Solved

How do I check authentication and then redirect user based on the check?

Posted on 2014-12-06
2
313 Views
Last Modified: 2014-12-08
I am using BlogEngine 3.0.. There is no code behind page for default.aspx in the web app. So I am using the site.master.cs in the theme to make the check I need. I need to check to see if the person coming to the page is authenticated and if not redirected to Login. If they are authenticated to check and see if they are an Administrator or a Teacher. If not redirect the user to a page NotAllowed.aspx. Below is the code for the code behind on the site.master.

  protected void Page_Load(object sender, EventArgs e)
  {
      if (!Request.IsAuthenticated)
      {
          Response.Redirect("account/login.aspx");
      }
      else if (!Roles.IsUserInRole("Administrators")) ||
           !Roles.IsUserInRole("Teacher")
      {
          Response.Redirect("account/NotApproved.aspx");
      }      
     
This is what happens:
When I first visit the page I am sent to Login as I should be. When I log on I am just redirected back to Login. It doesn't matter what credentials I use to log in, whethr an administrator's or a teacher's.

This seems simple. I can't see what I am missing. Thanks for your assistance.
0
Comment
Question by:bobbellows
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
Camillia earned 500 total points
ID: 40484851
This is how I do it in master page of one of my projects

Aspx page:

 <form action="#" method="post"  id="frm" runat="server" >
    <div id="login_area">
      <fieldset >
        <legend>Member log-in <asp:Literal ID="lmsg" runat="server" ></asp:Literal> </legend> 
      
        
            <asp:Login ID="Login1" Orientation="Horizontal"  LoginButtonStyle-CssClass="submit_text_link" 
            LoginButtonText="Submit"  OnAuthenticate="OnAuthenticate"    LoginButtonType="Link" TitleText=""    DisplayRememberMe="false" 
            TextLayout="TextOnTop"   FailureText="Invalid username or password"  runat="server">
            
             <LayoutTemplate>
               
                <table width="320" border="0" cellspacing="0" cellpadding="0">
                    <tr>
                    <td><label for="username">Username:</label>
                    <asp:TextBox  ID="UserName" runat="server"></asp:TextBox></td>&nbsp;
                    <td ><label for="password">Password:</label>
                    <asp:TextBox  ID="Password"   runat="server"  TextMode="Password"></asp:TextBox></td>
                    </tr> 
                    
                    <tr align="right">
              
                    <td  colspan="2">
                    
                    <asp:LinkButton id="Login" CommandName="Login" CssClass="submit_text_link" runat="server" Text="Submit"></asp:LinkButton></td>
                    </tr>
                    
                    </table>
                                 
             </LayoutTemplate>
                             
            </asp:Login>
      
    
        </fieldset>
       

       <br /> 
     </div> <!--new -->

     <!-- bottom of the page -->
     <div >
            <asp:ContentPlaceHolder  id="MasterContentPlaceHolder1" runat="server">
        
            </asp:ContentPlaceHolder>
     </div>
    </form>

Open in new window


Code behind in Login.master

protected void Page_Load(object sender, EventArgs e)
    {
        //http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.login.layouttemplate.aspx

        FindButton(Login1);
        Login1.Focus();
     


    }

    public void FindButton(Control c)
    {//focus on submit button
        foreach (Control b in c.Controls)
        {
            if (b is LinkButton)
            {
                b.Focus();
                frm.DefaultButton = b.UniqueID;
                return;

                
            }
            if (b.HasControls())
            {
                FindButton(b);
            }
        }
    } 


private bool SiteSpecificAuthenticationMethod(string userName, string password)
    {
        
        try
        {
            if (string.IsNullOrEmpty(Login1.UserName) || string.IsNullOrEmpty(Login1.Password))
            {
                lmsg.Text = "<font style='font-size:11px; color:#ff0000'>Username & Password are required.</font>";
                return false;
            }
             if (Membership.GetUser(Login1.UserName) != null)
            {
                bool LockStatus = Membership.GetUser(Login1.UserName).IsLockedOut;
                if (LockStatus)
                {
                    lmsg.Text = "<font style='font-size:11px; color:#ff0000'>Your account is locked.</font>";
                    return false;
                }
            }

            if  (Membership.ValidateUser(Login1.UserName, Login1.Password))
            {
               
                Session["username"] = Login1.UserName;
                ProfileData pd = new ProfileData();

                foreach (var row in pd.LoadOfficeUserNameDetail(Login1.UserName))
                {
                   ///some business logic code for my project goes here
                }
            }

            else
            {
                lmsg.Text = "<font style='font-size:11px; color:#ff0000'>Invalid Username or Password.</font>";
                return false;
            }
        }
        catch (Exception ex)
        {
           // I log exception here
            };

                    return false;
          

        }
        return true;
    }


    public void OnAuthenticate(object sender, AuthenticateEventArgs e)
    {
        bool authenticated = false;
        authenticated = SiteSpecificAuthenticationMethod(Login1.UserName, Login1.Password);

        e.Authenticated = authenticated;

      
        
       
            if (authenticated && Roles.IsUserInRole(Login1.UserName, "Admin")
                Login1.DestinationPageUrl = "~/main/profile/InitialSignup.aspx?pageTitleId=50";
               

    }

Open in new window

0
 

Author Closing Comment

by:bobbellows
ID: 40488151
Thanks so much. I can adapt this.
Bob
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Relic: Our company recently started researching several products to figure out what were the best ways for us to increase our web page speed and to quickly identify performance problems that we may be having. One of the products we evaluated wa…
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question