Ask a Question related to ASP.NET Security, Design and Development.
-
sean #1
RedirectFromLoginPage not redirecting
I'm attempting to use Forms/Roles based authentication and
authorization. A subdirectory's web.config allows only
"Admin" roles and it does kick browsers to a login page.
However...when supplying proper credentials to the login
page I'm never actually redirected to the page in the
protected subdirectory. I've stepped through the code in
the debugger and I can see the connection to the db open
and the names of the roles getting fed to a cookie all just
fine but at the last the redirect never happens. There's a
blink (postback I'm assuming) and I stay at the login page.
Any help greatly appreciated. Code to follow..
.................................................. ........
web.config of protected directory:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</configuration>
.................................................. ........
.................................................. ........
code in login.aspx onClick event handler:
Dim cookieRoles As New StringBuilder
While reader.Read()
cookieRoles.Append(reader("Role").
ToString())
cookieRoles.Append(".")
End While
' Save the Roles in a client Cookie for
future requests
Dim RoleCookie As HttpCookie = New
HttpCookie("Roles")
RoleCookie.Value = cookieRoles.ToString()
Response.Cookies.Add(RoleCookie)
FormsAuthentication.
RedirectFromLoginPage(UserName.Text, PersistCookie.Checked)
.................................................. ........
sean Guest
-
Solution to Forms Authentication redirecting to bogus default.aspx page with RedirectFromLoginPage
hi, i've read a lot of posts here about people who ran into problems using forms authentication, and the RedirectFromLoginPage() method, which... -
FormsAuthentication.RedirectFromLoginPage And Frames
Hi! I have a page called Login.aspx that handles login (takes username, pass and compares to a database). If the user is authenticated,... -
RedirectFromLoginPage, use location.replace instead?
Hey- I have a web app I'm writing where I cannot allow there to be any pages loaded into the history during the course of going from page to... -
RedirectFromLoginPage fails
I am trying to implement the classic ASP.NET FormsAuthentication model for a website. The behavior of the website is normal until the login.aspx... -
MobileFormsAuthentication.RedirectFromLoginPage
I use MobileFormsAuthentication.RedirectFromLoginPage. everything works fine except that it tells the user that the current page, which is the... -
Janaka #2 Re: RedirectFromLoginPage not redirecting
If your wanting to use role-based authentication then you need to get the
role information into the forms authentication ticket.
Don't worry about making another cookie for your roles. Just redirect from
login as you've done.
In your global.asax try the following:
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
if (Request.IsAuthenticated)
{
string authName = Context.User.Identity.Name;
// Get the role to store
string[] roles = cookieRoles.Split(','); // this can be your own
implementation
// Add a principal
GenericIdentity thisIdentity = new GenericIdentity(authName);
Context.User = new GenericPrincipal(thisIdentity, roles);
}
}
"sean" <anonymous@discussions.microsoft.com> wrote in message
news:a88e01c43688$08aca1c0$a401280a@phx.gbl...> I'm attempting to use Forms/Roles based authentication and
> authorization. A subdirectory's web.config allows only
> "Admin" roles and it does kick browsers to a login page.
> However...when supplying proper credentials to the login
> page I'm never actually redirected to the page in the
> protected subdirectory. I've stepped through the code in
> the debugger and I can see the connection to the db open
> and the names of the roles getting fed to a cookie all just
> fine but at the last the redirect never happens. There's a
> blink (postback I'm assuming) and I stay at the login page.
>
> Any help greatly appreciated. Code to follow..
> .................................................. .......
> web.config of protected directory:
>
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
> <system.web>
> <authorization>
> <allow roles="Administrator" />
> <deny users="*" />
> </authorization>
> </system.web>
> </configuration>
> .................................................. .......
>
> .................................................. .......
> code in login.aspx onClick event handler:
>
> Dim cookieRoles As New StringBuilder
>
> While reader.Read()
> cookieRoles.Append(reader("Role").
> ToString())
> cookieRoles.Append(".")
> End While
>
> ' Save the Roles in a client Cookie for
> future requests
> Dim RoleCookie As HttpCookie = New
> HttpCookie("Roles")
>
> RoleCookie.Value = cookieRoles.ToString()
>
> Response.Cookies.Add(RoleCookie)
>
> FormsAuthentication.
> RedirectFromLoginPage(UserName.Text, PersistCookie.Checked)
>
> .................................................. .......
>
>
>
Janaka Guest
-
sean #3 Re: RedirectFromLoginPage not redirecting
Should have added..I have the following in my global.asax.
vb and still no redirect:
Sub Application_AuthenticateRequest(ByVal sender As Object,
ByVal e As EventArgs)
Dim context As HttpContext = HttpContext.Current
If Not context.User Is Nothing AndAlso context.
User.Identity.IsAuthenticated Then
Dim userIdentity As GenericIdentity = New
GenericIdentity(context.User.Identity.Name, "Forms")
Dim userPrincipal As GenericPrincipal = New
GenericPrincipal(userIdentity, context.Request.
Cookies("Roles").Value.Split("."))
context.User = userPrincipal
End If
End Sub
thanks,
s~
need to get the>-----Original Message-----
>If your wanting to use role-based authentication then youJust redirect from>role information into the forms authentication ticket.
>Don't worry about making another cookie for your roles.sender, EventArgs e)>login as you've done.
>In your global.asax try the following:
>
>protected void Application_AuthenticateRequest(Objectcan be your own>
>{
>
>if (Request.IsAuthenticated)
>
>{
>
> string authName = Context.User.Identity.Name;
>
> // Get the role to store
>
> string[] roles = cookieRoles.Split(','); // thisGenericIdentity(authName);>implementation
>
> // Add a principal
>
> GenericIdentity thisIdentity = newroles);>
>
> Context.User = new GenericPrincipal(thisIdentity,message>
>}
>
>}
>
>
>"sean" <anonymous@discussions.microsoft.com> wrote inand>news:a88e01c43688$08aca1c0$a401280a@phx.gbl...>> I'm attempting to use Forms/Roles based authenticationjust>> authorization. A subdirectory's web.config allows only
>> "Admin" roles and it does kick browsers to a login page.
>> However...when supplying proper credentials to the login
>> page I'm never actually redirected to the page in the
>> protected subdirectory. I've stepped through the code in
>> the debugger and I can see the connection to the db open
>> and the names of the roles getting fed to a cookie alla>> fine but at the last the redirect never happens. There'spage.>> blink (postback I'm assuming) and I stay at the login..>>
>> Any help greatly appreciated. Code to follow..
>> .................................................. ........>> web.config of protected directory:
>>
>> <?xml version="1.0" encoding="utf-8" ?>
>> <configuration>
>> <system.web>
>> <authorization>
>> <allow roles="Administrator" />
>> <deny users="*" />
>> </authorization>
>> </system.web>
>> </configuration>
>> .................................................. ........>>
>> .................................................. ......Checked)>> code in login.aspx onClick event handler:
>>
>> Dim cookieRoles As New StringBuilder
>>
>> While reader.Read()
>> cookieRoles.Append(reader("Role").
>> ToString())
>> cookieRoles.Append(".")
>> End While
>>
>> ' Save the Roles in a client Cookie for
>> future requests
>> Dim RoleCookie As HttpCookie = New
>> HttpCookie("Roles")
>>
>> RoleCookie.Value = cookieRoles.ToString()
>>
>> Response.Cookies.Add(RoleCookie)
>>
>> FormsAuthentication.
>> RedirectFromLoginPage(UserName.Text, PersistCookie...>>
>> .................................................. ......>>>
>>
>>
>
>.
>sean Guest
-
Janaka #4 Re: RedirectFromLoginPage not redirecting
sean
try using the FormsAuthentication.GetAuthCookie() method instead and then
doing a manual Response.Redirect()
Janaka
"sean" <anonymous@discussions.microsoft.com> wrote in message
news:ace301c43699$b50052d0$a101280a@phx.gbl...> Should have added..I have the following in my global.asax.
> vb and still no redirect:
>
> Sub Application_AuthenticateRequest(ByVal sender As Object,
> ByVal e As EventArgs)
> Dim context As HttpContext = HttpContext.Current
> If Not context.User Is Nothing AndAlso context.
> User.Identity.IsAuthenticated Then
> Dim userIdentity As GenericIdentity = New
> GenericIdentity(context.User.Identity.Name, "Forms")
> Dim userPrincipal As GenericPrincipal = New
> GenericPrincipal(userIdentity, context.Request.
> Cookies("Roles").Value.Split("."))
> context.User = userPrincipal
> End If
> End Sub
>
> thanks,
> s~
>> need to get the> >-----Original Message-----
> >If your wanting to use role-based authentication then you> Just redirect from> >role information into the forms authentication ticket.
> >Don't worry about making another cookie for your roles.> sender, EventArgs e)> >login as you've done.
> >In your global.asax try the following:
> >
> >protected void Application_AuthenticateRequest(Object> can be your own> >
> >{
> >
> >if (Request.IsAuthenticated)
> >
> >{
> >
> > string authName = Context.User.Identity.Name;
> >
> > // Get the role to store
> >
> > string[] roles = cookieRoles.Split(','); // this> GenericIdentity(authName);> >implementation
> >
> > // Add a principal
> >
> > GenericIdentity thisIdentity = new> roles);> >
> >
> > Context.User = new GenericPrincipal(thisIdentity,> message> >
> >}
> >
> >}
> >
> >
> >"sean" <anonymous@discussions.microsoft.com> wrote in> and> >news:a88e01c43688$08aca1c0$a401280a@phx.gbl...> >> I'm attempting to use Forms/Roles based authentication> just> >> authorization. A subdirectory's web.config allows only
> >> "Admin" roles and it does kick browsers to a login page.
> >> However...when supplying proper credentials to the login
> >> page I'm never actually redirected to the page in the
> >> protected subdirectory. I've stepped through the code in
> >> the debugger and I can see the connection to the db open
> >> and the names of the roles getting fed to a cookie all> a> >> fine but at the last the redirect never happens. There's> page.> >> blink (postback I'm assuming) and I stay at the login> .> >>
> >> Any help greatly appreciated. Code to follow..
> >> .................................................. ......> .> >> web.config of protected directory:
> >>
> >> <?xml version="1.0" encoding="utf-8" ?>
> >> <configuration>
> >> <system.web>
> >> <authorization>
> >> <allow roles="Administrator" />
> >> <deny users="*" />
> >> </authorization>
> >> </system.web>
> >> </configuration>
> >> .................................................. ......> .> >>
> >> .................................................. ......> Checked)> >> code in login.aspx onClick event handler:
> >>
> >> Dim cookieRoles As New StringBuilder
> >>
> >> While reader.Read()
> >> cookieRoles.Append(reader("Role").
> >> ToString())
> >> cookieRoles.Append(".")
> >> End While
> >>
> >> ' Save the Roles in a client Cookie for
> >> future requests
> >> Dim RoleCookie As HttpCookie = New
> >> HttpCookie("Roles")
> >>
> >> RoleCookie.Value = cookieRoles.ToString()
> >>
> >> Response.Cookies.Add(RoleCookie)
> >>
> >> FormsAuthentication.
> >> RedirectFromLoginPage(UserName.Text, PersistCookie.> .> >>
> >> .................................................. ......> >> >>
> >>
> >>
> >
> >.
> >
Janaka Guest
-
sean #5 Re: RedirectFromLoginPage not redirecting
On the response.redirect I get System.Threading.
ThreadAbortException and continue to get no redirect...
thx for the feedback Janaka
S~
instead and then>-----Original Message-----
>sean
>
>try using the FormsAuthentication.GetAuthCookie() methodmessage>doing a manual Response.Redirect()
>
>Janaka
>
>"sean" <anonymous@discussions.microsoft.com> wrote inasax.>news:ace301c43699$b50052d0$a101280a@phx.gbl...>> Should have added..I have the following in my global.Object,>> vb and still no redirect:
>>
>> Sub Application_AuthenticateRequest(ByVal sender Asyou>> ByVal e As EventArgs)
>> Dim context As HttpContext = HttpContext.Current
>> If Not context.User Is Nothing AndAlso context.
>> User.Identity.IsAuthenticated Then
>> Dim userIdentity As GenericIdentity = New
>> GenericIdentity(context.User.Identity.Name, "Forms")
>> Dim userPrincipal As GenericPrincipal = New
>> GenericPrincipal(userIdentity, context.Request.
>> Cookies("Roles").Value.Split("."))
>> context.User = userPrincipal
>> End If
>> End Sub
>>
>> thanks,
>> s~
>>>> >-----Original Message-----
>> >If your wanting to use role-based authentication thenauthentication>> need to get the>> Just redirect from>> >role information into the forms authentication ticket.
>> >Don't worry about making another cookie for your roles.>> sender, EventArgs e)>> >login as you've done.
>> >In your global.asax try the following:
>> >
>> >protected void Application_AuthenticateRequest(Object>> can be your own>> >
>> >{
>> >
>> >if (Request.IsAuthenticated)
>> >
>> >{
>> >
>> > string authName = Context.User.Identity.Name;
>> >
>> > // Get the role to store
>> >
>> > string[] roles = cookieRoles.Split(','); // this>> GenericIdentity(authName);>> >implementation
>> >
>> > // Add a principal
>> >
>> > GenericIdentity thisIdentity = new>> roles);>> >
>> >
>> > Context.User = new GenericPrincipal(thisIdentity,>> message>> >
>> >}
>> >
>> >}
>> >
>> >
>> >"sean" <anonymous@discussions.microsoft.com> wrote in>> >news:a88e01c43688$08aca1c0$a401280a@phx.gbl...
>> >> I'm attempting to use Forms/Roles basedonly>> and>> >> authorization. A subdirectory's web.config allowspage.>> >> "Admin" roles and it does kick browsers to a loginlogin>> >> However...when supplying proper credentials to thein>> >> page I'm never actually redirected to the page in the
>> >> protected subdirectory. I've stepped through the codeopen>> >> the debugger and I can see the connection to the dball>> >> and the names of the roles getting fed to a cookieThere's>> just>> >> fine but at the last the redirect never happens.....>> a>> page.>> >> blink (postback I'm assuming) and I stay at the login>> >>
>> >> Any help greatly appreciated. Code to follow..
>> >> .................................................. .......>> .>> >> web.config of protected directory:
>> >>
>> >> <?xml version="1.0" encoding="utf-8" ?>
>> >> <configuration>
>> >> <system.web>
>> >> <authorization>
>> >> <allow roles="Administrator" />
>> >> <deny users="*" />
>> >> </authorization>
>> >> </system.web>
>> >> </configuration>
>> >> .................................................. .......>> .>> >>
>> >> .................................................. .......>> .>> Checked)>> >> code in login.aspx onClick event handler:
>> >>
>> >> Dim cookieRoles As New StringBuilder
>> >>
>> >> While reader.Read()
>> >> cookieRoles.Append(reader("Role").
>> >> ToString())
>> >> cookieRoles.Append(".")
>> >> End While
>> >>
>> >> ' Save the Roles in a client Cookie for
>> >> future requests
>> >> Dim RoleCookie As HttpCookie = New
>> >> HttpCookie("Roles")
>> >>
>> >> RoleCookie.Value = cookieRoles.ToString()
>> >>
>> >> Response.Cookies.Add(RoleCookie)
>> >>
>> >> FormsAuthentication.
>> >> RedirectFromLoginPage(UserName.Text, PersistCookie.>> >>
>> >> .................................................. ...>>> .>> >>
>> >>
>> >>
>> >
>> >
>> >.
>> >
>
>.
>sean Guest
-
carol #6 RedirectFromLoginPage not redirecting
I just solved the SAME problem with my site. The problem was solved after the following 3 things were corrected on the web server. There actually wasn't anything that needed to be changed with the code
1 - make sure the server's system ennvironment variable PATH contains the path to the directory where .NET is installed.
2 - make sure the subdirectories that contain the protected pages are not set up as applications within IIS
3 - make sure web sharing is turned on for those same subdirectorie
Good Luck
- Carol
carol Guest
-
carol #7 RE: RedirectFromLoginPage not redirecting
Another possible solution may be found in this link re: your threadabort error:
[url]http://support.microsoft.com/default.aspx?scid=kb;en-us;31262[/url]
For what it's worth, here's my global.asax code, different from yours..
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
'this fires each time someone hits a protected page. If they're alread
'logged on, this routine checks their role in the cookie an
'displays the page if they are authorized
'find this user's cookie that was created when the user logged o
Dim cookieName As String = FormsAuthentication.FormsCookieNam
Dim authCookie As HttpCookie = Context.Request.Cookies(cookieName
If authCookie Is Nothing The
'there's no authentication cooki
Retur
End I
'extract and decrypt the authentication ticket from the forms authentication cooki
Dim authTicket As FormsAuthenticationTicket = Nothin
Tr
authTicket = FormsAuthentication.Decrypt(authCookie.Value
Catch 'unforseen erro
Retur
End Tr
If authTicket Is Nothing The
'cookie failed to decryp
Retur
End I
'extract the roles from the user's cooki
'When the ticket was created, the UserData property was assigned
'comma delimited string of role names
Dim roles As String() = authTicket.UserData.Split(","
'Create an Identity objec
Dim id As FormsIdentity = New FormsIdentity(authTicket
'This principal will flow throughout the request
Dim principal As GenericPrincipal = New GenericPrincipal(id, roles
'Attach the new principal object to the current HttpContext objec
Context.User = principa
End Su
good luc
- Carol
carol Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
