Authentication: Need to re-login for every directory

H

Homa

Hi,
I am using a role-based Forms Authentication. I have several
directories that have different levels of authorization. When I try to
access another directory, the page bounce me back to the login page
everytime. After I re-login, I can access the page.

I can't figure out what happened. I saved the roles to the User so
when I access another page, they should able to see that before they
bounce me out.

Here is the settings:

I have a directory structure: //root/secure/admin/ where "secure" and
"admin" requires authorization.

in the "secure" directory, I have:
<configuration>
<system.web>
<customErrors mode="Off"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

in the "admin" directory, I have:
<configuration>
<system.web>
<customErrors mode="Off"/>
<authorization>
<allow roles="Admin"/>
<deny users="?" />
</authorization>
</system.web>
</configuration>

and in the Application_AuthenticateRequest event, I have:
if (Request.IsAuthenticated)
{
string[] roles = rtkShirts.Component.adminBO.getPrivilege(HttpContext.Current.User.Identity.Name);
if (roles != null)
{
HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(User.Identity, roles);
}
}

I test the page as follows:
1. go to a page under "secure" directory.
2. bounced to login.aspx (under root)
3. logged in, return to the page I suppose to go (and I check in the
Application_AuthenticateRequest event that I have "Admin" as one of
the entry inside [string[] roles]).
4. I click on a link to a page under "secure/admin"
5. I got bounced back to login.aspx (shouldn't happen)
6. I re-login and now I reach the page I want to go.


Please help. I'm pretty new to the field so please pardon me if some
of the wording I used sounds funny.

Thanks for concern,
Homa Wong
 
H

Homa

Hi,
nevermind. I found out what's the problem. I'm using VS.NET to
develop the page. And I set the page to start at the page within the
secure folder. For some reason, the very first request made by VS.NET
is different than the others. ASP.NET consider it as a different user,
so that's why I ask me to login twice. After I logged in the second
time, everything works fine; same as when I run the site directly by
typing the URL in browser.

Thanks and Happy programming.

Homa Wong
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,994
Messages
2,570,223
Members
46,813
Latest member
lawrwtwinkle111

Latest Threads

Top