开发者

ASP.NET membership

开发者 https://www.devze.com 2022-12-17 00:29 出处:网络
I configured ASP.NET membership and created some users as well as a protected folder. now, what\'s weird is that after being successfully authenticated, instead of going to the protected page, the log

I configured ASP.NET membership and created some users as well as a protected folder. now, what's weird is that after being successfully authenticated, instead of going to the protected page, the login page is loaded again.!

for example, I have a role "HR" and a user "hr1" who is a member of "HR"开发者_开发技巧. I have a protected folder "HR" which is supposed to be accessible only to "HR" group.

now, when trying to access the protected folder, I'm redirected to the login page which is a good thing. but after, I give the right login and password, I'm not redirected to the page I tried accessing in the first place.


I had this the other day - have you correctly edited the web.config settings, rather than cut and pasted? :)

The important part in the following is the 'Path="/"' attribute - the examples have it set to "/admin" and by default will cause the redirect to login page issue if /admin doesn't exist.

<authentication mode="Forms">
  <forms loginUrl="Login.aspx" protection="All" timeout="30" name="AppNameCookie" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseCookies" enableCrossAppRedirects="false"/>
</authentication>


If you try to redirect to a protected page, with a user who is not in the role that you have assigned that page to allow, you will get redirected back to login - is this what is happening?


You may have to add authentication for the login.aspx page in your web.config (and don't forget the other public paths):

<configuration>

    <!-- Path access rights -->
    <location path="login.aspx">
        <system.web>
            <authorization>
                <allow users="?"/>
            </authorization>
        </system.web>
    </location>

    <location path="css">
        <system.web>
            <authorization>
                <allow users="*"/>
            </authorization>
        </system.web>
    </location>
    <location path="images">
        <system.web>
            <authorization>
                <allow users="*"/>
            </authorization>
        </system.web>
    </location>

    <location path="">
        <system.web>
            <authorization>
                <deny users="?"/>
            </authorization>
        </system.web>
    </location>
    <!-- END -->

    <authentication mode="Forms">
            <forms loginUrl="~/login.aspx" defaultUrl="~/" name=".MYAPPCOOKIE" timeout="60" path="/" protection="All"/>
    </authentication>

</configuration>

EDIT: After writing this, I re-read your question and I think you may have done this already but got some of the role permissions incorrect? It might help to paste more information, like your web.config specific permissions for these paths.


It may sound silly, but you have enabled the role manager haven't you?

Unlike the membership provider that is enabled by declaring a provider in the web.config, you actually have to turn on the role manager, otherwise you'll see the behaviour you're describing:

<roleManager enabled="true">
  <providers>
    <clear />
    <add [...] />
  </providers>
</roleManager>

Basically, the way the ASP.NET membership system works, if the user isn't in the correct role to access the page, then they are kicked back to the login screen. ASP.NET doesn't easily distinguish between an unauthenticated request, and a request where the user is authenticated but doesn't have rights.

(I've forgotten to do this in the past).

0

精彩评论

暂无评论...
验证码 换一张
取 消