Hello,
Dean is correct in this. Also, the FormsAuthentication class will not allow you to add your own data to the cookie unless you create the ticket manually. If you use the FormsAuthentication.SetAuthCookie(username, False) you cannot modify the cookies contents. Also, do not try to modify the cookies contents outside of the class methods. It will not work. Only the signout() method can expire a cookie. --E -----Original Message----- From: Dean Fiala [mailto:[EMAIL PROTECTED] Sent: Thursday, August 19, 2004 11:51 PM To: [EMAIL PROTECTED] Subject: RE: [AspNetAnyQuestionIsOk] Role-based authorization with Forms Authentication When using forms authentication HttpContext.Current.User is set by reading the FormsAuthenticationTicket (FAT) from the request. If you haven't created the FAT and added it to the response either manually or by using FormsAuthentication.SetAuthCookie, ASP.NET will not have the info to recognize the user. Add something like this to your login code and you should be all set.... FormsAuthentication.SetAuthCookie(username, False) HTH, Dean Fiala ----------------------------- Very Practical Software, Inc. http://www.vpsw.com/links.aspx <http://www.vpsw.com/links.aspx> -----Original Message----- From: Gurmeet Kohli [mailto:[EMAIL PROTECTED] Sent: Thursday, August 19, 2004 10:40 AM To: [EMAIL PROTECTED] Subject: [AspNetAnyQuestionIsOk] Role-based authorization with Forms Authentication Hello Everyone, I am trying to implement role-based authorization with Forms Authentication and running into a problem. I have created a login page where the user enters the username and password. After the user is authentication, I run a procedure in the global.asax file in the AuthenticateRequest event handler. In this procedure, I am trying to grab the roles from a table. But the query does not return any values! I know the user is authenticated cause the menu that displays the roles is empty. So the user does get to the .aspx forms. On debugging I have noticed that the Context.User.Identity.Name is empty. I am using the username that the user enters in the login form. My code is as follows: <%@ Import Namespace="System.Data" %> <%@ Import Namespace="System.IO" %> <%@ Import Namespace="System.Data.OleDB" %> <%@ Import Namespace="System.Security.Principal " %> <script language="VB" runat="server"> Sub Application_AuthenticateRequest(sender as object, e as EventArgs) Dim strConnect as string = ConfigurationSettings.AppSettings("HealthyVision") Dim Conn as OLEDBConnection Dim Rdr as OLEDBDataReader Dim CmdSelect as OLEDBCommand Dim strSQL as string Dim rolelist as New Arraylist If request.isAuthenticated Then 'determine the user's role Conn=New OLEDBConnection(strConnect) Conn.Open() 'Query to get Applications info from database strSQL="SELECT tbl_group.group_name FROM (tbl_User INNER JOIN tbl_roles ON tbl_User.Userid = tbl_roles.User_id) INNER JOIN tbl_group ON tbl_roles.Group_id = tbl_group.group_id WHERE (((tbl_User.Username)[EMAIL PROTECTED]))" CmdSelect=New OLEDBCommand(strSQL,Conn) CmdSelect.Parameters.add("@username", Context.User.Identity.Name) Rdr=CmdSelect.ExecuteReader() While rdr.read() rolelist.Add(rdr("group_name")) End While Rdr.close() 'convert the rolelist Arraylist to a string array Dim rolelistArray as string() = rolelist.toArray(gettype(string)) 'Add roles to the user principal HttpContext.Current.User = New GenericPrincipal(User.Identity, roleListArray) End if End Sub </script> Yahoo! Groups Links Yahoo! Groups Sponsor ADVERTISEMENT <http://us.ard.yahoo.com/SIG=129l9upjl/M=298184.5285298.6392945.3001176/D=gr oups/S=1705006764:HM/EXP=1093060290/A=2319498/R=0/SIG=11thfntfp/*http:/www.n etflix.com/Default?mqso=60185352&partid=5285298> click here <http://us.adserver.yahoo.com/l?M=298184.5285298.6392945.3001176/D=groups/S= :HM/A=2319498/rand=306927646> _____ Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/ <http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/> * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED] e> * Your use of Yahoo! Groups is subject to the Yahoo! Terms of <http://docs.yahoo.com/info/terms/> Service. [Non-text portions of this message have been removed] ------------------------ Yahoo! Groups Sponsor --------------------~--> Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. Now with Pop-Up Blocker. Get it for free! http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/saFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
