DexterJones
asked on
login page - form auth
Hi,
Presently when user has entered his u/p it checks the database and redirects them to defualt.aspx (i'm not sure why to defualt.aspx)
Please kindly assist how can we redirect specific users to their designated web pages:
if role is 1 then goto admin.aspx
if role is 2 then goto power.aspx
if role is 3 then goto standard.aspx
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- --------
-------------------------- ---------- ---------- ---------- ---------- ------web. config
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- --------
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
</system.web>
</configuration>
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- --------
-------------------------- ---------- ---------- ---------- ---------- ---------- Login.aspx
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- --------
VarDatabaseEmployeeID
VarDatabaseRole
--database will return 1 if user exists in the database.
if RecordCount > 0 then
HttpContext.Current.User = New System.Security.Principal. GenericPri ncipal(New System.Security.Principal. GenericIde ntity(VarD atabaseEmp loyeeID), New String() {VarDatabaseRole})
else
response.redirect("login.a spx")
System.Web.Security.FormsA uthenticat ion.SignOu t()
endif
.....
.....
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- --------
-------------------------- ---------- ---------- ---------- ---------- ------admi n page
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- --------
page_load
If Me.User.IsInRole <> "1" Then
response.redirect("login.a spx")
System.Web.Security.FormsA uthenticat ion.SignOu t()
endif
.....
.....
Presently when user has entered his u/p it checks the database and redirects them to defualt.aspx (i'm not sure why to defualt.aspx)
Please kindly assist how can we redirect specific users to their designated web pages:
if role is 1 then goto admin.aspx
if role is 2 then goto power.aspx
if role is 3 then goto standard.aspx
--------------------------
--------------------------
--------------------------
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
</system.web>
</configuration>
--------------------------
--------------------------
--------------------------
VarDatabaseEmployeeID
VarDatabaseRole
--database will return 1 if user exists in the database.
if RecordCount > 0 then
HttpContext.Current.User = New System.Security.Principal.
else
response.redirect("login.a
System.Web.Security.FormsA
endif
.....
.....
--------------------------
--------------------------
--------------------------
page_load
If Me.User.IsInRole <> "1" Then
response.redirect("login.a
System.Web.Security.FormsA
endif
.....
.....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not sure why you accepted my answer if you are getting errors? But anyway :)
Go into IIS, right click the folder called 'test' go to properties... Button on the bottom right says [Create]. Click it..
This should solve that problem
Go into IIS, right click the folder called 'test' go to properties... Button on the bottom right says [Create]. Click it..
This should solve that problem
ASKER
Change done. I can't login it redirects me to the login page everytime. Please kindly assist how can we troubleshoot further?
Do we need to import something in the login page?
Thanks.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- -------Log in.aspx
<%@ Page Language="VB" smartnavigation="True" Debug="true" %>
<%@ Import Namespace="System.Web.Secu rity " %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.Sql Client" %>
login_click()
......
returnaccessvalue = cmd.Parameters("@RETURN_VA LUE").Valu e
'HttpContext.Current.User = New System.Security.Principal. GenericPri ncipal(New System.Security.Principal. GenericIde ntity(txtu sername.Te xt), New String() {returnaccessvalue})
Select Case returnaccessvalue
Case "21"
Response.Redirect("/test/a dmin.aspx" )
Case "22"
Response.Redirect("/test/p ower.aspx" )
Case "33"
Response.Redirect("/test/s tandard.as px")
end sub
-------------------------- ---------- ---------- ---------- --------we b.config in the folder c:\inetpub\wwwroot\test\
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
</authentication>
<authorization>
<allow roles="21" />
<deny users="*" />
</authorization>
<globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
</system.web>
</configuration>
Do we need to import something in the login page?
Thanks.
--------------------------
<%@ Page Language="VB" smartnavigation="True" Debug="true" %>
<%@ Import Namespace="System.Web.Secu
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.Sql
login_click()
......
returnaccessvalue = cmd.Parameters("@RETURN_VA
'HttpContext.Current.User = New System.Security.Principal.
Select Case returnaccessvalue
Case "21"
Response.Redirect("/test/a
Case "22"
Response.Redirect("/test/p
Case "33"
Response.Redirect("/test/s
end sub
--------------------------
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
</authentication>
<authorization>
<allow roles="21" />
<deny users="*" />
</authorization>
<globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
</system.web>
</configuration>
Dexter, none of you code is authenticating the user?
You have the correct namespaces imported.
Where are you doing your actual authentication?
You have the correct namespaces imported.
Where are you doing your actual authentication?
ASKER
GavinMannion,
I'm using the ms sql database to authenticate. utilizing stored procedure to return the role.
create proc MyProc
@username
@password
as
select roleID from MyTable
where username= @username
and password =@password
You're right, how do we authenticate using forms auth ?
Thanks.
I'm using the ms sql database to authenticate. utilizing stored procedure to return the role.
create proc MyProc
@username
@password
as
select roleID from MyTable
where username= @username
and password =@password
You're right, how do we authenticate using forms auth ?
Thanks.
Dexter.
Please post the code for Method login_click()
When the user puts his username and password in he hits a button. What runs next?
Please post the code for Method login_click()
When the user puts his username and password in he hits a button. What runs next?
ASKER
GavinMannion,
login_click()
Dim cmd As SqlCommand = con.CreateCommand()
cmd.CommandType = CommandType.StoredProcedur e
cmd.CommandText = "SP_user"
cmd.Parameters.Add(New SqlParameter("@RETURN_VALU E", SqlDbType.Int, 4, ParameterDirection.ReturnV alue, False, CType(0, Byte), CType(0, Byte), "", DataRowVersion.Current, Nothing))
cmd.Parameters.Add("@myuse rname", SqlDbType.VarChar).Value = txtusername.Text
cmd.Parameters.Add("@mypas sword", SqlDbType.VarChar).Value = txtuserpassword.Text
con.Open()
cmd.ExecuteNonQuery()
Dim returnvalue As String = cmd.Parameters("@RETURN_VA LUE").Valu e
If returnvalue > 0 Then
returnaccessvalue = cmd.Parameters("@RETURN_VA LUE").Valu e
'HttpContext.Current.User = New System.Security.Principal. GenericPri ncipal(New System.Security.Principal. GenericIde ntity(txtu sername.Te xt), New String() {returnaccessvalue})
Select Case returnaccessvalue
Case "21"
Response.Redirect("/test/a dmin.aspx" )
Case "22"
Response.Redirect("/test/p ower.aspx" )
Case "33"
Response.Redirect("/test/s tandard.as px")
endif
end sub
login_click()
Dim cmd As SqlCommand = con.CreateCommand()
cmd.CommandType = CommandType.StoredProcedur
cmd.CommandText = "SP_user"
cmd.Parameters.Add(New SqlParameter("@RETURN_VALU
cmd.Parameters.Add("@myuse
cmd.Parameters.Add("@mypas
con.Open()
cmd.ExecuteNonQuery()
Dim returnvalue As String = cmd.Parameters("@RETURN_VA
If returnvalue > 0 Then
returnaccessvalue = cmd.Parameters("@RETURN_VA
'HttpContext.Current.User = New System.Security.Principal.
Select Case returnaccessvalue
Case "21"
Response.Redirect("/test/a
Case "22"
Response.Redirect("/test/p
Case "33"
Response.Redirect("/test/s
endif
end sub
Okay but you have still not put in the line of code I first posted?
FormsAuthentication.SetAut hCookie(Us erName, false)
Try put it just under your If returnvalue statement....
FormsAuthentication.SetAut
Try put it just under your If returnvalue statement....
ASKER
When I tired to login the error popup, please kindly assist how can we troubleshoot further?
Thanks.
Exception Type: System.Configuration.Confi
Exception Message: It is an error to use a section registered as allowDefinition='MachineTo
Exception Source: System.Web
Exception Target Site: CacheLookup
--------------------------
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" />
</authentication>
<authorization>
<allow roles="21" />
<deny users="*" />
</authorization>
<globalization requestEncoding="UTF-8" responseEncoding="UTF-8" />
</system.web>
</configuration>