?
Solved

ASP .NET 2.0 Add Role during Log In -  FormsAuthentication

Posted on 2011-04-19
5
Medium Priority
?
477 Views
Last Modified: 2013-11-25
Hi,

I have a simple login page that I have hard coded the credentials into the page.  I have to do this because the functionality will only be fore one-two people on the site, and we don't really maintain access to the sql databases on the server.

In my web config, I also list the persons (that onced logged in) are able to access the site functionality desired.  I would like to change this to a role base in the web.config for the specific files, so that I only have to change the one file on the test server.  I've tried adding the role manually in the file, but seem to be getting the general error.  Any thoughts?
<%@ Page Language='VB' MasterPageFile='usphssite.master' Title='Content Page for login.aspx' %>

<%@ Import Namespace='System.Web.Security' %>

<script runat='server'>


    'Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
	'If User.IsInRole("members") Then
	'	Msg.Text = "A part of members."
	'Else
'		Msg.Text = "Not a part of members."
'	End If

'    End Sub


    Sub Logon_Click(ByVal sender As Object, ByVal e As EventArgs)
        If ((UserEmail.Text = "Admin") And (UserPass.Text = "password1")) _
           Or ((UserEmail.Text = "test1@test.com") And (UserPass.Text = "password1")) Then

	    Roles.CreateRole("members")

	    Roles.AddUserToRole(UserEmail.Text, "members")

	If User.IsInRole("members") Then
		Msg.Text = "A part of members."
	Else
		Msg.Text = "Not a part of members."
	End If


'            FormsAuthentication.RedirectFromLoginPage(UserEmail.Text, Persist.Checked)
        Else
            Msg.Text = "Invalid Credentials. Please try again."
        End If
    End Sub
</script>

<asp:Content ID='Content1' ContentPlaceHolderID='Main' Runat='Server'>

    <p>
        Please enter your username and password.
   </p>

    <p><asp:Label ID='Msg' ForeColor='Red' runat='server' /></p>
   <p>
   <asp:Label ID='Label1' runat='server'>Email Address:</asp:Label>
   <asp:TextBox ID='UserEmail' runat='server' Width='183px'></asp:TextBox>
   <asp:RequiredFieldValidator ID='RequiredFieldValidator2' runat='server' ControlToValidate='UserEmail'
        ErrorMessage='Can not be empty.'></asp:RequiredFieldValidator>
    </p>
    <p>
   <asp:Label ID='Label2' runat='server' Width='78px'>Password:</asp:Label>
   <asp:TextBox ID='UserPass' runat='server' Width='183px' TextMode='Password'></asp:TextBox>
   <asp:RequiredFieldValidator ID='RequiredFieldValidator1' runat='server' ControlToValidate='UserPass'
        ErrorMessage='Can not be empty.'></asp:RequiredFieldValidator>
   </p>
   <p>
   <asp:Label ID='Label3' runat='server' Text='Remember me?' Width='98px'></asp:Label>
   <asp:CheckBox ID='Persist' runat='server' />
   </p>
   <p>
    <asp:Button ID='Submit1' runat='server' Text='Log On' OnClick='Logon_Click' width='99px'/>
    </p>
</asp:Content>

Open in new window

0
Comment
Question by:atljarman
  • 2
  • 2
4 Comments
 
LVL 31

Assisted Solution

by:MlandaT
MlandaT earned 1000 total points
ID: 35441747
This is what you are trying to do http://www.codedigest.com/Articles/ASPNET/176_Using_Roles_in_Forms_Authentication_in_ASPNet_20.aspx. specifically something along the lines of "Listing 4 - Application Authenticate Event".

You want roles without using a database. currently, your error is probably coming from Roles.CreateRole("members") because you do not have a roles database
0
 

Author Comment

by:atljarman
ID: 35443731
Is this what you are suggesting I use in the VB:

          Roles.AddUserToRole(UserEmail.Text, "members")
          FormsAuthentication.RedirectFromLoginPage(UserEmail.Text, Persist.Checked)
    Sub Logon_Click(ByVal sender As Object, ByVal e As EventArgs)
        If ((UserEmail.Text = "Admin") And (UserPass.Text = "password1")) _
           Or ((UserEmail.Text = "test1@test.com") And (UserPass.Text = "password1")) Then

                FormsAuthenticationTicket Authticket = new
                            FormsAuthenticationTicket(1,
                            UserEmail.Text,
                            DateTime.Now,
                            DateTime.Now.AddMinutes(30),
                            Persist.Checked,
                            _user.Role,  
                            FormsAuthentication.FormsCookiePath);
 ' I should define "_user.Role," as "members"
               
                string hash = FormsAuthentication.

                              Encrypt(Authticket);

                HttpCookie Authcookie = new HttpCookie(

                 FormsAuthentication.FormsCookieName,hash);

                if (Authticket.IsPersistent)
                    Authcookie.Expires = Authticket.Expiration;
                Response.Cookies.Add(Authcookie);
                string returnUrl = Request.QueryString["ReturnUrl"];
                if (returnUrl == null)

                    returnUrl = "/";

                Response.Redirect(returnUrl);


'           FormsAuthentication.RedirectFromLoginPage(UserEmail.Text, Persist.Checked)
        Else
            Msg.Text = "Invalid Credentials. Please try again."
        End If
    End Sub
</script>


I'm not good with C#, so if you have a more specific suggestion to add.
0
 
LVL 31

Accepted Solution

by:
MlandaT earned 1000 total points
ID: 35443825
You havent really converted your code from C# to VB.NET correctly.... this tool will convert those C# snippets to Vb.NET for you http://www.developerfusion.com/tools/convert/csharp-to-vb/
0
 

Author Closing Comment

by:atljarman
ID: 35445505
Was helpful for multiple other areas where I can find C# examples but not VB.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Integration Management Part 2

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question