Re: When does the Roles/Username get set in HTTPContext?

and the code on your login page / login control event handler?
-----
Dominick Baier (http://www.leastprivilege.com)

Yes, it looks like this:

<authentication mode="Forms">
<forms loginUrl="~/Security/Login.aspx" protection="All"
requireSSL="false" slidingExpiration="true" name="STS Registration"
path="/Admin" />
</authentication>
"Dominick Baier" wrote:

have you set

<authentication mode="Forms" /> ?

-----
Dominick Baier (http://www.leastprivilege.com)
Hi,

I have just made an app that uses the 2.0 membership and roles
system, using a remote SQL Server 2005 DB for storage. I've created
a login.aspx page with a login control on it that seems to
authenticate correctly. The LoggedIn event fires when a correct
username/password combo has been entered.

However, the next page that I send the authenticated user to doesn't
show any of the context information. The loginname control shows
blank and loginstatus shows logged out(Log In). So it's like none of
the roles or other context for that user gets saved for later use.
Setting up a web.config file with deny anonymous also fails.

Is there some special code I have to put in the login control events
or global.asax that will set up the user's username and roles in
context? I've looked all over and don't see any examples of this.

My web.config sections have this:

<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
connectionStringName="SubTechAdmin"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="true"
applicationName="STSRegistration"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="1"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
type="System.Web.Security.SqlMembershipProvider,
System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
/>
</providers>
</membership>
<roleManager enabled="true" cacheRolesInCookie="true"
defaultProvider="AspNetSqlRoleProvider"
cookieName="STSAPLRegistration2007"
cookiePath="/" cookieTimeout="30" cookieRequireSSL="false"
cookieSlidingExpiration="true" createPersistentCookie="true"
cookieProtection="All">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider"
connectionStringName="SubTechAdmin"
applicationName="STSRegistration"
type="System.Web.Security.SqlRoleProvider, System.Web,
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
/>
</providers>
</roleManager>


.

Relevant Pages

  • Re: When does the Roles/Username get set in HTTPContext?
    ... I don't have any code in the login control event ... Is there code that I can get somewhere that will set the context? ... Dominick Baier ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: When does the Roles/Username get set in HTTPContext?
    ... Dominick Baier ... I have just made an app that uses the 2.0 membership and roles system, ... roles or other context for that user gets saved for later use. ... Is there some special code I have to put in the login control events ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ActiveDirectoryMembershipProvider - User properties not set
    ... Dominick Baier, DevelopMentor ... when the user logs in (I am using the the Login control) the User ... it tells me I had an invalid login and never hits the ... when I do supply valid credentials the User ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: asp.net login control not authenticating?
    ... Dominick Baier - DevelopMentor ... for some documentation on the login control, but, I haven't found any. ... to handle the Authenticate method manually in order to redirect the authenticated user to a specific URL based on the referring URL ...
    (microsoft.public.dotnet.framework.aspnet.security)