1

I have the following a login page where the user enters in their username and password.

With that info, I need to then make sure that they are part of the Admin1 role If so, I like to set a cookie on the user's machine.

With the code I have below User.InRole it doesn't enter into the if statement. If I uncomment the FormsAuthentication.SetAuthCookie(txtUserName.Text, true); above it works. Meaning shouldn't I set the cookie only if the user is part of Admin1 role

I have the following but does not seem to work:

    if (Membership.ValidateUser(txtUserName.Text, txtPassword.Text))
    {

     //   FormsAuthentication.SetAuthCookie(txtUserName.Text, true);

        if (User.IsInRole("Admin1"))
        {
            // code never reaches here 
            FormsAuthentication.SetAuthCookie(txtUserName.Text, true);
Improve this question
0

1 Answer 1

Reset to default
3

User.IsInRole("Admin1") is false right after validation, because principal object hasn't been attached to the current HttpContext yet.

If you really want to use Context.User, you need to manually attach principal object.

var username = txtUserName.Text;
var password = txtPassword.Text;

if (Membership.ValidateUser(username , password))
{
    var roles = Roles.GetRolesForUser(username);
    var identity = new GenericIdentity(username);
    var principal = new GenericPrincipal(identity, roles);
    Context.User = principal;

    // Now you can use Context.User

    // Basically User.IsInRole("Admin1") is same as roles.Contains("Admin1")
    if (User.IsInRole("Admin1"))
    {
        FormsAuthentication.SetAuthCookie(username, true);
    }
}

Updated - Authenticate user using Login Control

Since you are using Membership Provider and Role Provider, I would like to suggest to use Login Control.

Once user is authenticated, you can use LoggedIn event to redirect user to appropiate page.

<asp:Login ID="LoginUser" runat="server" EnableViewState="false" 
   RenderOuterTable="false" OnLoggedIn="LoginUser_LoggedIn">
   ...
</asp:Login>

protected void LoginUser_LoggedIn(object sender, EventArgs e)
{
   // Now we know that user is authenticated
   // Membership user = Membership.GetUser(Login1.Username);
   var roles = Roles.GetRolesForUser(Login1.Username);

   if(roles.Contains("Admin1"))
      Response.Redirect("~/Admin/");
   else
      Response.Redirect("~/Users/");       
}
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Thanks Win- is what you have the ideal way to handle Authentication based on Role and then setting cookie?
Normally, Membership Provider will attach Principal to HttpContext on Application_AuthenticateRequest; you do not have to do anything. Only reason you are creating Principal by yourself is you want to use Context.User right after ValidateUser. I do not know the reason why you want to use Context.User inside login method, because you could have use Roles.GetRolesForUser to get the user's roles.
Thanks Win. My scenerio is that I am given a username and password and then if the user belongs to Admin1 need to forward him to a page which only allows role of Admin1. How would I use the Application_AuthenticateRequest to simplify. Can you kindly do a small example so I understand. Thanks
I'm with @Win on this one, simply do var roles = Roles.GetRolesForUser(username) and redirect if they contain that role. Either way though you want to set the auth cookie, no?
@Adam Tuliper - Do I even need to set the cookie. I need the user to go to a page that is restricted to only Admin1 (allow role = "Admin1"). Is there anyway I can do without cookies
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.