H
Homa
Hi,
I am using a role-based Forms Authentication. I have several
directories that have different levels of authorization. When I try to
access another directory, the page bounce me back to the login page
everytime. After I re-login, I can access the page.
I can't figure out what happened. I saved the roles to the User so
when I access another page, they should able to see that before they
bounce me out.
Here is the settings:
I have a directory structure: //root/secure/admin/ where "secure" and
"admin" requires authorization.
in the "secure" directory, I have:
<configuration>
<system.web>
<customErrors mode="Off"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
in the "admin" directory, I have:
<configuration>
<system.web>
<customErrors mode="Off"/>
<authorization>
<allow roles="Admin"/>
<deny users="?" />
</authorization>
</system.web>
</configuration>
and in the Application_AuthenticateRequest event, I have:
if (Request.IsAuthenticated)
{
string[] roles = rtkShirts.Component.adminBO.getPrivilege(HttpContext.Current.User.Identity.Name);
if (roles != null)
{
HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(User.Identity, roles);
}
}
I test the page as follows:
1. go to a page under "secure" directory.
2. bounced to login.aspx (under root)
3. logged in, return to the page I suppose to go (and I check in the
Application_AuthenticateRequest event that I have "Admin" as one of
the entry inside [string[] roles]).
4. I click on a link to a page under "secure/admin"
5. I got bounced back to login.aspx (shouldn't happen)
6. I re-login and now I reach the page I want to go.
Please help. I'm pretty new to the field so please pardon me if some
of the wording I used sounds funny.
Thanks for concern,
Homa Wong
I am using a role-based Forms Authentication. I have several
directories that have different levels of authorization. When I try to
access another directory, the page bounce me back to the login page
everytime. After I re-login, I can access the page.
I can't figure out what happened. I saved the roles to the User so
when I access another page, they should able to see that before they
bounce me out.
Here is the settings:
I have a directory structure: //root/secure/admin/ where "secure" and
"admin" requires authorization.
in the "secure" directory, I have:
<configuration>
<system.web>
<customErrors mode="Off"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
in the "admin" directory, I have:
<configuration>
<system.web>
<customErrors mode="Off"/>
<authorization>
<allow roles="Admin"/>
<deny users="?" />
</authorization>
</system.web>
</configuration>
and in the Application_AuthenticateRequest event, I have:
if (Request.IsAuthenticated)
{
string[] roles = rtkShirts.Component.adminBO.getPrivilege(HttpContext.Current.User.Identity.Name);
if (roles != null)
{
HttpContext.Current.User = new
System.Security.Principal.GenericPrincipal(User.Identity, roles);
}
}
I test the page as follows:
1. go to a page under "secure" directory.
2. bounced to login.aspx (under root)
3. logged in, return to the page I suppose to go (and I check in the
Application_AuthenticateRequest event that I have "Admin" as one of
the entry inside [string[] roles]).
4. I click on a link to a page under "secure/admin"
5. I got bounced back to login.aspx (shouldn't happen)
6. I re-login and now I reach the page I want to go.
Please help. I'm pretty new to the field so please pardon me if some
of the wording I used sounds funny.
Thanks for concern,
Homa Wong