?
Solved

login page - form auth

Posted on 2006-03-22
9
Medium Priority
?
403 Views
Last Modified: 2012-06-21
Hi,

Presently when user has entered his u/p it checks the database and redirects them to defualt.aspx (i'm not sure why to defualt.aspx)

Please kindly assist how can we redirect specific users to their designated web pages:

if role is 1 then goto admin.aspx
if role is 2 then goto power.aspx
if role is 3 then goto standard.aspx


----------------------------------------------------------------------------------------------
------------------------------------------------------------------------web.config
----------------------------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
        <deny users="?" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------Login.aspx
----------------------------------------------------------------------------------------------
VarDatabaseEmployeeID
VarDatabaseRole

--database will return 1 if user exists in the database.
if RecordCount > 0 then
HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(VarDatabaseEmployeeID), New String() {VarDatabaseRole})

else
response.redirect("login.aspx")
System.Web.Security.FormsAuthentication.SignOut()
endif
.....
.....
----------------------------------------------------------------------------------------------
------------------------------------------------------------------------admin page
----------------------------------------------------------------------------------------------
page_load
If Me.User.IsInRole <> "1" Then
response.redirect("login.aspx")
System.Web.Security.FormsAuthentication.SignOut()
endif
.....
.....

0
Comment
Question by:DexterJones
  • 5
  • 4
9 Comments
 
LVL 15

Accepted Solution

by:
GavinMannion earned 2000 total points
ID: 16256368
Without seeing the code I would guess you have something like

FormsAuthentication.RedirectFromLoginPage(User, true);

This will redirect back to the page that was requested. If you want to send them somewhere else use

FormsAuthentication.SetAuthCookie(UserName, false);
If Me.User.IsInRole == "1" Then
response.redirect("admin.aspx")

or whatever...

HTH
0
 

Author Comment

by:DexterJones
ID: 16256778
GavinMannion,

When I tired to login the error popup, please kindly assist how can we troubleshoot further?

Thanks.

Exception Type:        System.Configuration.ConfigurationException
Exception Message:     It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS. (c:\inetpub\wwwroot\test\web.config line 6)
Exception Source:      System.Web
Exception Target Site: CacheLookup



----------------------------------------------------------------web.config  in the folder c:\inetpub\wwwroot\test\
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
      <allow roles="21" />
      <deny users="*" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
0
 
LVL 15

Expert Comment

by:GavinMannion
ID: 16256950
Not sure why you accepted my answer if you are getting errors? But anyway :)

Go into IIS, right click the folder called 'test' go to properties... Button on the bottom right says [Create]. Click it..

This should solve that problem
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:DexterJones
ID: 16257034
Change done. I can't login it redirects me to the login page everytime. Please kindly assist how can we troubleshoot further?

Do we need to import something in the login page?

Thanks.




---------------------------------------------------------------------------------------------Login.aspx
<%@ Page Language="VB" smartnavigation="True" Debug="true" %>
<%@ Import Namespace="System.Web.Security " %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SqlClient" %>


login_click()
......
            returnaccessvalue = cmd.Parameters("@RETURN_VALUE").Value
            'HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(txtusername.Text), New String() {returnaccessvalue})

            Select Case returnaccessvalue
                   
                Case "21"
                    Response.Redirect("/test/admin.aspx")
                Case "22"
                    Response.Redirect("/test/power.aspx")
                Case "33"
                    Response.Redirect("/test/standard.aspx")

end sub

----------------------------------------------------------------web.config  in the folder c:\inetpub\wwwroot\test\
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
     <allow roles="21" />
     <deny users="*" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
0
 
LVL 15

Expert Comment

by:GavinMannion
ID: 16257060
Dexter, none of you code is authenticating the user?

You have the correct namespaces imported.

Where are you doing your actual authentication?
0
 

Author Comment

by:DexterJones
ID: 16257088
GavinMannion,

I'm using the ms sql database to authenticate. utilizing stored procedure to return the role.

create proc MyProc
@username
@password
as
select roleID from MyTable
where username= @username
and password =@password

You're right, how do we authenticate using forms auth ?

Thanks.

0
 
LVL 15

Expert Comment

by:GavinMannion
ID: 16257203
Dexter.

Please post the code for Method login_click()

When the user puts his username and password in he hits a button. What runs next?
0
 

Author Comment

by:DexterJones
ID: 16258402
GavinMannion,

login_click()

        Dim cmd As SqlCommand = con.CreateCommand()
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SP_user"
        cmd.Parameters.Add(New SqlParameter("@RETURN_VALUE", SqlDbType.Int, 4, ParameterDirection.ReturnValue, False, CType(0, Byte), CType(0, Byte), "", DataRowVersion.Current, Nothing))
        cmd.Parameters.Add("@myusername", SqlDbType.VarChar).Value = txtusername.Text
        cmd.Parameters.Add("@mypassword", SqlDbType.VarChar).Value = txtuserpassword.Text
        con.Open()
        cmd.ExecuteNonQuery()
        Dim returnvalue As String = cmd.Parameters("@RETURN_VALUE").Value
        If returnvalue > 0 Then
returnaccessvalue = cmd.Parameters("@RETURN_VALUE").Value
            'HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(txtusername.Text), New String() {returnaccessvalue})

            Select Case returnaccessvalue
                   
                Case "21"
                    Response.Redirect("/test/admin.aspx")
                Case "22"
                    Response.Redirect("/test/power.aspx")
                Case "33"
                    Response.Redirect("/test/standard.aspx")
   endif
end sub
0
 
LVL 15

Expert Comment

by:GavinMannion
ID: 16260622
Okay but you have still not put in the line of code I first posted?

FormsAuthentication.SetAuthCookie(UserName, false)

Try put it just under your If returnvalue statement....
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question