I am using forms authentication with asp.net and c#. The subdirect开发者_JAVA百科ory “Admin” is only accessible to users who are in the WenAdmin role. I was able to create a user who has this role. Once he is logged in he can perform all the functions within the Admin directory. Others cannot. This is all working ok.
The web.config in the Admin directory has the lines
<authorization>
<deny users="?"/>
<allow roles="WebAdmin"/>
<deny users="*"/>
</authorization>
Each paragraph of the code-behind of the Admin page have the line
[PrincipalPermission(SecurityAction.Demand, Role = "WebAdmin")]
The login establishes the current user with the code
FormsAuthentication.RedirectFromLoginPage(MyLogin.UserName, MyLogin.RememberMeSet);
The only problem I have occurs when the Admin user creates a new user who is not an Admin user. After doing this the program seems to forget that this is an Admin user and he is force to login again. I don’t want to have to do this. The code to create the new user is:
MembershipUser newUser = Membership.CreateUser(CreateUserWizard1.UserName,CreateUserWizard1.Password);
Please help me, if you can.
From your code I see you're using the create user wizard control. Make sure that asp.net isn't trying to log the new user into the system:
http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.createuserwizard.logincreateduser.aspx
Set this property to false.
精彩评论