V
VIC
Hi,
This is really driving me crazy...
I'm working on a web application with different functionality for users in
different roles.
These roles are not Windows accounts!
All user-information is stored in a table. A user-record contains ID,
username, password and role.
All web pages necessary for each role is stored in a special subfolder,
named as the role-name (to keep it simple
.
So, all functionality for role "001", "002", "003", etc. are stored in
respectively subfolders "login/001", "login/002", "login/003", etc.
The database programming is no problem, but how should my web.config looks
like?
I made several Location tags like:
<location path="login">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="login/001">
<system.web>
<authorization>
<allow roles="001" />
<deny roles="002,003,004,005"
users="?" />
</authorization>
</system.web>
</location>
<location path="login/002">
<system.web>
<authorization>
<allow roles="002" />
<deny roles="001,003,004,005"
users="?" />
</authorization>
</system.web>
</location>
etc.
Based on a sample from
http://aspnet.4guysfromrolla.com/articles/082703-1.aspx I wrote the next
code after successful authentication:
Dim sUserRoles(0) As String, sUserNameFromDB, sRoleFromDB As String
sUserRoles(0) = sRoleFromDB
HttpContext.Current.User = New GenericPrincipal(User.Identity, sUserRoles)
FormsAuthentication.RedirectFromLoginPage(sUserNameFromDB, False)
I can't get it work, what I'm doing wrong???
Has it something to do with the order of the Location-tags in web.config?
Any advise is appreciated, thanks in advance!
Regards,
VicWare
Email: (e-mail address removed)
This is really driving me crazy...
I'm working on a web application with different functionality for users in
different roles.
These roles are not Windows accounts!
All user-information is stored in a table. A user-record contains ID,
username, password and role.
All web pages necessary for each role is stored in a special subfolder,
named as the role-name (to keep it simple
.So, all functionality for role "001", "002", "003", etc. are stored in
respectively subfolders "login/001", "login/002", "login/003", etc.
The database programming is no problem, but how should my web.config looks
like?
I made several Location tags like:
<location path="login">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="login/001">
<system.web>
<authorization>
<allow roles="001" />
<deny roles="002,003,004,005"
users="?" />
</authorization>
</system.web>
</location>
<location path="login/002">
<system.web>
<authorization>
<allow roles="002" />
<deny roles="001,003,004,005"
users="?" />
</authorization>
</system.web>
</location>
etc.
Based on a sample from
http://aspnet.4guysfromrolla.com/articles/082703-1.aspx I wrote the next
code after successful authentication:
Dim sUserRoles(0) As String, sUserNameFromDB, sRoleFromDB As String
sUserRoles(0) = sRoleFromDB
HttpContext.Current.User = New GenericPrincipal(User.Identity, sUserRoles)
FormsAuthentication.RedirectFromLoginPage(sUserNameFromDB, False)
I can't get it work, what I'm doing wrong???
Has it something to do with the order of the Location-tags in web.config?
Any advise is appreciated, thanks in advance!
Regards,
VicWare
Email: (e-mail address removed)