RedirectFromLoginPage not redirecting

[sean]

I'm attempting to use Forms/Roles based authentication and
authorization. A subdirectory's web.config allows only
"Admin" roles and it does kick browsers to a login page.
However...when supplying proper credentials to the login
page I'm never actually redirected to the page in the
protected subdirectory. I've stepped through the code in
the debugger and I can see the connection to the db open
and the names of the roles getting fed to a cookie all just
fine but at the last the redirect never happens. There's a
blink (postback I'm assuming) and I stay at the login page.

Any help greatly appreciated. Code to follow..
..........................................................
web.config of protected directory:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
..........................................................

..........................................................
code in login.aspx onClick event handler:

Dim cookieRoles As New StringBuilder

While reader.Read()
cookieRoles.Append(reader("Role").
ToString())
cookieRoles.Append(".")
End While

' Save the Roles in a client Cookie for
future requests
Dim RoleCookie As HttpCookie = New
HttpCookie("Roles")

RoleCookie.Value = cookieRoles.ToString()

Response.Cookies.Add(RoleCookie)

FormsAuthentication.
RedirectFromLoginPage(UserName.Text, PersistCookie.Checked)

..........................................................

 

[Janaka]

If your wanting to use role-based authentication then you need to get the
role information into the forms authentication ticket.
Don't worry about making another cookie for your roles. Just redirect from
login as you've done.
In your global.asax try the following:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

{

if (Request.IsAuthenticated)

{

string authName = Context.User.Identity.Name;

// Get the role to store

string[] roles = cookieRoles.Split(','); // this can be your own
implementation

// Add a principal

GenericIdentity thisIdentity = new GenericIdentity(authName);


Context.User = new GenericPrincipal(thisIdentity, roles);

}

}

 

[sean]

Should have added..I have the following in my global.asax.
vb and still no redirect:

Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal e As EventArgs)
Dim context As HttpContext = HttpContext.Current
If Not context.User Is Nothing AndAlso context.
User.Identity.IsAuthenticated Then
Dim userIdentity As GenericIdentity = New
GenericIdentity(context.User.Identity.Name, "Forms")
Dim userPrincipal As GenericPrincipal = New
GenericPrincipal(userIdentity, context.Request.
Cookies("Roles").Value.Split("."))
context.User = userPrincipal
End If
End Sub

thanks,
s~

-----Original Message-----
If your wanting to use role-based authentication then you need to get the
role information into the forms authentication ticket.
Don't worry about making another cookie for your roles. Just redirect from
login as you've done.
In your global.asax try the following:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

{

if (Request.IsAuthenticated)

{

string authName = Context.User.Identity.Name;

// Get the role to store

string[] roles = cookieRoles.Split(','); // this can be your own
implementation

// Add a principal

GenericIdentity thisIdentity = new GenericIdentity(authName);


Context.User = new GenericPrincipal(thisIdentity, roles);

}

}

I'm attempting to use Forms/Roles based authentication and
authorization. A subdirectory's web.config allows only
"Admin" roles and it does kick browsers to a login page.
However...when supplying proper credentials to the login
page I'm never actually redirected to the page in the
protected subdirectory. I've stepped through the code in
the debugger and I can see the connection to the db open
and the names of the roles getting fed to a cookie all just
fine but at the last the redirect never happens. There's a
blink (postback I'm assuming) and I stay at the login page.

Any help greatly appreciated. Code to follow..
........................................................ ..
web.config of protected directory:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
........................................................ ..

........................................................ ..
code in login.aspx onClick event handler:

Dim cookieRoles As New StringBuilder

While reader.Read()
cookieRoles.Append(reader("Role").
ToString())
cookieRoles.Append(".")
End While

' Save the Roles in a client Cookie for
future requests
Dim RoleCookie As HttpCookie = New
HttpCookie("Roles")

RoleCookie.Value = cookieRoles.ToString()

Response.Cookies.Add(RoleCookie)

FormsAuthentication.
RedirectFromLoginPage(UserName.Text, PersistCookie. Checked)

........................................................ ..

.

 

[Janaka]

sean

try using the FormsAuthentication.GetAuthCookie() method instead and then
doing a manual Response.Redirect()

Janaka

Should have added..I have the following in my global.asax.
vb and still no redirect:

Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal e As EventArgs)
Dim context As HttpContext = HttpContext.Current
If Not context.User Is Nothing AndAlso context.
User.Identity.IsAuthenticated Then
Dim userIdentity As GenericIdentity = New
GenericIdentity(context.User.Identity.Name, "Forms")
Dim userPrincipal As GenericPrincipal = New
GenericPrincipal(userIdentity, context.Request.
Cookies("Roles").Value.Split("."))
context.User = userPrincipal
End If
End Sub

thanks,
s~

-----Original Message-----
If your wanting to use role-based authentication then you need to get the
role information into the forms authentication ticket.
Don't worry about making another cookie for your roles. Just redirect from
login as you've done.
In your global.asax try the following:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

{

if (Request.IsAuthenticated)

{

string authName = Context.User.Identity.Name;

// Get the role to store

string[] roles = cookieRoles.Split(','); // this can be your own
implementation

// Add a principal

GenericIdentity thisIdentity = new GenericIdentity(authName);


Context.User = new GenericPrincipal(thisIdentity, roles);

}

}

I'm attempting to use Forms/Roles based authentication and
authorization. A subdirectory's web.config allows only
"Admin" roles and it does kick browsers to a login page.
However...when supplying proper credentials to the login
page I'm never actually redirected to the page in the
protected subdirectory. I've stepped through the code in
the debugger and I can see the connection to the db open
and the names of the roles getting fed to a cookie all just
fine but at the last the redirect never happens. There's a
blink (postback I'm assuming) and I stay at the login page.

Any help greatly appreciated. Code to follow..
........................................................ .
web.config of protected directory:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
........................................................ .

........................................................ .
code in login.aspx onClick event handler:

Dim cookieRoles As New StringBuilder

While reader.Read()
cookieRoles.Append(reader("Role").
ToString())
cookieRoles.Append(".")
End While

' Save the Roles in a client Cookie for
future requests
Dim RoleCookie As HttpCookie = New
HttpCookie("Roles")

RoleCookie.Value = cookieRoles.ToString()

Response.Cookies.Add(RoleCookie)

FormsAuthentication.
RedirectFromLoginPage(UserName.Text, PersistCookie. Checked)

........................................................ .

.

 

[sean]

On the response.redirect I get System.Threading.
ThreadAbortException and continue to get no redirect...

thx for the feedback Janaka
S~

-----Original Message-----
sean

try using the FormsAuthentication.GetAuthCookie() method instead and then
doing a manual Response.Redirect()

Janaka

Should have added..I have the following in my global. asax.
vb and still no redirect:

Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal e As EventArgs)
Dim context As HttpContext = HttpContext.Current
If Not context.User Is Nothing AndAlso context.
User.Identity.IsAuthenticated Then
Dim userIdentity As GenericIdentity = New
GenericIdentity(context.User.Identity.Name, "Forms")
Dim userPrincipal As GenericPrincipal = New
GenericPrincipal(userIdentity, context.Request.
Cookies("Roles").Value.Split("."))
context.User = userPrincipal
End If
End Sub

thanks,
s~

-----Original Message-----
If your wanting to use role-based authentication then

you
need to get the

role information into the forms authentication ticket.
Don't worry about making another cookie for your roles. Just redirect from
login as you've done.
In your global.asax try the following:

protected void Application_AuthenticateRequest(Object sender, EventArgs e)

{

if (Request.IsAuthenticated)

{

string authName = Context.User.Identity.Name;

// Get the role to store

string[] roles = cookieRoles.Split(','); // this can be your own
implementation

// Add a principal

GenericIdentity thisIdentity = new GenericIdentity(authName);


Context.User = new GenericPrincipal(thisIdentity, roles);

}

}


I'm attempting to use Forms/Roles based

authentication
and

authorization. A subdirectory's web.config allows only
"Admin" roles and it does kick browsers to a login page.
However...when supplying proper credentials to the login
page I'm never actually redirected to the page in the
protected subdirectory. I've stepped through the code in
the debugger and I can see the connection to the db open
and the names of the roles getting fed to a cookie

all
just

fine but at the last the redirect never happens.

There's
a

blink (postback I'm assuming) and I stay at the login page.

Any help greatly appreciated. Code to follow..
.....................................................

....
.

web.config of protected directory:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
.....................................................

....
.

.....................................................

....
.

code in login.aspx onClick event handler:

Dim cookieRoles As New StringBuilder

While reader.Read()
cookieRoles.Append(reader("Role").
ToString())
cookieRoles.Append(".")
End While

' Save the Roles in a client Cookie for
future requests
Dim RoleCookie As HttpCookie = New
HttpCookie("Roles")

RoleCookie.Value = cookieRoles.ToString()

Response.Cookies.Add(RoleCookie)

FormsAuthentication.
RedirectFromLoginPage(UserName.Text, PersistCookie. Checked)

.....................................................

....
.

.

.

 

[carol]

I just solved the SAME problem with my site. The problem was solved after the following 3 things were corrected on the web server. There actually wasn't anything that needed to be changed with the code

1 - make sure the server's system ennvironment variable PATH contains the path to the directory where .NET is installed.

2 - make sure the subdirectories that contain the protected pages are not set up as applications within IIS

3 - make sure web sharing is turned on for those same subdirectorie

Good Luck
- Carol

 

[carol]

Another possible solution may be found in this link re: your threadabort error:
http://support.microsoft.com/default.aspx?scid=kb;en-us;31262

For what it's worth, here's my global.asax code, different from yours..

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
'this fires each time someone hits a protected page. If they're alread
'logged on, this routine checks their role in the cookie an
'displays the page if they are authorized

'find this user's cookie that was created when the user logged o
Dim cookieName As String = FormsAuthentication.FormsCookieNam
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName

If authCookie Is Nothing The
'there's no authentication cooki
Retur
End I
'extract and decrypt the authentication ticket from the forms authentication cooki
Dim authTicket As FormsAuthenticationTicket = Nothin
Tr
authTicket = FormsAuthentication.Decrypt(authCookie.Value
Catch 'unforseen erro
Retur
End Tr
If authTicket Is Nothing The
'cookie failed to decryp
Retur
End I
'extract the roles from the user's cooki
'When the ticket was created, the UserData property was assigned
'comma delimited string of role names
Dim roles As String() = authTicket.UserData.Split(","
'Create an Identity objec
Dim id As FormsIdentity = New FormsIdentity(authTicket
'This principal will flow throughout the request
Dim principal As GenericPrincipal = New GenericPrincipal(id, roles
'Attach the new principal object to the current HttpContext objec
Context.User = principa

End Su

good luc
- Carol