code to follow..
>> .................................................. ......
..
>> web.config of protected directory:
>>
>> <?xml version="1.0" encoding="utf-8" ?>
>> <configuration>
>> <system.web>
>> <authorization>
>> <allow roles="Administrator" />
>> <deny users="*" />
>> </authorization>
>> </system.web>
>> </configuration>
>> .................................................. ......
..
>>
>> .................................................. ......
..
>> code in login.aspx onClick event handler:
>>
>> Dim cookieRoles As New StringBuilder
>>
>> While reader.Read()
>> cookieRoles.Append(reader("Role").
>> ToString())
>> cookieRoles.Append(".")
>> End While
>>
>> ' Save the Roles in a client Cookie for
>> future requests
>> Dim RoleCookie As HttpCookie = New
>> HttpCookie("Roles")
>>
>> RoleCookie.Value = cookieRoles.ToString()
>>
>> Response.Cookies.Add(RoleCookie)
>>
>> FormsAuthentication.
>> RedirectFromLoginPage(UserName.Text, PersistCookie.
Checked)
>>
>> .................................................. ......
..
>>
>>
>>
>
>
>.
>

sean

try using the FormsAuthentication.GetAuthCookie() method instead and then
doing a manual Response.Redirect()

Janaka

"sean" <> wrote in message
news:ace301c43699$b50052d0$...
> Should have added..I have the following in my global.asax.
> vb and still no redirect:
>
> Sub Application_AuthenticateRequest(ByVal sender As Object,
> ByVal e As EventArgs)
> Dim context As HttpContext = HttpContext.Current
> If Not context.User Is Nothing AndAlso context.
> User.Identity.IsAuthenticated Then
> Dim userIdentity As GenericIdentity = New
> GenericIdentity(context.User.Identity.Name, "Forms")
> Dim userPrincipal As GenericPrincipal = New
> GenericPrincipal(userIdentity, context.Request.
> Cookies("Roles").Value.Split("."))
> context.User = userPrincipal
> End If
> End Sub
>
> thanks,
> s~
>
> >-----Original Message-----
> >If your wanting to use role-based authentication then you
> need to get the
> >role information into the forms authentication ticket.
> >Don't worry about making another cookie for your roles.
> Just redirect from
> >login as you've done.
> >In your global.asax try the following:
> >
> >protected void Application_AuthenticateRequest(Object
> sender, EventArgs e)
> >
> >{
> >
> >if (Request.IsAuthenticated)
> >
> >{
> >
> > string authName = Context.User.Identity.Name;
> >
> > // Get the role to store
> >
> > string[] roles = cookieRoles.Split(','); // this
> can be your own
> >implementation
> >
> > // Add a principal
> >
> > GenericIdentity thisIdentity = new
> GenericIdentity(authName);
> >
> >
> > Context.User = new GenericPrincipal(thisIdentity,
> roles);
> >
> >}
> >
> >}
> >
> >
> >"sean" <> wrote in
> message
> >news:a88e01c43688$08aca1c0$...
> >> I'm attempting to use Forms/Roles based authentication
> and
> >> authorization. A subdirectory's web.config allows only
> >> "Admin" roles and it does kick browsers to a login page.
> >> However...when supplying proper credentials to the login
> >> page I'm never actually redirected to the page in the
> >> protected subdirectory. I've stepped through the code in
> >> the debugger and I can see the connection to the db open
> >> and the names of the roles getting fed to a cookie all
> just
> >> fine but at the last the redirect never happens. There's
> a
> >> blink (postback I'm assuming) and I stay at the login
> page.
> >>
> >> Any help greatly appreciated. Code to follow..
> >> .................................................. ......
> .
> >> web.config of protected directory:
> >>
> >> <?xml version="1.0" encoding="utf-8" ?>
> >> <configuration>
> >> <system.web>
> >> <authorization>
> >> <allow roles="Administrator" />
> >> <deny users="*" />
> >> </authorization>
> >> </system.web>
> >> </configuration>
> >> .................................................. ......
> .
> >>
> >> .................................................. ......
> .
> >> code in login.aspx onClick event handler:
> >>
> >> Dim cookieRoles As New StringBuilder
> >>
> >> While reader.Read()
> >> cookieRoles.Append(reader("Role").
> >> ToString())
> >> cookieRoles.Append(".")
> >> End While
> >>
> >> ' Save the Roles in a client Cookie for
> >> future requests
> >> Dim RoleCookie As HttpCookie = New
> >> HttpCookie("Roles")
> >>
> >> RoleCookie.Value = cookieRoles.ToString()
> >>
> >> Response.Cookies.Add(RoleCookie)
> >>
> >> FormsAuthentication.
> >> RedirectFromLoginPage(UserName.Text, PersistCookie.
> Checked)
> >>
> >> .................................................. ......
> .
> >>
> >>
> >>
> >
> >
> >.
> >

On the response.redirect I get System.Threading.
ThreadAbortException and continue to get no redirect...

thx for the feedback Janaka
S~



>-----Original Message-----
>sean
>
>try using the FormsAuthentication.GetAuthCookie() method
instead and then
>doing a manual Response.Redirect()
>
>Janaka
>
>"sean" <> wrote in
message
>news:ace301c43699$b50052d0$...
>> Should have added..I have the following in my global.
asax.
>> vb and still no redirect:
>>
>> Sub Application_AuthenticateRequest(ByVal sender As
Object,
>> ByVal e As EventArgs)
>> Dim context As HttpContext = HttpContext.Current
>> If Not context.User Is Nothing AndAlso context.
>> User.Identity.IsAuthenticated Then
>> Dim userIdentity As GenericIdentity = New
>> GenericIdentity(context.User.Identity.Name, "Forms")
>> Dim userPrincipal As GenericPrincipal = New
>> GenericPrincipal(userIdentity, context.Request.
>> Cookies("Roles").Value.Split("."))
>> context.User = userPrincipal
>> End If
>> End Sub
>>
>> thanks,
>> s~
>>
>> >-----Original Message-----
>> >If your wanting to use role-based authentication then
you
>> need to get the
>> >role information into the forms authentication ticket.
>> >Don't worry about making another cookie for your roles.
>> Just redirect from
>> >login as you've done.
>> >In your global.asax try the following:
>> >
>> >protected void Application_AuthenticateRequest(Object
>> sender, EventArgs e)
>> >
>> >{
>> >
>> >if (Request.IsAuthenticated)
>> >
>> >{
>> >
>> > string authName = Context.User.Identity.Name;
>> >
>> > // Get the role to store
>> >
>> > string[] roles = cookieRoles.Split(','); // this
>> can be your own
>> >implementation
>> >
>> > // Add a principal
>> >
>> > GenericIdentity thisIdentity = new
>> GenericIdentity(authName);
>> >
>> >
>> > Context.User = new GenericPrincipal(thisIdentity,
>> roles);
>> >
>> >}
>> >
>> >}
>> >
>> >
>> >"sean" <> wrote in
>> message
>> >news:a88e01c43688$08aca1c0$...
>> >> I'm attempting to use Forms/Roles based
authentication
>> and
>> >> authorization. A subdirectory's web.config allows
only
>> >> "Admin" roles and it does kick browsers to a login
page.
>> >> However...when supplying proper credentials to the
login
>> >> page I'm never actually redirected to the page in the
>> >> protected subdirectory. I've stepped through the code
in
>> >> the debugger and I can see the connection to the db
open
>> >> and the names of the roles getting fed to a cookie
all
>> just
>> >> fine but at the last the redirect never happens.
There's
>> a
>> >> blink (postback I'm assuming) and I stay at the login
>> page.
>> >>
>> >> Any help greatly appreciated. Code to follow..
>> >> .................................................. ...
....
>> .
>> >> web.config of protected directory:
>> >>
>> >> <?xml version="1.0" encoding="utf-8" ?>
>> >> <configuration>
>> >> <system.web>
>> >> <authorization>
>> >> <allow roles="Administrator" />
>> >> <deny users="*" />
>> >> </authorization>
>> >> </system.web>
>> >> </configuration>
>> >> .................................................. ...
....
>> .
>> >>
>> >> .................................................. ...
....
>> .
>> >> code in login.aspx onClick event handler:
>> >>
>> >> Dim cookieRoles As New StringBuilder
>> >>
>> >> While reader.Read()
>> >> cookieRoles.Append(reader("Role").
>> >> ToString())
>> >> cookieRoles.Append(".")
>> >> End While
>> >>
>> >> ' Save the Roles in a client Cookie for
>> >> future requests
>> >> Dim RoleCookie As HttpCookie = New
>> >> HttpCookie("Roles")
>> >>
>> >> RoleCookie.Value = cookieRoles.ToString()
>> >>
>> >> Response.Cookies.Add(RoleCookie)
>> >>
>> >> FormsAuthentication.
>> >> RedirectFromLoginPage(UserName.Text, PersistCookie.
>> Checked)
>> >>
>> >> .................................................. ...
....
>> .
>> >>
>> >>
>> >>
>> >
>> >
>> >.
>> >
>
>
>.
>

I just solved the SAME problem with my site. The problem was solved after the following 3 things were corrected on the web server. There actually wasn't anything that needed to be changed with the code

1 - make sure the server's system ennvironment variable PATH contains the path to the directory where .NET is installed.

2 - make sure the subdirectories that contain the protected pages are not set up as applications within IIS

3 - make sure web sharing is turned on for those same subdirectorie

Good Luck
- Carol

Another possible solution may be found in this link re: your threadabort error:
http://support.microsoft.com/default...kb;en-us;31262

For what it's worth, here's my global.asax code, different from yours..

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
'this fires each time someone hits a protected page. If they're alread
'logged on, this routine checks their role in the cookie an
'displays the page if they are authorized

'find this user's cookie that was created when the user logged o
Dim cookieName As String = FormsAuthentication.FormsCookieNam
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName

If authCookie Is Nothing The
'there's no authentication cooki
Retur
End I
'extract and decrypt the authentication ticket from the forms authentication cooki
Dim authTicket As FormsAuthenticationTicket = Nothin
Tr
authTicket = FormsAuthentication.Decrypt(authCookie.Value
Catch 'unforseen erro
Retur
End Tr
If authTicket Is Nothing The
'cookie failed to decryp
Retur
End I
'extract the roles from the user's cooki
'When the ticket was created, the UserData property was assigned
'comma delimited string of role names
Dim roles As String() = authTicket.UserData.Split(","
'Create an Identity objec
Dim id As FormsIdentity = New FormsIdentity(authTicket
'This principal will flow throughout the request
Dim principal As GenericPrincipal = New GenericPrincipal(id, roles
'Attach the new principal object to the current HttpContext objec
Context.User = principa

End Su

good luc
- Carol