Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Forms Authentication with Role Authorization
Message
From
13/09/2003 19:39:38
Keith Payne
Technical Marketing Solutions
Florida, United States
 
 
To
All
General information
Forum:
ASP.NET
Category:
Security
Title:
Forms Authentication with Role Authorization
Miscellaneous
Thread ID:
00828798
Message ID:
00828798
Views:
50
For some reason, I cannot get forms authentication and role-based authorization to work together. Everything looks okay during the trace, except that I continue to be redirected to the login page, even after I am authenticated. I'm sure it has something to do with the authorization, but I have stared at the same blocks of code/xml for an hour now, and I can't see anything wrong.

The page I am trying to access is in a folder off of the root. The folder is a separate Application, as far as IIS is concerned.

Application root Web.Config
		<authentication mode="Forms">
			<forms name=".TMSServiceFormsAuth" protection="All" 
timeout="30" loginUrl="login.aspx" />
		</authentication>
		<authorization>
			<allow users="*" /> <!-- Allow all users -->
		</authorization>
Sub-directory Web.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
	<system.web>
		<authorization>
			<!-- Order and case are important below -->
			<allow roles="Administrator, LeadReportClient"/>
			<deny users="*"/>
		</authorization>
	</system.web>
</configuration>
Login.aspx.vb:
        If ws.Validate(txtUserEmail.Text, txtPassword.Text) Then
            FormsAuthentication.Initialize()
            Dim Roles As String = ws.GetRoles(txtUserEmail.Text)

            Dim fat As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _
txtUserEmail.Text, DateTime.Now, DateTime.Now.AddMinutes(30), _
chkPersist.Checked, Roles, FormsAuthentication.FormsCookiePath)
            Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, _
FormsAuthentication.Encrypt(fat)))
            Response.Redirect( _
FormsAuthentication.GetRedirectUrl(txtUserEmail.Text, chkPersist.Checked))
        Else
            Msg.Text = "Invalid Credentials: Please try again."
        End If
Global.asax.vb:
    Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
        ' Fires upon attempting to authenticate the use
        If (Not HttpContext.Current.User Is Nothing) _
            AndAlso (HttpContext.Current.User.Identity.IsAuthenticated) _
            AndAlso (TypeOf HttpContext.Current.User.Identity Is FormsIdentity) Then
            Dim UserIdentity As FormsIdentity = HttpContext.Current.User.Identity
            Dim ticket As FormsAuthenticationTicket = UserIdentity.Ticket

            Dim Roles() As String = ticket.UserData.Split(",")
            HttpContext.Current.User = New GenericPrincipal(UserIdentity, Roles)
        End If
    End Sub
At the line "HttpContext.Current.User = New GenericPrincipal(UserIdentity, Roles)" in global.asax.vb, the user is authenticated with the role of "LeadReportClient". The authentication cookie is attached to the Request with the name ".TMSServiceFormsAuth".

What the hell am I missing? TIA.
Next
Reply
Map
View

Click here to load this message in the networking platform