Results 1 to 1 of 1

Thread: Need Help With Roles

Threaded View

  1. #1

    Thread Starter
    Member
    Join Date
    Jun 2005
    Posts
    52

    Need Help With Roles

    Hi,

    I need some help implementing Roles into my asp.net webpage.

    I have setup the login page and webconfig but still cant get it to work.

    Setup with http cookies to redirect main page but it still make admin panel visible to everyone that logins .

    SQL database has user, password, role, in the table and role stored as integer.

    Thanks

    Code from webconfig

    <authentication mode="Forms">
    <forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All" timeout="30" path="/">
    </forms>
    </authentication>

    <authorization>
    <allow roles="Administrator"/>
    <deny users="*"/>
    </authorization>

    Code from login.aspx.vb

    Imports System.Data
    Imports System.Data.SqlClient
    Imports System.Threading
    Imports System.Configuration
    Imports System.Web
    Imports System.Web.Security




    Public Class WebForm1
    Inherits System.Web.UI.Page
    Protected lblMessage As Label
    Protected txtUsername As TextBox
    Protected txtpassword As TextBox
    Protected Button1 As Button
    Protected Panel1 as Panel
    #Region " Web Form Designer Generated Code "

    'This call is required by the Web Form Designer.
    <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

    End Sub

    'NOTE: The following placeholder declaration is required by the Web Form Designer.
    'Do not delete or move it.
    Private designerPlaceholderDeclaration As System.Object

    Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
    'CODEGEN: This method call is required by the Web Form Designer
    'Do not modify it using the code editor.
    InitializeComponent()
    End Sub

    #End Region


    Dim conMyData As SqlConnection
    Dim conUserData As SqlConnection
    Dim cmdSelect As SqlCommand
    Dim cmdSelectRoles As SqlCommand
    Dim parmReturnValue As SqlParameter
    Dim intResult As String
    Dim strLinkPath As String
    Dim objTicket As FormsAuthenticationTicket
    Dim objCookie As HttpCookie
    Dim strReturnURL As String

    Sub Button_Click(ByVal a As Object, ByVal e As EventArgs)
    If IsValid Then
    'load stored procedure GetRoles
    If GetRoles(txtUsername.Text, txtpassword.Text) > 0 Then
    'create authentication ticket
    objTicket = New FormsAuthenticationTicket(2, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), False, "Admin")
    'create cookie UserName
    Response.Cookies("UserName").Value = txtUsername.Text
    objCookie = New HttpCookie(".ASPXAUTH")
    objCookie.Value = FormsAuthentication.Encrypt(objTicket)
    Response.Cookies.Add(objCookie)
    strReturnURL = Request.Params("ReturnURL")
    If strReturnURL <> Nothing Then
    'returns user to previous page if greater authorization was required
    Response.Redirect(strReturnURL)
    Else
    'forwards user after logi
    Response.Redirect("role_page.aspx")
    End If
    End If
    End If
    End Sub

    'check failed login attempt count and if greater than 3 pauses for 2 hours
    Sub Page_Load()
    Dim objCounter As Object = Session("counter")
    If Session("counter") > 3 Then
    Thread.Sleep(7200000)
    Response.Redirect("deny.aspx")
    End If
    End Sub

    'stored procedure, returns 1 if successful login, -1 it not
    Function GetRoles(ByVal strUsername As String, ByVal strPassword As String) As Integer
    conMyData = New SqlConnection("Server=(local);UID=XXX;Password=XXXX;Database=XXX")
    cmdSelect = New SqlCommand("GetRoles", conMyData)
    cmdSelect.CommandType = CommandType.StoredProcedure
    parmReturnValue = cmdSelect.Parameters.Add("Getrole", SqlDbType.VarChar,50)
    parmReturnValue.Direction = ParameterDirection.ReturnValue
    cmdSelect.Parameters.Add("@Username", strUsername)
    cmdSelect.Parameters.Add("@Password", strPassword)
    conMyData.Open()
    cmdSelect.ExecuteNonQuery()
    intResult = cmdSelect.Parameters("GetRole").Value
    conMyData.Close()
    'if unsuccessful login display message and increase failed attempt count by 1 then
    'pauses for 10, then 20, then 30 seconds if user keeps failign
    If intResult = -1 Then
    lblMessage.Text = "Your Username or Password is incorrect. Please try again."
    Dim objCounter As Object = Session("counter")
    If objCounter Is Nothing Then objCounter = 0
    Session("counter") = CInt(objCounter) + 1
    Thread.Sleep(10000 * (CInt(objCounter)))
    End If
    Return intResult

    If

    End Function

    End Class

    Code from role_page.aspx.vb

    Imports System.Web.Security

    Public Class role_page
    Inherits System.Web.UI.Page

    Protected lblName As Label
    Protected lblExpiration As Label
    Protected lblExpired As Label
    Protected lblIsPersistent As Label
    Protected lblIssueDate As Label
    Protected lblUserData As Label
    Protected lblVersion As Label
    Protected AdminLink As HyperLink

    #Region " Web Form Designer Generated Code "

    'This call is required by the Web Form Designer.
    <System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

    End Sub

    'NOTE: The following placeholder declaration is required by the Web Form Designer.
    'Do not delete or move it.
    Private designerPlaceholderDeclaration As System.Object

    Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
    'CODEGEN: This method call is required by the Web Form Designer
    'Do not modify it using the code editor.
    InitializeComponent()
    End Sub

    #End Region

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
    If User.IsInRole("Administrator") Then
    AdminLink.Visible = True
    End If
    End Sub

    Sub Page_Load()
    Dim objUserIdentity As FormsIdentity
    Dim objTicket As FormsAuthenticationTicket

    If User.Identity.IsAuthenticated Then
    objUserIdentity = User.Identity
    objTicket = objUserIdentity.Ticket
    lblName.Text = objUserIdentity.Name
    lblExpiration.Text = objTicket.Expiration
    lblExpired.Text = objTicket.Expired
    lblIsPersistent.Text = objTicket.IsPersistent
    lblIssueDate.Text = objTicket.IssueDate
    lblUserData.Text = objTicket.UserData
    lblVersion.Text = objTicket.Version
    Else
    lblName.Text = "Who Are You?"
    End If
    End Sub


    End Class
    Last edited by Anddmx; Oct 9th, 2005 at 06:52 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width