We help IT Professionals succeed at work.

login page - form auth

DexterJones
DexterJones asked
on
Medium Priority
423 Views
Last Modified: 2012-06-21
Hi,

Presently when user has entered his u/p it checks the database and redirects them to defualt.aspx (i'm not sure why to defualt.aspx)

Please kindly assist how can we redirect specific users to their designated web pages:

if role is 1 then goto admin.aspx
if role is 2 then goto power.aspx
if role is 3 then goto standard.aspx


----------------------------------------------------------------------------------------------
------------------------------------------------------------------------web.config
----------------------------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
        <deny users="?" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------Login.aspx
----------------------------------------------------------------------------------------------
VarDatabaseEmployeeID
VarDatabaseRole

--database will return 1 if user exists in the database.
if RecordCount > 0 then
HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(VarDatabaseEmployeeID), New String() {VarDatabaseRole})

else
response.redirect("login.aspx")
System.Web.Security.FormsAuthentication.SignOut()
endif
.....
.....
----------------------------------------------------------------------------------------------
------------------------------------------------------------------------admin page
----------------------------------------------------------------------------------------------
page_load
If Me.User.IsInRole <> "1" Then
response.redirect("login.aspx")
System.Web.Security.FormsAuthentication.SignOut()
endif
.....
.....

Comment
Watch Question

Without seeing the code I would guess you have something like

FormsAuthentication.RedirectFromLoginPage(User, true);

This will redirect back to the page that was requested. If you want to send them somewhere else use

FormsAuthentication.SetAuthCookie(UserName, false);
If Me.User.IsInRole == "1" Then
response.redirect("admin.aspx")

or whatever...

HTH

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
GavinMannion,

When I tired to login the error popup, please kindly assist how can we troubleshoot further?

Thanks.

Exception Type:        System.Configuration.ConfigurationException
Exception Message:     It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS. (c:\inetpub\wwwroot\test\web.config line 6)
Exception Source:      System.Web
Exception Target Site: CacheLookup



----------------------------------------------------------------web.config  in the folder c:\inetpub\wwwroot\test\
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
      <allow roles="21" />
      <deny users="*" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
Not sure why you accepted my answer if you are getting errors? But anyway :)

Go into IIS, right click the folder called 'test' go to properties... Button on the bottom right says [Create]. Click it..

This should solve that problem

Author

Commented:
Change done. I can't login it redirects me to the login page everytime. Please kindly assist how can we troubleshoot further?

Do we need to import something in the login page?

Thanks.




---------------------------------------------------------------------------------------------Login.aspx
<%@ Page Language="VB" smartnavigation="True" Debug="true" %>
<%@ Import Namespace="System.Web.Security " %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SqlClient" %>


login_click()
......
            returnaccessvalue = cmd.Parameters("@RETURN_VALUE").Value
            'HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(txtusername.Text), New String() {returnaccessvalue})

            Select Case returnaccessvalue
                   
                Case "21"
                    Response.Redirect("/test/admin.aspx")
                Case "22"
                    Response.Redirect("/test/power.aspx")
                Case "33"
                    Response.Redirect("/test/standard.aspx")

end sub

----------------------------------------------------------------web.config  in the folder c:\inetpub\wwwroot\test\
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
     <allow roles="21" />
     <deny users="*" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
Dexter, none of you code is authenticating the user?

You have the correct namespaces imported.

Where are you doing your actual authentication?

Author

Commented:
GavinMannion,

I'm using the ms sql database to authenticate. utilizing stored procedure to return the role.

create proc MyProc
@username
@password
as
select roleID from MyTable
where username= @username
and password =@password

You're right, how do we authenticate using forms auth ?

Thanks.

Dexter.

Please post the code for Method login_click()

When the user puts his username and password in he hits a button. What runs next?

Author

Commented:
GavinMannion,

login_click()

        Dim cmd As SqlCommand = con.CreateCommand()
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SP_user"
        cmd.Parameters.Add(New SqlParameter("@RETURN_VALUE", SqlDbType.Int, 4, ParameterDirection.ReturnValue, False, CType(0, Byte), CType(0, Byte), "", DataRowVersion.Current, Nothing))
        cmd.Parameters.Add("@myusername", SqlDbType.VarChar).Value = txtusername.Text
        cmd.Parameters.Add("@mypassword", SqlDbType.VarChar).Value = txtuserpassword.Text
        con.Open()
        cmd.ExecuteNonQuery()
        Dim returnvalue As String = cmd.Parameters("@RETURN_VALUE").Value
        If returnvalue > 0 Then
returnaccessvalue = cmd.Parameters("@RETURN_VALUE").Value
            'HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(txtusername.Text), New String() {returnaccessvalue})

            Select Case returnaccessvalue
                   
                Case "21"
                    Response.Redirect("/test/admin.aspx")
                Case "22"
                    Response.Redirect("/test/power.aspx")
                Case "33"
                    Response.Redirect("/test/standard.aspx")
   endif
end sub
Okay but you have still not put in the line of code I first posted?

FormsAuthentication.SetAuthCookie(UserName, false)

Try put it just under your If returnvalue statement....
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.