Im new to .NET and have been searching on this issue but no luck. I have created a login page, with a user Id and password. In my webconfig, I put the following code in to deny users who are not authenicated.
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="10" protection="All" />
</authentication>
<authorization>
<deny users="?"></deny>
</authorization>
What im trying to accomplish is that when a user enters the correct information, I would like to store information small information about the user in a cookie, say for example if there an admin, manager, user, etc...Here is the code that occurs when the user click the submit button. The problem is that the page doesnt redirect to the page after user enter correct information. Any help would be very much appreciated.
If txtPassword.Text.ToLower = "test" Then
'Create a cookie
Dim cookie As New HttpCookie("UserInfo")
'Cookie variables
cookie("User") = txtUser.Text
cookie("UserGroup") = "Admin"
'Add Cookies to current web responses
Response.Cookies.Add(cookie)
Response.Redirect("login_successful.aspx")
'FormsAuthentication.RedirectToLoginPage("login_successful.aspx")
Else
lblResult.Text = "Incorrect Password"
End If
I wouldn't recommend using cookies to store role information. Use one of the built in providers to accomplish this task. For example, try this.
Open Visual Studio or Visual Studio Express and create a new "ASP.NET Web Application." You will notice that it includes an "Account" directory with examples of how to use the built in providers. You have to set up the database with the correct tables, roles, sprocs, etc to use the built in providers but it's easy. If you have .NET 4.0 installed the program that sets up the database to use the built in providers it called aspnet_regsql.exe and it's typically located here:
C:\\WINDOWS\\Microsoft.NET\\Framework\\v4.0.30319\\aspnet_regsql.exe
Then to solve your login problem you can use the Login control and use the Login.DestinationPageUrl attribute to redirect the user to which ever page you desire after it logs in.
Even if you don't use the built in providers this will give you a much better idea of how to go about implementing roles into your webpage.
I guess before redirecting you have to set authentication cookie first by calling FormsAuthentication.SetAuthCookie
method. And yes do consider the comment regarding cookies of joel coehoorn about saving information.
Rather than using a cookie to store that information (which can be hacked), you should store Roles in the ASPNetRoles table and associate roles to users when they are created. You can check a role with the following code:
If (Roles.IsUserInRole("rolename")) Then
'Do something useful
End If
As for the redirect, in what event handler is it included?
Can you try these two?
1) The webconfig may need refrence to the cookie name
<forms name="UserInfo" ...
2) Webconfig could also require being told who to allow
<authorzation>
<allow user="Admin" />
<deny...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.