forms authentication problem

From: Terry (NTuser_Man@msn.com)
Date: 02/10/03


From: NTuser_Man@msn.com (Terry)
Date: 10 Feb 2003 12:49:50 -0800


Howdy,

I have a forms authentication problem. I am following examples of
including the user roles in the UserData section of the forms
authentication ticket. It appears that the user roles are being added
to the ticket but somehow they are not all being assigned to the user.
 Only one role is assigned to a user.

My global.asax should assign to the current user all roles listed in
the user's authentication ticket.

Here is the script from my global.asax:

Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
 If (Not (HttpContext.Current.User Is Nothing)) Then
  If HttpContext.Current.User.Identity.AuthenticationType = "Forms"
Then
   Dim id As FormsIdentity
   Dim tkt As FormsAuthenticationTicket
   id = HttpContext.Current.User.Identity
   tkt = id.Ticket
   Dim Role() As String
   Dim authcookie As HttpCookie
   authcookie = Request.Cookies(FormsAuthentication.FormsCookieName)
   tkt = CType(FormsAuthentication.Decrypt(authcookie.Value),
FormsAuthenticationTicket)
   Role = Split(tkt.UserData, ",")
   Dim principal = new GenericPrincipal(id, Role)
   Context.User = principal
  End If
 End If
End Sub

Presumably all the roles are added to the ticket in the last three
lines of that script.

I can confirm that the roles are added to the ticket. On my
default.aspx document I verify that the roles have been added to the
user authorization ticket with the following script:

Dim id As FormsIdentity
Dim tkt As FormsAuthenticationTicket
id = HttpContext.Current.User.Identity
tkt = id.Ticket
Dim Role() As String
Dim authcookie As HttpCookie
authcookie = Request.Cookies(FormsAuthentication.FormsCookieName)
tkt = CType(FormsAuthentication.Decrypt(authcookie.Value),
FormsAuthenticationTicket)
Role = Split(tkt.UserData, ",")
Dim strItem As String

For each strItem in Role
 Response.write("<BR>" & strItem)
Next

For my login the script returns:

Admin
Developer

This shows that all my roles have been added to the user authorization
ticket. Yes? No?

However, if I try a script to determine my roles:

If Context.User.IsInRole("Developer") then
 response.write("You are a Developer!" )
Else
 response.write("You are not a Developer!")
End If
If Context.User.IsInRole("Admin") then
 response.write("You are an Admin!" )
Else
 response.write("You are not an Admin!")
End If
If Context.User.IsInRole("Student") then
 response.write("You are a Student!" )
Else
 response.write("You are not a Student!")
End If

The return is:
You are not a Developer!
You are an Admin!
You are not a Student!

I do not understand the inconsistent results. There must be an error
that I have failed to locate. Please help me correct the error of my
ways.

Thanks,

--Terry



Relevant Pages

  • Mega Powerball System - 384 Lines - $252
    ... 10 PRINT "Press CTRL-C To Exit" ... 12 DIM A: DIM P ... 300 REM SHOW EACH TICKET ...
    (rec.gambling.lottery)
  • RE: How to catch (and save) the *number* of updated records
    ... Took me a few tries to realize that all three inputs for the DCount function ... the same as the criteria for your query that is update the records. ... to us as well as serve as a ticket tracking system for our internal reports ... Dim vbMsgBoxResult As Long ...
    (microsoft.public.access.modulesdaovba)
  • Re: Compare last record to new ("unsaved") record
    ... Dim LastTickNo As String ... Dim LastTickMo As Integer ... 'If this is the first ticket ever created in this database then you don't ... Set rst = db.OpenRecordset ...
    (microsoft.public.access.formscoding)
  • Re: How to catch (and save) the *number* of updated records
    ... Dim vbMsgBoxResult As Long ... Dim stDocName As String ... to us as well as serve as a ticket tracking system for our internal ...
    (microsoft.public.access.modulesdaovba)
  • Re: Renewing Kerberos ticket
    ... Refreshing a ticket does not ... The user runs a script that creates a group and adds themselves ... > changing their membership. ...
    (microsoft.public.windows.server.scripting)