Forms Auth (roles being ignored)



Please ignore my previous post as I am way past that now.

Below is the code I am using in the login page. Below that are settings
within Web.config file. The procedure responsible for checking the password
just sets a session variable call "WebRoles" and returns True. In this case
I am setting a role that should be denied access to the requested page
eventhough the user is authenticated. But the code below always results in a
redirection to the protected page. In this website there is only one page in
the root directory (Login.aspx) and there is a Public subfolder which has two
pages RegUpdate.aspx and Appt.aspx.

For authenticated users the redirection happens just fine. But, somehow, I
thought the following line would fail for denied roles:

'Redirect the request
FormsAuthentication.RedirectFromLoginPage(Trim(sUserName), False)

What I am missing?

********************CODE************
Partial Class Login
Inherits System.Web.UI.Page

Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load

End Sub

Private Function CheckPassWord(ByVal sUser As String, ByVal sPassword As
String) As Boolean
Session("WebRoles") = "Photog" 'THIS ROLE IS NOT ALLOWED ACCESSED TO
THE PUBLIC FOLDER PER WEB.CONFIG FILE.
Return True
End Function


Protected Sub btnLogIn_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles btnLogIn.Click
Try
If Not (Session("UserName")) Is Nothing Then
FormsAuthentication.SignOut()
End If

Select Case CheckPassWord(Trim(tbUserName.Text),
Trim(tbPassWord.Text))

Case True
Call RedirectUser(Trim(tbUserName.Text))
Case False
lblmsg.Text = "UserName or Password not found. Please
try again." + vbCrLf + lblmsg.Text
ViewState("tries") = ViewState("tries") + 1
If ViewState("tries") > 3 Then
Response.Redirect("Denied.aspx")
End If
End Select
Catch ex As Exception

End Try
End Sub

Private Sub RedirectUser(ByVal sUserName As String)

'create authentication ticket
Dim authTicket As New FormsAuthenticationTicket(1, sUserName,
DateTime.Now, DateTime.Now.AddMinutes(20), False, Session("WebRoles"))

'Create encrypted string representation of ticket
Dim sEncryptedTicket As String = ""
Try
sEncryptedTicket = FormsAuthentication.Encrypt(authTicket)
Catch ex As Exception
Session("StringEncrptFailed") = ex.Message
End Try

'Store it within a HttpCookie Object
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, sEncryptedTicket)
authCookie.Path = FormsAuthentication.FormsCookiePath
Dim strCookiePath As String = authCookie.Path
'Add it the cookie to the outgoing cookie collection
Try
Response.Cookies.Add(authCookie)
Catch ex As Exception
Session("CookieAddFailed") = ex.Message
End Try

'Redirect the request
FormsAuthentication.RedirectFromLoginPage(Trim(sUserName), False)

End Sub

End Class
*************WEB.CONFIG FILE*******
<?xml version="1.0"?>
..
..
..
<system.web>
..
..
..
<roleManager enabled ="true" />
<authentication mode="Forms">
<forms name="Appointment" loginUrl="Login.aspx" slidingExpiration="true"
protection="All" timeout="20" path="/">
<credentials passwordFormat="Clear"></credentials>
</forms>
</authentication>
<machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate"/>
<authorization>
<deny users="?"/>
</authorization>
</system.web>

<location path="Public">
<system.web>
<authorization>
<!-- Order and case are important below -->
<allow roles="Public"/>
<deny roles="Photog"/>
<deny users="?"/>
</authorization>
</system.web>
</location>
..
..
..
.



Relevant Pages

  • Project Error
    ... Private Declare Sub Sleep Lib "Kernel32" ... Dim strDataSrc As String ...
    (microsoft.public.vb.bugs)
  • Re: Is there a way to prevent a RichTextBox from scrolling?
    ... Private _isRegex As Boolean ... Public Sub New(ByVal thispattern As String, ... Dim entry As tDict ...
    (microsoft.public.dotnet.framework.windowsforms.controls)
  • Excel Listing tool using VB
    ... Sub ListFiles2() ... Dim directories() As String, CurrentDirectory As String ... Dim dirtopaste, dirok ...
    (microsoft.public.vb.general.discussion)
  • Form Error
    ... SMSDS_CallerID As String ... Private Declare Sub Sleep Lib "kernel32" ... Dim ComString As String ... Dim AppPath As String, FreeFileNo% ...
    (microsoft.public.vb.bugs)
  • Re: Encrypt/hide Password
    ... Public Sub New(ByVal strCryptoName As String) ... ' instantiated crypto class. ... Dim fsKey As New FileStream(strSaveToPath, FileMode.OpenOrCreate, _ ...
    (microsoft.public.scripting.wsh)