0 Replies - 461 Views - Last Post: 09 August 2010 - 05:12 AM Rate Topic: -----

#1 ans2007kumar  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 67
  • Joined: 25-September 09

Authorization and authentication

Posted 09 August 2010 - 05:12 AM

I created my custom login module for that in login page i write this code
protected void Button1_Click(object sender, EventArgs e)
    {
        string user = TextBox1.Text.Trim(), pass = TextBox2.Text.Trim();
        SqlConnection con = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\my.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
        SqlCommand cmd = new SqlCommand("Select * from Login", con);
        con.Open();
        SqlDataReader dr = cmd.ExecuteReader();
        while (dr.Read())
        {
            if (dr["User_Name"].ToString().Trim() == user)
            {
                if (dr["User_Pass"].ToString().Trim()== pass)
                {
                    if (dr["User_Role"].ToString().Trim() == "Admin")
                    {
                        Session["User"] = dr["User_ID"].ToString();
                        con.Close();
                        FormsAuthenticationTicket ticket1 = new FormsAuthenticationTicket(1, this.TextBox1.Text.Trim(), DateTime.Now, DateTime.Now.AddMinutes(1000), false, "Admin", FormsAuthentication.FormsCookiePath);
                        Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,FormsAuthentication.Encrypt(ticket1)));
                        Response.Redirect("Admin/Map.aspx");
                    }
                    else
                        if (dr["User_Role"].ToString().Trim() == "client")
                        {
                            Session["User"] = dr["User_ID"].ToString();
                            con.Close();
                            FormsAuthenticationTicket ticket1 = new FormsAuthenticationTicket(1, this.TextBox1.Text.Trim(), DateTime.Now, DateTime.Now.AddMinutes(1000), false, "client", FormsAuthentication.FormsCookiePath);
                            Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,FormsAuthentication.Encrypt(ticket1)));
                            Response.Redirect("client/Map.aspx");
                        }
                }                
            }         
        }
        Label3.Visible = true;
        con.Close();
    }     

and in Web.config and 1 web .config for each user type
Main Config
<authentication mode="Forms">
      <forms loginUrl="Login.aspx"  timeout="90"  defaultUrl="Login.aspx"/>
    </authentication>
    <authorization>
      <allow roles="Admin"/>
      <allow roles="client"/>
      <deny users="*"/>
    </authorization>

Sub Config
<configuration>
    <appSettings/>
    <connectionStrings/>
    <system.web>
      <authorization>
        <allow roles="Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
</configuration>



Problem is i am not able to go to my respective hame page ended by redirecting back to ogin page. Please help me with the problem.
Second is when i logout i can go back to previous page using backspace(before applying the authentication)
Third also i can view various page just writting like http:/Localhost:1192/map/Admin it show all the files in that folder even i am not loggin.

Is This A Good Question/Topic? 0
  • +

Page 1 of 1