Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Forms Auth (roles being ignored)

Reply
Thread Tools

Forms Auth (roles being ignored)

 
 
WhiskeyRomeo
Guest
Posts: n/a
 
      09-11-2007
Please ignore my previous post as I am way past that now.

Below is the code I am using in the login page. Below that are settings
within Web.config file. The procedure responsible for checking the password
just sets a session variable call "WebRoles" and returns True. In this case
I am setting a role that should be denied access to the requested page
eventhough the user is authenticated. But the code below always results in a
redirection to the protected page. In this website there is only one page in
the root directory (Login.aspx) and there is a Public subfolder which has two
pages RegUpdate.aspx and Appt.aspx.

For authenticated users the redirection happens just fine. But, somehow, I
thought the following line would fail for denied roles:

'Redirect the request
FormsAuthentication.RedirectFromLoginPage(Trim(sUs erName), False)

What I am missing?

********************CODE************
Partial Class Login
Inherits System.Web.UI.Page

Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load

End Sub

Private Function CheckPassWord(ByVal sUser As String, ByVal sPassword As
String) As Boolean
Session("WebRoles") = "Photog" 'THIS ROLE IS NOT ALLOWED ACCESSED TO
THE PUBLIC FOLDER PER WEB.CONFIG FILE.
Return True
End Function


Protected Sub btnLogIn_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles btnLogIn.Click
Try
If Not (Session("UserName")) Is Nothing Then
FormsAuthentication.SignOut()
End If

Select Case CheckPassWord(Trim(tbUserName.Text),
Trim(tbPassWord.Text))

Case True
Call RedirectUser(Trim(tbUserName.Text))
Case False
lblmsg.Text = "UserName or Password not found. Please
try again." + vbCrLf + lblmsg.Text
ViewState("tries") = ViewState("tries") + 1
If ViewState("tries") > 3 Then
Response.Redirect("Denied.aspx")
End If
End Select
Catch ex As Exception

End Try
End Sub

Private Sub RedirectUser(ByVal sUserName As String)

'create authentication ticket
Dim authTicket As New FormsAuthenticationTicket(1, sUserName,
DateTime.Now, DateTime.Now.AddMinutes(20), False, Session("WebRoles"))

'Create encrypted string representation of ticket
Dim sEncryptedTicket As String = ""
Try
sEncryptedTicket = FormsAuthentication.Encrypt(authTicket)
Catch ex As Exception
Session("StringEncrptFailed") = ex.Message
End Try

'Store it within a HttpCookie Object
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, sEncryptedTicket)
authCookie.Path = FormsAuthentication.FormsCookiePath
Dim strCookiePath As String = authCookie.Path
'Add it the cookie to the outgoing cookie collection
Try
Response.Cookies.Add(authCookie)
Catch ex As Exception
Session("CookieAddFailed") = ex.Message
End Try

'Redirect the request
FormsAuthentication.RedirectFromLoginPage(Trim(sUs erName), False)

End Sub

End Class
*************WEB.CONFIG FILE*******
<?xml version="1.0"?>
..
..
..
<system.web>
..
..
..
<roleManager enabled ="true" />
<authentication mode="Forms">
<forms name="Appointment" loginUrl="Login.aspx" slidingExpiration="true"
protection="All" timeout="20" path="/">
<credentials passwordFormat="Clear"></credentials>
</forms>
</authentication>
<machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate"/>
<authorization>
<deny users="?"/>
</authorization>
</system.web>

<location path="Public">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Public"/>
<deny roles="Photog"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
..
..
..
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
windows auth and forms auth Smokey Grindle ASP .Net 1 06-08-2006 03:14 PM
Forms Auth Info passed to Windows Auth? golem_95@yahoo.com ASP .Net Security 1 05-03-2005 11:47 AM
Windows Auth, but Forms Auth for one page? =?Utf-8?B?ZGhucml2ZXJzaWRl?= ASP .Net 1 01-08-2005 05:50 PM
Configuring Windows Auth & Forms Auth in Asp.Net Chris Mohan ASP .Net Security 2 04-29-2004 06:46 AM
Configuring Windows Auth & Forms Auth in Asp.Net =?Utf-8?B?Q2hyaXMgTW9oYW4=?= ASP .Net 0 04-28-2004 06:11 PM



Advertisments