Link to home
Start Free TrialLog in
Avatar of DexterJones
DexterJones

asked on

login page - form auth

Hi,

Presently when user has entered his u/p it checks the database and redirects them to defualt.aspx (i'm not sure why to defualt.aspx)

Please kindly assist how can we redirect specific users to their designated web pages:

if role is 1 then goto admin.aspx
if role is 2 then goto power.aspx
if role is 3 then goto standard.aspx


----------------------------------------------------------------------------------------------
------------------------------------------------------------------------web.config
----------------------------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
        <deny users="?" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
----------------------------------------------------------------------------------------------
----------------------------------------------------------------------------Login.aspx
----------------------------------------------------------------------------------------------
VarDatabaseEmployeeID
VarDatabaseRole

--database will return 1 if user exists in the database.
if RecordCount > 0 then
HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(VarDatabaseEmployeeID), New String() {VarDatabaseRole})

else
response.redirect("login.aspx")
System.Web.Security.FormsAuthentication.SignOut()
endif
.....
.....
----------------------------------------------------------------------------------------------
------------------------------------------------------------------------admin page
----------------------------------------------------------------------------------------------
page_load
If Me.User.IsInRole <> "1" Then
response.redirect("login.aspx")
System.Web.Security.FormsAuthentication.SignOut()
endif
.....
.....

ASKER CERTIFIED SOLUTION
Avatar of GavinMannion
GavinMannion
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of DexterJones
DexterJones

ASKER

GavinMannion,

When I tired to login the error popup, please kindly assist how can we troubleshoot further?

Thanks.

Exception Type:        System.Configuration.ConfigurationException
Exception Message:     It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS. (c:\inetpub\wwwroot\test\web.config line 6)
Exception Source:      System.Web
Exception Target Site: CacheLookup



----------------------------------------------------------------web.config  in the folder c:\inetpub\wwwroot\test\
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
      <allow roles="21" />
      <deny users="*" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
Avatar of GavinMannion
GavinMannion
Not sure why you accepted my answer if you are getting errors? But anyway :)

Go into IIS, right click the folder called 'test' go to properties... Button on the bottom right says [Create]. Click it..

This should solve that problem
Avatar of DexterJones
DexterJones

ASKER

Change done. I can't login it redirects me to the login page everytime. Please kindly assist how can we troubleshoot further?

Do we need to import something in the login page?

Thanks.




---------------------------------------------------------------------------------------------Login.aspx
<%@ Page Language="VB" smartnavigation="True" Debug="true" %>
<%@ Import Namespace="System.Web.Security " %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SqlClient" %>


login_click()
......
            returnaccessvalue = cmd.Parameters("@RETURN_VALUE").Value
            'HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(txtusername.Text), New String() {returnaccessvalue})

            Select Case returnaccessvalue
                   
                Case "21"
                    Response.Redirect("/test/admin.aspx")
                Case "22"
                    Response.Redirect("/test/power.aspx")
                Case "33"
                    Response.Redirect("/test/standard.aspx")

end sub

----------------------------------------------------------------web.config  in the folder c:\inetpub\wwwroot\test\
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
  <system.web>
      <authentication mode="Forms">
        <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
      </authentication>
      <authorization>
     <allow roles="21" />
     <deny users="*" />
      </authorization>
    <globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
  </system.web>
</configuration>
Avatar of GavinMannion
GavinMannion
Dexter, none of you code is authenticating the user?

You have the correct namespaces imported.

Where are you doing your actual authentication?
Avatar of DexterJones
DexterJones

ASKER

GavinMannion,

I'm using the ms sql database to authenticate. utilizing stored procedure to return the role.

create proc MyProc
@username
@password
as
select roleID from MyTable
where username= @username
and password =@password

You're right, how do we authenticate using forms auth ?

Thanks.

Avatar of GavinMannion
GavinMannion
Dexter.

Please post the code for Method login_click()

When the user puts his username and password in he hits a button. What runs next?
Avatar of DexterJones
DexterJones

ASKER

GavinMannion,

login_click()

        Dim cmd As SqlCommand = con.CreateCommand()
        cmd.CommandType = CommandType.StoredProcedure
        cmd.CommandText = "SP_user"
        cmd.Parameters.Add(New SqlParameter("@RETURN_VALUE", SqlDbType.Int, 4, ParameterDirection.ReturnValue, False, CType(0, Byte), CType(0, Byte), "", DataRowVersion.Current, Nothing))
        cmd.Parameters.Add("@myusername", SqlDbType.VarChar).Value = txtusername.Text
        cmd.Parameters.Add("@mypassword", SqlDbType.VarChar).Value = txtuserpassword.Text
        con.Open()
        cmd.ExecuteNonQuery()
        Dim returnvalue As String = cmd.Parameters("@RETURN_VALUE").Value
        If returnvalue > 0 Then
returnaccessvalue = cmd.Parameters("@RETURN_VALUE").Value
            'HttpContext.Current.User = New System.Security.Principal.GenericPrincipal(New System.Security.Principal.GenericIdentity(txtusername.Text), New String() {returnaccessvalue})

            Select Case returnaccessvalue
                   
                Case "21"
                    Response.Redirect("/test/admin.aspx")
                Case "22"
                    Response.Redirect("/test/power.aspx")
                Case "33"
                    Response.Redirect("/test/standard.aspx")
   endif
end sub
Avatar of GavinMannion
GavinMannion
Okay but you have still not put in the line of code I first posted?

FormsAuthentication.SetAuthCookie(UserName, false)

Try put it just under your If returnvalue statement....