Forms authentication ticket with role error

I have a subApp in asp.net2 and I can't enable the sql database lookup function for roles (remote server with no permission to create tables). So, I'm trying to follow the url below and set this up (all users in the subApp must login to see anything beyond the generic pages). This way, I don't have to go after the authentication and/or roles but once, right? Can anyone help me out? The example seems to imply that the role part of the ticket is a string? Used: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGExplained0002.asp

The error is: Conversion from string "Admin" to type 'Integer' is not valid.

Webconfig:


























login.aspx:
Sub Login_Click(ByVal sender As Object, ByVal E As EventArgs)
If email.text = "" Or pwd.text = "" Then
msg.text="Bad login"
else
If (Authenticate(email.text, pwd.text)) = True Then
System.Web.Security.FormsAuthentication.SetAuthCookie(varPID, False)
Dim ticket As System.Web.Security.FormsAuthenticationTicket = _
New FormsAuthenticationTicket(1, varPID, DateTime.Now, DateTime.Now.AddMinutes(60), False, Convert.ToString(varRole), FormsAuthentication.FormsCookiePath)
'//Encrypt the ticket
Dim encryptedTicket As String = FormsAuthentication.Encrypt(ticket)
'//Create cookie, add the encrypted ticket to cookie as data.
Dim authCookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
'//Add cookie to the outgoing cookies collection.
Response.Cookies.Add(authCookie)
msg.Text = "Good Reader"
Page.Response.Redirect(System.Web.Security.FormsAuthentication.GetRedirectUrl(varPID, False))
Else
msg.Text = "Invalid userid or password: Please try again, or answer the following..."
End If
End if
Ebd if
End sub

Function Authenticate(ByVal user As String, ByVal pass As String) As Boolean
Dim authenticated As Boolean = False
Try
Dim strSQL As String = "Select a.person_fk as pid, case when u.person_fk is null then 'User' " & _
"when u.person_fk is not null then 'Admin' end as myRole from tableName where lower(a.username)='" & _
LCase(Trim(email.Text)) & "' and lower(a.password)='" & LCase(Trim(pwd.Text)) & "'"
Dim Cmd As New Data.SqlClient.SqlCommand(strSQL)
Cmd.Connection = cn
Cmd.Connection.Open()
Dim dr As Data.SqlClient.SqlDataReader
dr = Cmd.ExecuteReader
If dr.Read = False Then
msg.Text = "Invalid userid or password."
Else
varPID = Convert.ToInt32(dr("pid"))
varRole = Convert.ToString(dr("myRole"))
authenticated = True
End If
dr.Close()
Catch e As Exception
msg.Text = e.Message
Finally
cn.Close()
End Try

Comments

  • Sorry - got the error figured out. Simple declaration of wrong datatype initially. But, now that it works through the variable setting, it doesn't redirect me (as a member of the Admin role) to the secure area. Instead, I'm redirected back to the login.aspx page with blanked cells as if it's starting all over again. Something wrong in my webconfig file?
    Thanks for responding,
    Janet
  • Whew. Got it figured out. Needed something else in the global file.

    One question. How would one retrieve or force a "You're not authorized" message if someone was trying to get to a subfolder area for which they are not authorized after the redirect? I've created the ticket, set the webconfig, and the global. But, if someone's not authorized for an area after I call the redirect? How do I capture that and tell them?

    '///login.aspx
    blah,blah.
    Try
    Page.Response.Redirect (System.Web.Security.FormsAuthentication.GetRedirectUrl(varPID, False))
    Catch ex As Exception
    msg.Text = Convert.ToString(ex)
    Return
    End Try
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

In this Discussion