Reputation: 390
Role based authorization in asp.net
I am working on an existing web site. I am currently working on role based authorization for the site. I gave the following in web.config:
<system.web>
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" loginUrl="Login.aspx" requireSSL="false" protection="All" slidingExpiration="true" path="/" timeout="240" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
This is how I add users to role:
if (!Roles.RoleExists(DropDownList1.SelectedValue))
{
Roles.CreateRole(DropDownList1.SelectedValue);
}
Roles.AddUserToRole(TextBox1.Text, DropDownList1.SelectedValue);
And this is how I login:
if (Roles.IsUserInRole(TextBox1.Text,"Admin"))
{
//Code to validate password
Response.Redirect("./Admin/AdminHome.aspx");
}
But the redirection doesnt work. I have shown the code only for admin, there are other roles as well. When I click login button, The url changes as though login is invalid and stays on login page. Please help if I am missing anything for role based authorization.
Edit: I debbuged the entire code and the code stops at Respsonse.Redirect. Is the problem because of web.config. Will it be better to use a web.config for each folder ?
Upvotes: 1
Views: 939
Answers (3)
Reputation: 32699
To manually log a user in when you're using Forms Authentication. use FormsAuthentication.SetAuthCookie().
Example:
string username = UsernameTB.Text;
FormsAuthentication.SetAuthCookie(username, false);
After they're logged in, you can perform a redirect to the originally requested page or a landing page (depending on how they arrived at the login page). You use Response.Redirect() for that. That will send an HTTP Redirect to the client telling them to request a different page. As soon as Response.Redirect() is finished, the current execution ends with a ThreadAbortException (this is normal).
Upvotes: 1
Reputation: 390
I worked little more on this. And the problem is likely with Response.Redirect(). This syntax doesnt set the authentication cookie and thus when it sees authentication enabled comes back to authentication page. Two ways to approach:
- Use defaulturl in authentication tag and redirect to an empty page. On page load of that empty page, based on role redirect to different page.
- Use formsauthentication.setauthcookie(user,bool variable) before redirecting.
Thanks all for trying.
Upvotes: 0
Reputation:
You may need to add the following line before you redirect logic.
Response.BufferOutput = true;
How to: Redirect Users to Another Page
Upvotes: 0
Related Questions
- Implementing role-based authorization using .NET MVC 5
- Asp.net Web Application Role based authentication
- ASP.NET C# - Setting up Role Based Security with Forms Authentication
- role based authorization with window authentication in asp.net
- How to perform authorization of roles?
- ASP.NET Role based access
- Role based authorization
- Suggest me best role based authentication/authorization method in asp.net that can work control level
- ASP.NET Roles and Permissions
- What is the best way to implement role-based security in ASP.Net?