I am trying to make a role-based security in C# Web Application. And I am afraid that it not work in C# because of some VS.NET error!
I cover an OnAuthenticate event in global ascx with code:
HttpApplication app = (HttpApplication) sender;
if (app.Request.IsAuthenticated && app.User.Identity is FormsIdentity)
{
FormsIdentity identity = (FormsIdentity) app.User.Identity;
if (identity.Name == "1"
app.Context.User = new GenericPrincipal (identity, new string[] { "serwis" });
}
I also write a login page, with function:
GUITelemetria.DataBase.UserDB m_userDB = new GUITelemetria.DataBase.UserDB();
String userID = m_userDB.Login(txName.Text,txPassword.Text);
if(userID != null)
{
Session.Add("userID",userID);
FormsAuthentication.SetAuthCookie(userID, false);
FormsAuthentication.RedirectFromLoginPage(userID, false);
}
else
lResult.Text = "Error";
}
Finally, I put into web.config:
<authentication mode="Forms" >
<forms name="GUITelemetria" loginUrl="login.aspx" protection="All" timeout="240"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<location path="tank.aspx">
<system.web>
<authorization>
<allow roles="serwis"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
And it doesn't work... When I am debug my program, I am find that app.Request.IsAuthenticated doesn't remember settings. After authentication it is still false!
I will be really grateful for any help.
Alexandra
I cover an OnAuthenticate event in global ascx with code:
HttpApplication app = (HttpApplication) sender;
if (app.Request.IsAuthenticated && app.User.Identity is FormsIdentity)
{
FormsIdentity identity = (FormsIdentity) app.User.Identity;
if (identity.Name == "1"
app.Context.User = new GenericPrincipal (identity, new string[] { "serwis" });
}
I also write a login page, with function:
GUITelemetria.DataBase.UserDB m_userDB = new GUITelemetria.DataBase.UserDB();
String userID = m_userDB.Login(txName.Text,txPassword.Text);
if(userID != null)
{
Session.Add("userID",userID);
FormsAuthentication.SetAuthCookie(userID, false);
FormsAuthentication.RedirectFromLoginPage(userID, false);
}
else
lResult.Text = "Error";
}
Finally, I put into web.config:
<authentication mode="Forms" >
<forms name="GUITelemetria" loginUrl="login.aspx" protection="All" timeout="240"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<location path="tank.aspx">
<system.web>
<authorization>
<allow roles="serwis"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
And it doesn't work... When I am debug my program, I am find that app.Request.IsAuthenticated doesn't remember settings. After authentication it is still false!
I will be really grateful for any help.
Alexandra