Forms Authentication and Session Variables

[Schultz]

I am having two problems in the application I am building, the first
has to do with forms authentication.

The application has three different login pages:
1- for admins
2- for users
3- for guest access (to view data entered by the users)

Each page is programmed to create a custom forms authentication cookie
that stores what access level they are, which would prevent a guest
from accessing an admin page, etc. When I tested the guest, user, and
admin logins, individually, and I could access each page that i
protected. How do fix this problem?

Another problem I have is that when users login, i store information in
session variables. Why do the session variables delete after, accessing
several pages, within the session time limit, or recieving an error?

Thanks for your help,
Schultz

 

[Tod Birdsall]

Hi Schultz,

What you are trying to accomplish is done using role-based
authentication. You can find an article on how to implement this on
4GuysFromRolla's site:

http://aspnet.4guysfromrolla.com/articles/082703-1.aspx

Hope this helps.

Tod Birdsall, MCP
http://tod1d.blogspot.com

 

[Patrick Olurotimi Ige]

Schultz,
Try looking throught this Article at:-
http://support.microsoft.com/kb/308157/EN-US/
Hope it helps
Patrick

 

[Joe Fallon]

As far as losing the Session variables - if you run InProc then you will
lose them when ASP.Net recycles itself.
This can happen at any time.
Many people recommend not using InProc sessions for Production applications.
If you use a State Server (RAM) then you will not lose the data when ASP.Net
gets recycled since it is out of process.
You could also use a SQL Server database to store the data. (In ver 2.0 I
think you can use any DB.)

 

[schultz.tyler]

Mr. Fallon,

Is the State Server the ASP.NET State Service?

-Schultz

 

[Joe Fallon]

Yep.
It can even be on the same box.
Just enable the service and fill in the IP address in the web.config file.