login page - form auth

Hi,

Presently when user has entered his u/p it checks the database and redirects them to defualt.aspx (i'm not sure why to defualt.aspx)

Please kindly assist how can we redirect specific users to their designated web pages:

if role is 1 then goto admin.aspx
if role is 2 then goto power.aspx
if role is 3 then goto standard.aspx


----------------------------------------------------------------------------------------------
------------------------------------------------------------------------web.config
----------------------------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
        <deny users="?" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------Login.aspx
----------------------------------------------------------------------------------------------
VarDatabaseEmployeeID
VarDatabaseRole

--database will return 1 if user exists in the database.
if RecordCount > 0 then
HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(VarDatabaseEmployeeID), New String() {VarDatabaseRole})

else
response.redirect("login.aspx")
System.Web.Security.FormsAuthentication.SignOut()
endif
.....
.....
----------------------------------------------------------------------------------------------
------------------------------------------------------------------------admin page
----------------------------------------------------------------------------------------------
page_load
If Me.User.IsInRole <> "1" Then
response.redirect("login.aspx")
System.Web.Security.FormsAuthentication.SignOut()
endif
.....
.....

DexterJonesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GavinMannionCommented:
Without seeing the code I would guess you have something like

FormsAuthentication.RedirectFromLoginPage(User, true);

This will redirect back to the page that was requested. If you want to send them somewhere else use

FormsAuthentication.SetAuthCookie(UserName, false);
If Me.User.IsInRole == "1" Then
response.redirect("admin.aspx")

or whatever...

HTH
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DexterJonesAuthor Commented:
GavinMannion,

When I tired to login the error popup, please kindly assist how can we troubleshoot further?

Thanks.

Exception Type:        System.Configuration.ConfigurationException
Exception Message:     It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS. (c:\inetpub\wwwroot\test\web.config line 6)
Exception Source:      System.Web
Exception Target Site: CacheLookup



----------------------------------------------------------------web.config  in the folder c:\inetpub\wwwroot\test\
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
      <allow roles="21" />
      <deny users="*" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
0
GavinMannionCommented:
Not sure why you accepted my answer if you are getting errors? But anyway :)

Go into IIS, right click the folder called 'test' go to properties... Button on the bottom right says [Create]. Click it..

This should solve that problem
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

DexterJonesAuthor Commented:
Change done. I can't login it redirects me to the login page everytime. Please kindly assist how can we troubleshoot further?

Do we need to import something in the login page?

Thanks.




---------------------------------------------------------------------------------------------Login.aspx
<%@ Page Language="VB" smartnavigation="True" Debug="true" %>
<%@ Import Namespace="System.Web.Security " %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SqlClient" %>


login_click()
......
            returnaccessvalue = cmd.Parameters("@RETURN_VALUE").Value
            'HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(txtusername.Text), New String() {returnaccessvalue})

            Select Case returnaccessvalue
                   
                Case "21"
                    Response.Redirect("/test/admin.aspx")
                Case "22"
                    Response.Redirect("/test/power.aspx")
                Case "33"
                    Response.Redirect("/test/standard.aspx")

end sub

----------------------------------------------------------------web.config  in the folder c:\inetpub\wwwroot\test\
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
     <allow roles="21" />
     <deny users="*" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
0
GavinMannionCommented:
Dexter, none of you code is authenticating the user?

You have the correct namespaces imported.

Where are you doing your actual authentication?
0
DexterJonesAuthor Commented:
GavinMannion,

I'm using the ms sql database to authenticate. utilizing stored procedure to return the role.

create proc MyProc
@username
@password
as
select roleID from MyTable
where username= @username
and password =@password

You're right, how do we authenticate using forms auth ?

Thanks.

0
GavinMannionCommented:
Dexter.

Please post the code for Method login_click()

When the user puts his username and password in he hits a button. What runs next?
0
DexterJonesAuthor Commented:
GavinMannion,

login_click()

        Dim cmd As SqlCommand = con.CreateCommand()
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SP_user"
        cmd.Parameters.Add(New SqlParameter("@RETURN_VALUE", SqlDbType.Int, 4, ParameterDirection.ReturnValue, False, CType(0, Byte), CType(0, Byte), "", DataRowVersion.Current, Nothing))
        cmd.Parameters.Add("@myusername", SqlDbType.VarChar).Value = txtusername.Text
        cmd.Parameters.Add("@mypassword", SqlDbType.VarChar).Value = txtuserpassword.Text
        con.Open()
        cmd.ExecuteNonQuery()
        Dim returnvalue As String = cmd.Parameters("@RETURN_VALUE").Value
        If returnvalue > 0 Then
returnaccessvalue = cmd.Parameters("@RETURN_VALUE").Value
            'HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(txtusername.Text), New String() {returnaccessvalue})

            Select Case returnaccessvalue
                   
                Case "21"
                    Response.Redirect("/test/admin.aspx")
                Case "22"
                    Response.Redirect("/test/power.aspx")
                Case "33"
                    Response.Redirect("/test/standard.aspx")
   endif
end sub
0
GavinMannionCommented:
Okay but you have still not put in the line of code I first posted?

FormsAuthentication.SetAuthCookie(UserName, false)

Try put it just under your If returnvalue statement....
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.