Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How do I check authentication and then redirect user based on the check?

Posted on 2014-12-06
2
Medium Priority
?
322 Views
Last Modified: 2014-12-08
I am using BlogEngine 3.0.. There is no code behind page for default.aspx in the web app. So I am using the site.master.cs in the theme to make the check I need. I need to check to see if the person coming to the page is authenticated and if not redirected to Login. If they are authenticated to check and see if they are an Administrator or a Teacher. If not redirect the user to a page NotAllowed.aspx. Below is the code for the code behind on the site.master.

  protected void Page_Load(object sender, EventArgs e)
  {
      if (!Request.IsAuthenticated)
      {
          Response.Redirect("account/login.aspx");
      }
      else if (!Roles.IsUserInRole("Administrators")) ||
           !Roles.IsUserInRole("Teacher")
      {
          Response.Redirect("account/NotApproved.aspx");
      }      
     
This is what happens:
When I first visit the page I am sent to Login as I should be. When I log on I am just redirected back to Login. It doesn't matter what credentials I use to log in, whethr an administrator's or a teacher's.

This seems simple. I can't see what I am missing. Thanks for your assistance.
0
Comment
Question by:bobbellows
2 Comments
 
LVL 7

Accepted Solution

by:
Camillia earned 2000 total points
ID: 40484851
This is how I do it in master page of one of my projects

Aspx page:

 <form action="#" method="post"  id="frm" runat="server" >
    <div id="login_area">
      <fieldset >
        <legend>Member log-in <asp:Literal ID="lmsg" runat="server" ></asp:Literal> </legend> 
      
        
            <asp:Login ID="Login1" Orientation="Horizontal"  LoginButtonStyle-CssClass="submit_text_link" 
            LoginButtonText="Submit"  OnAuthenticate="OnAuthenticate"    LoginButtonType="Link" TitleText=""    DisplayRememberMe="false" 
            TextLayout="TextOnTop"   FailureText="Invalid username or password"  runat="server">
            
             <LayoutTemplate>
               
                <table width="320" border="0" cellspacing="0" cellpadding="0">
                    <tr>
                    <td><label for="username">Username:</label>
                    <asp:TextBox  ID="UserName" runat="server"></asp:TextBox></td>&nbsp;
                    <td ><label for="password">Password:</label>
                    <asp:TextBox  ID="Password"   runat="server"  TextMode="Password"></asp:TextBox></td>
                    </tr> 
                    
                    <tr align="right">
              
                    <td  colspan="2">
                    
                    <asp:LinkButton id="Login" CommandName="Login" CssClass="submit_text_link" runat="server" Text="Submit"></asp:LinkButton></td>
                    </tr>
                    
                    </table>
                                 
             </LayoutTemplate>
                             
            </asp:Login>
      
    
        </fieldset>
       

       <br /> 
     </div> <!--new -->

     <!-- bottom of the page -->
     <div >
            <asp:ContentPlaceHolder  id="MasterContentPlaceHolder1" runat="server">
        
            </asp:ContentPlaceHolder>
     </div>
    </form>

Open in new window


Code behind in Login.master

protected void Page_Load(object sender, EventArgs e)
    {
        //http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.login.layouttemplate.aspx

        FindButton(Login1);
        Login1.Focus();
     


    }

    public void FindButton(Control c)
    {//focus on submit button
        foreach (Control b in c.Controls)
        {
            if (b is LinkButton)
            {
                b.Focus();
                frm.DefaultButton = b.UniqueID;
                return;

                
            }
            if (b.HasControls())
            {
                FindButton(b);
            }
        }
    } 


private bool SiteSpecificAuthenticationMethod(string userName, string password)
    {
        
        try
        {
            if (string.IsNullOrEmpty(Login1.UserName) || string.IsNullOrEmpty(Login1.Password))
            {
                lmsg.Text = "<font style='font-size:11px; color:#ff0000'>Username & Password are required.</font>";
                return false;
            }
             if (Membership.GetUser(Login1.UserName) != null)
            {
                bool LockStatus = Membership.GetUser(Login1.UserName).IsLockedOut;
                if (LockStatus)
                {
                    lmsg.Text = "<font style='font-size:11px; color:#ff0000'>Your account is locked.</font>";
                    return false;
                }
            }

            if  (Membership.ValidateUser(Login1.UserName, Login1.Password))
            {
               
                Session["username"] = Login1.UserName;
                ProfileData pd = new ProfileData();

                foreach (var row in pd.LoadOfficeUserNameDetail(Login1.UserName))
                {
                   ///some business logic code for my project goes here
                }
            }

            else
            {
                lmsg.Text = "<font style='font-size:11px; color:#ff0000'>Invalid Username or Password.</font>";
                return false;
            }
        }
        catch (Exception ex)
        {
           // I log exception here
            };

                    return false;
          

        }
        return true;
    }


    public void OnAuthenticate(object sender, AuthenticateEventArgs e)
    {
        bool authenticated = false;
        authenticated = SiteSpecificAuthenticationMethod(Login1.UserName, Login1.Password);

        e.Authenticated = authenticated;

      
        
       
            if (authenticated && Roles.IsUserInRole(Login1.UserName, "Admin")
                Login1.DestinationPageUrl = "~/main/profile/InitialSignup.aspx?pageTitleId=50";
               

    }

Open in new window

0
 

Author Closing Comment

by:bobbellows
ID: 40488151
Thanks so much. I can adapt this.
Bob
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
Hello there! As a developer I have modified and refactored the unit tests which was written by fellow developers in the past. On the course, I have gone through various misconceptions and technical challenges when it comes to implementation. I would…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Suggested Courses

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question