Help with Login Page in vb.net

Question

Im new to .NET and have been searching on this issue but no luck. I have created a login page, with a user Id and password. In my webconfig, I put the following code in to deny users who are not authenicated.

 <authentication mode="Forms">
  <forms loginUrl="Login.aspx" timeout="10" protection="All" />
 </authentication>

 <authorization>
   <deny users="?"></deny>      
 </authorization>

What im trying to accomplish is that when a user enters the correct information, I would like to store information small information about the user in a cookie, say for example if there an admin, manager, user, etc...Here is the code that occurs when the user click the submit button. The problem is that the page doesnt redirect to the page after user enter correct information. Any help would be very much appreciated.

   If txtPassword.Text.ToLower = "test" Then

        'Create a cookie
        Dim cookie As New HttpCookie("UserInfo")

        'Cookie variables
        cookie("User") = txtUser.Text
        cookie("UserGroup") = "Admin"

        'Add Cookies to current web responses
        Response.Cookies.Add(cookie)

        Response.Redirect("login_successful.aspx")
        'FormsAuthentication.RedirectToLoginPage("login_successful.aspx")
    Else
        lblResult.Text = "Incorrect Password"
    End If

Answer 1

I wouldn't recommend using cookies to store role information. Use one of the built in providers to accomplish this task. For example, try this.

Open Visual Studio or Visual Studio Express and create a new "ASP.NET Web Application." You will notice that it includes an "Account" directory with examples of how to use the built in providers. You have to set up the database with the correct tables, roles, sprocs, etc to use the built in providers but it's easy. If you have .NET 4.0 installed the program that sets up the database to use the built in providers it called aspnet_regsql.exe and it's typically located here:

C:\\WINDOWS\\Microsoft.NET\\Framework\\v4.0.30319\\aspnet_regsql.exe

Then to solve your login problem you can use the Login control and use the Login.DestinationPageUrl attribute to redirect the user to which ever page you desire after it logs in.

Even if you don't use the built in providers this will give you a much better idea of how to go about implementing roles into your webpage.

Answer 2

I guess before redirecting you have to set authentication cookie first by calling FormsAuthentication.SetAuthCookie method. And yes do consider the comment regarding cookies of joel coehoorn about saving information.

Answer 3

Rather than using a cookie to store that information (which can be hacked), you should store Roles in the ASPNetRoles table and associate roles to users when they are created. You can check a role with the following code:

If (Roles.IsUserInRole("rolename")) Then
   'Do something useful
End If

As for the redirect, in what event handler is it included?

Answer 4

Can you try these two?

1) The webconfig may need refrence to the cookie name

<forms name="UserInfo" ...

2) Webconfig could also require being told who to allow

<authorzation>
    <allow user="Admin" />
    <deny...