|
-
Oct 9th, 2005, 01:20 PM
#1
Thread Starter
Member
Need Help With Roles
Hi,
I need some help implementing Roles into my asp.net webpage.
I have setup the login page and webconfig but still cant get it to work.
Setup with http cookies to redirect main page but it still make admin panel visible to everyone that logins .
SQL database has user, password, role, in the table and role stored as integer.
Thanks
Code from webconfig
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="login.aspx" protection="All" timeout="30" path="/">
</forms>
</authentication>
<authorization>
<allow roles="Administrator"/>
<deny users="*"/>
</authorization>
Code from login.aspx.vb
Imports System.Data
Imports System.Data.SqlClient
Imports System.Threading
Imports System.Configuration
Imports System.Web
Imports System.Web.Security
Public Class WebForm1
Inherits System.Web.UI.Page
Protected lblMessage As Label
Protected txtUsername As TextBox
Protected txtpassword As TextBox
Protected Button1 As Button
Protected Panel1 as Panel
#Region " Web Form Designer Generated Code "
'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
End Sub
'NOTE: The following placeholder declaration is required by the Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub
#End Region
Dim conMyData As SqlConnection
Dim conUserData As SqlConnection
Dim cmdSelect As SqlCommand
Dim cmdSelectRoles As SqlCommand
Dim parmReturnValue As SqlParameter
Dim intResult As String
Dim strLinkPath As String
Dim objTicket As FormsAuthenticationTicket
Dim objCookie As HttpCookie
Dim strReturnURL As String
Sub Button_Click(ByVal a As Object, ByVal e As EventArgs)
If IsValid Then
'load stored procedure GetRoles
If GetRoles(txtUsername.Text, txtpassword.Text) > 0 Then
'create authentication ticket
objTicket = New FormsAuthenticationTicket(2, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), False, "Admin")
'create cookie UserName
Response.Cookies("UserName").Value = txtUsername.Text
objCookie = New HttpCookie(".ASPXAUTH")
objCookie.Value = FormsAuthentication.Encrypt(objTicket)
Response.Cookies.Add(objCookie)
strReturnURL = Request.Params("ReturnURL")
If strReturnURL <> Nothing Then
'returns user to previous page if greater authorization was required
Response.Redirect(strReturnURL)
Else
'forwards user after logi
Response.Redirect("role_page.aspx")
End If
End If
End If
End Sub
'check failed login attempt count and if greater than 3 pauses for 2 hours
Sub Page_Load()
Dim objCounter As Object = Session("counter")
If Session("counter") > 3 Then
Thread.Sleep(7200000)
Response.Redirect("deny.aspx")
End If
End Sub
'stored procedure, returns 1 if successful login, -1 it not
Function GetRoles(ByVal strUsername As String, ByVal strPassword As String) As Integer
conMyData = New SqlConnection("Server=(local);UID=XXX;Password=XXXX;Database=XXX")
cmdSelect = New SqlCommand("GetRoles", conMyData)
cmdSelect.CommandType = CommandType.StoredProcedure
parmReturnValue = cmdSelect.Parameters.Add("Getrole", SqlDbType.VarChar,50)
parmReturnValue.Direction = ParameterDirection.ReturnValue
cmdSelect.Parameters.Add("@Username", strUsername)
cmdSelect.Parameters.Add("@Password", strPassword)
conMyData.Open()
cmdSelect.ExecuteNonQuery()
intResult = cmdSelect.Parameters("GetRole").Value
conMyData.Close()
'if unsuccessful login display message and increase failed attempt count by 1 then
'pauses for 10, then 20, then 30 seconds if user keeps failign
If intResult = -1 Then
lblMessage.Text = "Your Username or Password is incorrect. Please try again."
Dim objCounter As Object = Session("counter")
If objCounter Is Nothing Then objCounter = 0
Session("counter") = CInt(objCounter) + 1
Thread.Sleep(10000 * (CInt(objCounter)))
End If
Return intResult
If
End Function
End Class
Code from role_page.aspx.vb
Imports System.Web.Security
Public Class role_page
Inherits System.Web.UI.Page
Protected lblName As Label
Protected lblExpiration As Label
Protected lblExpired As Label
Protected lblIsPersistent As Label
Protected lblIssueDate As Label
Protected lblUserData As Label
Protected lblVersion As Label
Protected AdminLink As HyperLink
#Region " Web Form Designer Generated Code "
'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()
End Sub
'NOTE: The following placeholder declaration is required by the Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object
Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub
#End Region
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
If User.IsInRole("Administrator") Then
AdminLink.Visible = True
End If
End Sub
Sub Page_Load()
Dim objUserIdentity As FormsIdentity
Dim objTicket As FormsAuthenticationTicket
If User.Identity.IsAuthenticated Then
objUserIdentity = User.Identity
objTicket = objUserIdentity.Ticket
lblName.Text = objUserIdentity.Name
lblExpiration.Text = objTicket.Expiration
lblExpired.Text = objTicket.Expired
lblIsPersistent.Text = objTicket.IsPersistent
lblIssueDate.Text = objTicket.IssueDate
lblUserData.Text = objTicket.UserData
lblVersion.Text = objTicket.Version
Else
lblName.Text = "Who Are You?"
End If
End Sub
End Class
Last edited by Anddmx; Oct 9th, 2005 at 06:52 PM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|