Form Authentication - Roles - Always returns to login screen

L

Laurie Dvorak

I'm using forms authentication and I want to limit access to certain
directories only to users with certain roles. I have the following code
(simplified to isolate problem):

Web.config (main directory)
<authentication mode="Forms">
<forms name="WhsWebAuth" loginUrl="~/login.aspx" protection="None"
timeout="30"/>
</authentication>

Web.config (directory I want to protect)
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>

login.aspx.cs
protected void OnButtonLoginClick(object sender,
System.Web.UI.ImageClickEventArgs e)
{
FormsAuthentication.RedirectFromLoginPage(textBoxUsername.Text, false);
}

global.asax.cs
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.Request.IsAuthenticated)
{
string[] roles = new string[]{"Admin"};
HttpContext.Current.User = new
GenericPrincipal(HttpContext.Current.User.Identity, roles);
}
}

This works fine on my devolopment machine and I've used it before on another
website. However, I'm working a new website and when I run it on the
client's ISP's server I can never get past the login screen. If I try to
go to a page in the protected directory it brings up the login screen
(fine). I login and then it immediately returns to the login screen. Even
if I try to manually type in the page I'm trying to go to after the login,
it returns me back to the login screen (so it's not just a matter of the
redirect failing). It's as if the roles that are being set in the
global.asax.cs file are being lost somehow.

I'm thinking the problem must lie in how the ISP has the IIS server setup
since this works fine on my machine and has worked on another website.
However since it is an ISP, I cannot look at the server myself and I'm not
sure what would cause this anyways.

Ideas anyone?

Thanks in advance,
Laurie
 
B

Brock Allen

In your login page (for diagnostic reasons) print out the User.Identity.Name
and User.IsInRole("Admin"). Typically when you login and then are redirected
back to the login page, you are still logged in, it's just that security
for that page disallowed access. So, print out that diagnostic info to see
if you're really losing the auth info.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top