web.config login problem

[Guest]

Hi,

I have a default.aspx which allows the user to choose between module Admin
and module B. When the user clicks either one, he will be redirected to a
FormsAuthentication login page. The problem I have is that currently, users
of one module are able to access the other since I have only 1 login page.
How do I prevent this ?

I am not sure how to go about configuring the web.config file for having 2
modules that have a separate set of users for each. The files are all in the
same directory. Do I have to modify the Admins role in the authorization tag
in the web.config file. if yes, then how does this "roles" keyword relate to
my c# code ?
eg.
<authorization>
<allow roles="Admins"/>
</authorization>

Am I on the right path ? Any help appreaciated.
regards,
andrew

 

[Guest]

I think you could resolve this by having two separate roles.

Admin and ModuleB

Then just do a check using IsInRole.

http://msdn.microsoft.com/library/d...ncipalWindowsPrincipalClassIsInRoleTopic2.asp

 

[Guest]

Hi,

Thanks for your reply.
From my understanding of the url u gave me, the role refers to the the name
of the Windows user group for which to check membership. However, the "Admin"
role that I have for my users are just for my application. Am I right ?

regards,
andrew

 

[Guest]

When you use FormsAuthentication you are actually getting a new user context.

This is how you would access the role assignments.
HttpContext.Current.User.IsInRole("ModuleB")

You may want to test for whether the current user is authenticated with
something like this.
HttpContext.Current.Request.IsAuthenticated

These links may make more sense.
http://aspnet.4guysfromrolla.com/articles/082703-1.2.aspx
http://dotnet.org.za/stuartg/articles/1415.aspx

You are probably better off breaking the two areas into subfolders. Each
subfolder could have it's own config file specifying the role access.

Alternatively, you could create an admin base page and a module b base page
where you test for roles. Then make sure relevant pages inherit from the
right one. If the roles overlap then maybe admin inherits from module b.

 

[Guest]

Thanks for the links, very informative articles.

When you use FormsAuthentication you are actually getting a new user context.

This is how you would access the role assignments.
HttpContext.Current.User.IsInRole("ModuleB")

You may want to test for whether the current user is authenticated with
something like this.
HttpContext.Current.Request.IsAuthenticated

These links may make more sense.
http://aspnet.4guysfromrolla.com/articles/082703-1.2.aspx
http://dotnet.org.za/stuartg/articles/1415.aspx

You are probably better off breaking the two areas into subfolders. Each
subfolder could have it's own config file specifying the role access.

Alternatively, you could create an admin base page and a module b base page
where you test for roles. Then make sure relevant pages inherit from the
right one. If the roles overlap then maybe admin inherits from module b.

 

[Guest]

hi,

I've written the code for the login using the genericprincipal class etc.
However, I got the error at "Thread was aborted" on my Login.aspx. I can't
figure out why. The debugger jumps to the exception at the
"Response.Redirect" (last) line:

FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
(string)Session["UserLoginName"], DateTime.Now, DateTime.Now.AddMinutes(30),
false, (string)Session["UserDomain"]);
// Encrypt the ticket
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket as data
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection
Response.Cookies.Add(authCookie);
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text, true));

Any help is appreciated. Thanks

regards,
andrew