Solved

How do I check authentication and then redirect user based on the check?

Posted on 2014-12-06
2
297 Views
Last Modified: 2014-12-08
I am using BlogEngine 3.0.. There is no code behind page for default.aspx in the web app. So I am using the site.master.cs in the theme to make the check I need. I need to check to see if the person coming to the page is authenticated and if not redirected to Login. If they are authenticated to check and see if they are an Administrator or a Teacher. If not redirect the user to a page NotAllowed.aspx. Below is the code for the code behind on the site.master.

  protected void Page_Load(object sender, EventArgs e)
  {
      if (!Request.IsAuthenticated)
      {
          Response.Redirect("account/login.aspx");
      }
      else if (!Roles.IsUserInRole("Administrators")) ||
           !Roles.IsUserInRole("Teacher")
      {
          Response.Redirect("account/NotApproved.aspx");
      }      
     
This is what happens:
When I first visit the page I am sent to Login as I should be. When I log on I am just redirected back to Login. It doesn't matter what credentials I use to log in, whethr an administrator's or a teacher's.

This seems simple. I can't see what I am missing. Thanks for your assistance.
0
Comment
Question by:bobbellows
2 Comments
 
LVL 7

Accepted Solution

by:
Camillia earned 500 total points
ID: 40484851
This is how I do it in master page of one of my projects

Aspx page:

 <form action="#" method="post"  id="frm" runat="server" >
    <div id="login_area">
      <fieldset >
        <legend>Member log-in <asp:Literal ID="lmsg" runat="server" ></asp:Literal> </legend> 
      
        
            <asp:Login ID="Login1" Orientation="Horizontal"  LoginButtonStyle-CssClass="submit_text_link" 
            LoginButtonText="Submit"  OnAuthenticate="OnAuthenticate"    LoginButtonType="Link" TitleText=""    DisplayRememberMe="false" 
            TextLayout="TextOnTop"   FailureText="Invalid username or password"  runat="server">
            
             <LayoutTemplate>
               
                <table width="320" border="0" cellspacing="0" cellpadding="0">
                    <tr>
                    <td><label for="username">Username:</label>
                    <asp:TextBox  ID="UserName" runat="server"></asp:TextBox></td>&nbsp;
                    <td ><label for="password">Password:</label>
                    <asp:TextBox  ID="Password"   runat="server"  TextMode="Password"></asp:TextBox></td>
                    </tr> 
                    
                    <tr align="right">
              
                    <td  colspan="2">
                    
                    <asp:LinkButton id="Login" CommandName="Login" CssClass="submit_text_link" runat="server" Text="Submit"></asp:LinkButton></td>
                    </tr>
                    
                    </table>
                                 
             </LayoutTemplate>
                             
            </asp:Login>
      
    
        </fieldset>
       

       <br /> 
     </div> <!--new -->

     <!-- bottom of the page -->
     <div >
            <asp:ContentPlaceHolder  id="MasterContentPlaceHolder1" runat="server">
        
            </asp:ContentPlaceHolder>
     </div>
    </form>

Open in new window


Code behind in Login.master

protected void Page_Load(object sender, EventArgs e)
    {
        //http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.login.layouttemplate.aspx

        FindButton(Login1);
        Login1.Focus();
     


    }

    public void FindButton(Control c)
    {//focus on submit button
        foreach (Control b in c.Controls)
        {
            if (b is LinkButton)
            {
                b.Focus();
                frm.DefaultButton = b.UniqueID;
                return;

                
            }
            if (b.HasControls())
            {
                FindButton(b);
            }
        }
    } 


private bool SiteSpecificAuthenticationMethod(string userName, string password)
    {
        
        try
        {
            if (string.IsNullOrEmpty(Login1.UserName) || string.IsNullOrEmpty(Login1.Password))
            {
                lmsg.Text = "<font style='font-size:11px; color:#ff0000'>Username & Password are required.</font>";
                return false;
            }
             if (Membership.GetUser(Login1.UserName) != null)
            {
                bool LockStatus = Membership.GetUser(Login1.UserName).IsLockedOut;
                if (LockStatus)
                {
                    lmsg.Text = "<font style='font-size:11px; color:#ff0000'>Your account is locked.</font>";
                    return false;
                }
            }

            if  (Membership.ValidateUser(Login1.UserName, Login1.Password))
            {
               
                Session["username"] = Login1.UserName;
                ProfileData pd = new ProfileData();

                foreach (var row in pd.LoadOfficeUserNameDetail(Login1.UserName))
                {
                   ///some business logic code for my project goes here
                }
            }

            else
            {
                lmsg.Text = "<font style='font-size:11px; color:#ff0000'>Invalid Username or Password.</font>";
                return false;
            }
        }
        catch (Exception ex)
        {
           // I log exception here
            };

                    return false;
          

        }
        return true;
    }


    public void OnAuthenticate(object sender, AuthenticateEventArgs e)
    {
        bool authenticated = false;
        authenticated = SiteSpecificAuthenticationMethod(Login1.UserName, Login1.Password);

        e.Authenticated = authenticated;

      
        
       
            if (authenticated && Roles.IsUserInRole(Login1.UserName, "Admin")
                Login1.DestinationPageUrl = "~/main/profile/InitialSignup.aspx?pageTitleId=50";
               

    }

Open in new window

0
 

Author Closing Comment

by:bobbellows
ID: 40488151
Thanks so much. I can adapt this.
Bob
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now