claracruz
asked on
Forms authentication
Hello experts,
I have a weird problem, I don't know what am missing.
I log a user in no problem doing the following;-
protected void Button2_Click1(object sender, EventArgs e)
{
CustomerLogin = new FixedAuctions.AuctionsDB() ;
StringBuilder sbUserData = new StringBuilder();
DataSet ds = CustomerLogin.CustomSelect Login2(txt Username2. Text, txtPassword2.Text);
if (ds.Tables[0].Rows.Count == 1)
{
sbUserData.Append(ds.Table s[0].Rows[ 0]["CUSTOM ERROLE"].T oString()) ;
sbUserData.Append("|");
sbUserData.Append(ds.Table s[0].Rows[ 0]["CUSTOM ERTYPEID"] .ToString( ));
Session["CUSTOMERROLE"] = ds.Tables[0].Rows[0]["CUST OMERROLE"] .ToString( );
Session["CUSTOMERID"] = ds.Tables[0].Rows[0]["CUST OMERID"].T oString();
Session["SALENUMBERID"] = ds.Tables[0].Rows[0]["SALE NUMBERID"] .ToString( );
Session["VENDORID"] = ds.Tables[0].Rows[0]["VEND ORID"].ToS tring();
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, txtUsername2.Text, DateTime.Now, DateTime.Now.AddMinutes(5) , false, sbUserData.ToString(), FormsAuthentication.FormsC ookiePath) ;
// Hash the cookie for transport
string encryptedTicket = FormsAuthentication.Encryp t(ticket);
HttpCookie FPAUCTION = new HttpCookie(FormsAuthentica tion.Forms CookieName , encryptedTicket); // Name of auth cookie hash); // Hashed ticket
// Add the cookie to the list for outgoing response
Response.Cookies.Add(FPAUC TION);
// Redirect to requested URL, or homepage if no previous page requested
string returnUrl = Request.QueryString["Retur nUrl"];
if ((ds.Tables[0].Rows[0]["CU STOMERROLE "].ToStrin g() == "CSREGD")) || (ds.Tables[0].Rows[0]["CUS TOMERROLE" ].ToString () == "CS"))
{
returnUrl = "~/cs_auctions";
}
if (ds.Tables[0].Rows[0]["CUS TOMERROLE" ].ToString () == "EDREGD")
{
returnUrl = "~/ed_auctions";
}
if (returnUrl == null) returnUrl = "~/ed_auctions";
// Don't call FormsAuthentication.Redire ctFromLogi nPage
//if (returnUrl == null) returnUrl = "~/cs_auctions";, since it could
// replace the authentication ticket (cookie) just added
Response.Redirect(returnUr l);
}
else
{
lblMessage.Text = "Invalid Login Details, Please Try Again!";
}
I assign roles e.t.c, and am doing the following in my Global.asax;-
protected void Application_AuthenticateRe quest(Obje ct sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User. Identity.I sAuthentic ated)
{
if (HttpContext.Current.User. Identity is FormsIdentity)
{
// Get Forms Identity From Current User
FormsIdentity id = (FormsIdentity)HttpContext .Current.U ser.Identi ty;
// Get Forms Ticket From Identity object
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split('|');
HttpContext.Current.User = new System.Security.Principal. GenericPri ncipal(id, roles);
}
}
}
In My page load event, I am doing the following;-
protected void loadPage(object sender, EventArgs e)
{
try
{
// if they haven't logged in this will fail and we can send them to
// the login page
FormsIdentity id = (FormsIdentity)HttpContext .Current.U ser.Identi ty;
}
// whatever bad happened, let's just send them back to login page for now...
catch(Exception ex )
{
Response.Redirect("Default .aspx"); // whatever your login page is
}
// is this an Administrator role?
if (User.IsInRole("EDREGD"))
{
Response.Write("Welcome Big Admin!");
// ok let's enumerate their roles for them...
FormsIdentity id = (FormsIdentity)HttpContext .Current.U ser.Identi ty;
FormsAuthenticationTicket ticket = id.Ticket;
string userData = ticket.UserData;
string[] roles = userData.Split('|');
foreach(string role in roles)
{
Response.Write("You are: " + role.ToString()+"<BR>");
}
Response.Write ("You get to see the Admin link:<BR><A href=\"Admin/Adminstuff.as px\">Admin Only</a>");
}
else
{
// ok, they got in but we know they aren't an Administrator...
Response.Write("Ya got logged in, but you ain't an Administrator!");
FormsIdentity id = (FormsIdentity)HttpContext .Current.U ser.Identi ty;
FormsAuthenticationTicket ticket = id.Ticket;
string userData = ticket.UserData;
string[] roles = userData.Split('|');
foreach(string role in roles)
{
Response.Write("You are: " +role.ToString()+"<BR>");
}
}
}
The problem is that on my page load event I am getting the following;-
Ya got logged in, but you ain't an Administrator!You are: EDREGD
You are: 1
which means that for role.ToString() wrtes the following;- "EDREGD" but is not recognised as being the user's role (User.IsInRole("EDREGD"))
What am I missing??
Many Thanks
I have a weird problem, I don't know what am missing.
I log a user in no problem doing the following;-
protected void Button2_Click1(object sender, EventArgs e)
{
CustomerLogin = new FixedAuctions.AuctionsDB()
StringBuilder sbUserData = new StringBuilder();
DataSet ds = CustomerLogin.CustomSelect
if (ds.Tables[0].Rows.Count == 1)
{
sbUserData.Append(ds.Table
sbUserData.Append("|");
sbUserData.Append(ds.Table
Session["CUSTOMERROLE"] = ds.Tables[0].Rows[0]["CUST
Session["CUSTOMERID"] = ds.Tables[0].Rows[0]["CUST
Session["SALENUMBERID"] = ds.Tables[0].Rows[0]["SALE
Session["VENDORID"] = ds.Tables[0].Rows[0]["VEND
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
// Hash the cookie for transport
string encryptedTicket = FormsAuthentication.Encryp
HttpCookie FPAUCTION = new HttpCookie(FormsAuthentica
// Add the cookie to the list for outgoing response
Response.Cookies.Add(FPAUC
// Redirect to requested URL, or homepage if no previous page requested
string returnUrl = Request.QueryString["Retur
if ((ds.Tables[0].Rows[0]["CU
{
returnUrl = "~/cs_auctions";
}
if (ds.Tables[0].Rows[0]["CUS
{
returnUrl = "~/ed_auctions";
}
if (returnUrl == null) returnUrl = "~/ed_auctions";
// Don't call FormsAuthentication.Redire
//if (returnUrl == null) returnUrl = "~/cs_auctions";, since it could
// replace the authentication ticket (cookie) just added
Response.Redirect(returnUr
}
else
{
lblMessage.Text = "Invalid Login Details, Please Try Again!";
}
I assign roles e.t.c, and am doing the following in my Global.asax;-
protected void Application_AuthenticateRe
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.
{
if (HttpContext.Current.User.
{
// Get Forms Identity From Current User
FormsIdentity id = (FormsIdentity)HttpContext
// Get Forms Ticket From Identity object
FormsAuthenticationTicket ticket = id.Ticket;
// Get the stored user-data, in this case, our roles
string userData = ticket.UserData;
string[] roles = userData.Split('|');
HttpContext.Current.User = new System.Security.Principal.
}
}
}
In My page load event, I am doing the following;-
protected void loadPage(object sender, EventArgs e)
{
try
{
// if they haven't logged in this will fail and we can send them to
// the login page
FormsIdentity id = (FormsIdentity)HttpContext
}
// whatever bad happened, let's just send them back to login page for now...
catch(Exception ex )
{
Response.Redirect("Default
}
// is this an Administrator role?
if (User.IsInRole("EDREGD"))
{
Response.Write("Welcome Big Admin!");
// ok let's enumerate their roles for them...
FormsIdentity id = (FormsIdentity)HttpContext
FormsAuthenticationTicket ticket = id.Ticket;
string userData = ticket.UserData;
string[] roles = userData.Split('|');
foreach(string role in roles)
{
Response.Write("You are: " + role.ToString()+"<BR>");
}
Response.Write ("You get to see the Admin link:<BR><A href=\"Admin/Adminstuff.as
}
else
{
// ok, they got in but we know they aren't an Administrator...
Response.Write("Ya got logged in, but you ain't an Administrator!");
FormsIdentity id = (FormsIdentity)HttpContext
FormsAuthenticationTicket ticket = id.Ticket;
string userData = ticket.UserData;
string[] roles = userData.Split('|');
foreach(string role in roles)
{
Response.Write("You are: " +role.ToString()+"<BR>");
}
}
}
The problem is that on my page load event I am getting the following;-
Ya got logged in, but you ain't an Administrator!You are: EDREGD
You are: 1
which means that for role.ToString() wrtes the following;- "EDREGD" but is not recognised as being the user's role (User.IsInRole("EDREGD"))
What am I missing??
Many Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanx Dream,
But am afraid I need more help.
If there are unwanted characters, how do I solve my problem.
Please give example code if you can.
But am afraid I need more help.
If there are unwanted characters, how do I solve my problem.
Please give example code if you can.
You could use the Trim function to remove unwanted trailing or leading spaces.
Regards,
Max.
Regards,
Max.
Glad to have been helpfull :)
Regards,
Max.
Regards,
Max.
Regards,
Max.