I am having trouble with my Web Form app. Specifically my app keeps going back to the Login page whenever the function GetRolesForUser return null. Here is a workflow of my app. An user first logs in using Login page and then redirects default.aspx if he is a ValidateUser. However, some Validated users (Membership.ValidateUser) when redirecting to default.aspx donot return role in GetRolesForUser( which is null). Therefore these users cannot redirect to different page( Staff/Default.aspx) even if i set role = "Officer" as a default. It still redirects them back to Login.aspx.
I dont know what is causing this problem. I check applicationName and it is correct.
Does anyone know what happens and what is causing this problem? Can you suggest a way to fix this?
web.config
<location path="Default.aspx">
<system.web>
<authorization>
<allow roles="Master,CanEdit"/>
<allow roles="Admin,CanEdit"/>
<allow roles="Staff,CanEdit"/>
<allow roles="Officer"/>
<allow roles="Agent"/>
<allow roles="Front Desk"/>
<allow roles="Manager"/>
<deny users="?"/>
<!--<allow users="*"/>-->
</authorization>
</system.web>
</location>
<authentication mode="Forms">
<forms name="Login" loginUrl="~/Login.aspx" path="/" defaultUrl="~/Default.aspx" protection="All" timeout="60"/>
</authentication>
<membership defaultProvider="ApplMembershipProvider">
<providers>
<add name="ApplMembershipProvider"
connectionStringName="ApplConnection"
applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="false" requiresUniqueEmail="true"
passwordFormat="Hashed"
minRequiredPasswordLength="3" minRequiredNonalphanumericCharacters="0"
maxInvalidPasswordAttempts="30" type="System.Web.Security.SqlMembershipProvider"/>
</providers>
</membership>
Login.aspx
protected void Page_Load(object sender, EventArgs e)
{
TextBox username = (TextBox)loginControl.FindControl("UserName");
TextBox password = (TextBox)loginControl.FindControl("Password");
if (IsPostBack)
{
if (!String.IsNullOrEmpty(username.Text) && !String.IsNullOrEmpty(password.Text))
{
// set focus on the username text box when the page loads
username.Focus();
EmployeeSchool EmplSchool;
string test = ApplConfiguration.DbConnectionString;
EmplSchool = ApplSchoolUsers.GetEmployeeSchool(username.Text);
string connection = ApplSchoolUsers.GetConnectionString(EmplSchool.School);
ApplConfigurationSchool.ConfigureConnectionString(connection);
string test1 = ApplConfiguration.DbConnectionString;
if (Membership.ValidateUser(username.Text, password.Text))
{
string returnUrl = (string)Request.QueryString["ReturnUrl"];
if (returnUrl != null)
{
Response.Redirect("~/Default.aspx", false);
}
}
}
}
}
Default.aspx
string userName = "";
string[] UserRoles = null;
System.Web.Security.RoleProvider roleProvider = System.Web.Security.Roles.Provider;
try
{
string test = ApplConfiguration.DbConnectionString;
userName = Membership.GetUser().UserName.ToString();
//it does return a valid userName
UserRoles = roleProvider.GetRolesForUser(userName);
//testing
string currUserRole = (UserRoles.Length!=0) ? UserRoles[0] : "Officer";
switch (currUserRole)
{
case "Master":
Response.Redirect("~/Adm/DefaultMaster.aspx",false);
break;
case "Admin":
Response.Redirect("~/Adm/Default.aspx",false);
break;
case "Front Desk":
Response.Redirect("~/Lsi/Default.aspx",false);
break;
case "Staff":
case "Officer":
Response.Redirect("~/Staff/Default.aspx",false);
break;
case "Manager":
Response.Redirect("~/Manager/Default.aspx",false);
break;
case "Agent":
Response.Redirect("~/Agent/Default.aspx",false);
break;
}
}
You are missing too many pieces -
You need <roleManager..></roleManager> tag in web.config if you want to use Role Provider.
Membership.ValidateUser is for validating user; you still need to create FormAuthentication Cookie by using FormsAuthentication.SetAuthCookie(username , true|false);
You do not need to instantiate ... roleProvider = System.Web.Security.Roles.Provider; inside Default.aspx. You just need to call -
string[] roles = Roles.GetRolesForUser(User.Identity.Name);