Wrox Programmer Forums
|
ASP.NET 1.0 and 1.1 Basics ASP.NET discussion for users new to coding in ASP.NET 1.0 or 1.1. NOT for the older "classic" ASP 3 or the newer ASP.NET 2.0.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old February 21st, 2006, 08:12 AM
Authorized User
  
Join Date: Jan 2006
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default problem with role based authorization
iam having problem with role based authorization.i have a foldernamed "Company" which is similar to admin folder.to which other user r not alowed to access.iam using cookies to store my authentication ticket.here is the code for my global.asax
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
        ' Fires upon attempting to authenticate the use

        Dim cookiename As String
        Dim authcookie As HttpCookie
        Dim authticket As FormsAuthenticationTicket
        'Dim roles
        cookiename = FormsAuthentication.FormsCookieName
        authcookie = Context.Request.Cookies(cookiename)



        If authticket Is "" Then
            authticket = FormsAuthentication.Decrypt(authcookie.Value)

            Dim id As FormsIdentity
            Dim principal As GenericPrincipal
            Dim userdata As String
            userdata = authticket.UserData
            Dim roles
            roles = userdata
            id = New FormsIdentity(authticket)



            'roles = authticket.UserData.ToString
            principal = New GenericPrincipal(id, roles)

            HttpContext.Current.User = principal

        End If

    End Sub
------------------------------------------------
the code for "Default.aspx" which is also login page where cookies r set.User can login in two ways either as admin or Employee.
 Private Sub ImageButton1_Click(ByVal sender As System.Object, ByVal e As System.Web.UI.ImageClickEventArgs) Handles ImageButton1.Click
        Dim strFname As String

        Dim dsn As String
        dsn = ConfigurationSettings.AppSettings("DSN")
        Dim sqlcmd As String
        If rdiBtn.Checked = True Then
            sqlcmd = "Select Username,Password,empuser_id,Roles From employee_master Where Username='" & tbusername.Text & "' AND Password='" & tbpassword.Text & "'"
            Dim roles

            Dim myconn As New SqlConnection(dsn)
            Dim objcmd As New SqlCommand(sqlcmd, myconn)
            Dim objreader As SqlDataReader
            Dim emp_id As Integer = 0

            myconn.Open()

            objreader = objcmd.ExecuteReader
            If Not objreader.Read() Then
                lblmessage.Text = "Invalid Username Or password "

            Else
                ' lblmessage.Text = objreader("Roles")
                Dim authticket As FormsAuthenticationTicket
                Dim encryptedticket As String
                Dim authcookie As HttpCookie
                roles = objreader("Roles")

                'create authentication ticket
                authticket = New FormsAuthenticationTicket(1, tbusername.Text, DateTime.Now(), DateTime.Now.AddMinutes(30), False, roles)

                'Create encrypted ticket
                encryptedticket = FormsAuthentication.Encrypt(authticket)
                'Create a cookie and add the encrypted ticket to the cookie as data
                authcookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedticket)
                'Add Cookie to outgoing cookie collection
                Response.Cookies.Add(authcookie)

                'FormsAuthentication.RedirectFromLoginPage(tbusern ame.Text, False)
                Session("empuser_id") = objreader("empuser_id")
                objreader.Close()
                myconn.Close()
                'Redirect User to required page
                Response.Redirect("candidate_home.aspx?username='" & tbusername.Text & "'")
            End If
        Else
            lblmessage.Text = "Not active for Employer"
            sqlcmd = "Select cmpuser_id,Username,Password,Roles From Company_user Where Username='" & tbusername.Text & "' AND Password='" & tbpassword.Text & "'"

            Dim myconn As New SqlConnection(dsn)
            Dim objcmd As New SqlCommand(sqlcmd, myconn)
            Dim objreader As SqlDataReader
            Dim emp_id As Integer = 0
            Dim roles As String
            myconn.Open()



            objreader = objcmd.ExecuteReader
            If Not objreader.Read() Then
                lblmessage.Text = "Invalid Username Or password "

            Else
                ' lblmessage.Text = objreader("Roles")
                'FormsAuthentication.RedirectFromLoginPage(tbusern ame.Text, False)
                Dim authticket As FormsAuthenticationTicket
                Dim encryptedticket As String
                Dim authcookie As HttpCookie
                roles = objreader("Roles")

                'create authentication ticket
                authticket = New FormsAuthenticationTicket(1, tbusername.Text, DateTime.Now(), DateTime.Now.AddMinutes(30), False, roles)

                'Create encrypted ticket
                encryptedticket = FormsAuthentication.Encrypt(authticket)
                'Create a cookie and add the encrypted ticket to the cookie as data
                authcookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedticket)
                'Add Cookie to outgoing cookie collection
                Response.Cookies.Add(authcookie)

                Session("cmpuser_id") = objreader("cmpuser_id")
                objreader.Close()
                myconn.Close()

                Response.Redirect("Company/CompUserPage.aspx")
            End If
        End If
----------------------------------
the page_load for the Company page where the admin is taken after authentication and employee shud not get access is

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        'Put user code to initialize the page here
        Dim p As IPrincipal
        p = HttpContext.Current.User

        If Not p.IsInRole("Admin") Then

            Response.Redirect("Default.aspx")
        End If

    End Sub
---------------------------------------------
the web.config for entire structure

<location path="Company/CompUserPage.aspx">
   <system.web>
   <authorization>
  <allow roles="Admin"/>
    <deny users="?"/>
  </authorization>
</system.web>
</location>
---------------------------------
now the main problem is that whenver i try to login as admin iam redirected to"Default.aspx" instead iam supposed to go to "CompUserPage.aspx".how to solve this problem.





Similar Threads
Thread Thread Starter Forum Replies Last Post
Role based security tsimsha ASP.NET 2.0 Basics 4 May 6th, 2008 11:41 AM
Authentication and Role-Based Security swandown ASP.NET 1.0 and 1.1 Basics 0 October 11th, 2004 04:07 PM
Role based securty Warbird General .NET 2 August 17th, 2004 12:50 PM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.