none
ASP.NET 2.0 role based authorization is not working in live server RRS feed

  • Question

  • Hi
    I'm Kamaraj from Chennai. I've implemented Rolebased authorization in my web application (asp.net 2.0, C# and sql server 2005). But it is perfectly woring in local and test server. So please help me to solve this issue.

    Thanks and Regards
    Kamaraj.V

    Login.aspx.cs
    =============
     FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
                                                               1, // Ticket version
                                                               UserName, // Username associated with ticket
                                                               DateTime.Now, // Date/time issued
                                                               DateTime.Now.AddMinutes(60), // Date/time to expire
                                                               true, // "true" for a persistent user cookie
                                                               "Principal", // User-data, in this case the roles
                                                               FormsAuthentication.FormsCookiePath);// Path cookie valid for

                                                            // Encrypt the cookie using the machine key for secure transport
                                                            string hash = FormsAuthentication.Encrypt(ticket);
                                                            HttpCookie cookie = new HttpCookie(
                                                               FormsAuthentication.FormsCookieName, // Name of auth cookie
                                                               hash); // Hashed ticket

                                                            // Set the cookie's expiration time to the tickets expiration time
                                                            if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;

                                                            // Add the cookie to the list for outgoing response
                                                            Response.Cookies.Add(cookie);

                                                            // Redirect to requested URL, or homepage if no previous page
                                                            // requested
                                                            string returnUrl = Request.QueryString["ReturnUrl"];
                                                            if (returnUrl == null) returnUrl = "~/DashBoard/NewDashBoard.aspx";

                                                            // Don't call FormsAuthentication.RedirectFromLoginPage since it
                                                            // could
                                                            // replace the authentication ticket (cookie) we just added
                                                            Response.Redirect(returnUrl);

    Global.asax
    ==========
    protected void Application_AuthenticateRequest(Object sender,
        EventArgs e)
        {
            if (HttpContext.Current.User != null)
            {
                if (HttpContext.Current.User.Identity.IsAuthenticated)
                {
                    if (HttpContext.Current.User.Identity is FormsIdentity)
                    {
                        FormsIdentity id =
                            (FormsIdentity)HttpContext.Current.User.Identity;
                        FormsAuthenticationTicket ticket = id.Ticket;

                        // Get the stored user-data, in this case, our roles
                        string userData = ticket.UserData;
                        string[] roles = userData.Split(',');
                        HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles);
                    }
                }
            }
        }

    Web.Config
    ==========
    <location path="DashBoard">
        <system.web>
          <authorization>
            <allow roles="Principal"/>
            <deny users="*"/>
          </authorization>
        </system.web>
      </location>

      <location path="GeneralInformation">
        <system.web>
          <authorization>
            <allow roles="Principal"/>
            <deny users="*"/>
          </authorization>
        </system.web>
      </location>

      <location path="Reports">
        <system.web>
          <authorization>
            <allow roles="Principal"/>
            <deny users="*"/>
          </authorization>
        </system.web>
      </location>
    ...

    <system.web>
        <!-- Added by Kamaraj on 4 December 2008 start-->
        <authentication mode="Forms">
         
          <forms loginUrl="Login.aspx"
                 protection="All"
                 path="/"/>

        </authentication>
        <authorization>
          <deny users="?"/>
          <allow users="*"/>
        </authorization>
        <!-- end -->
      </system.web>



    Friday, December 12, 2008 9:09 AM

Answers