1

I have a problem with asp.net membership authorization, I configured my main web config like this:

<connectionStrings>
    <add name="xxx" connectionString="Data Source=; Initial Catalog=; Integrated Security=;"    providerName="System.Data.SqlClient" />
    <remove name="LocalSqlServer"/>
    <add name="LocalSqlServer"
  connectionString="Data Source=; Initial Catalog=; Integrated Security=;"
  providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
    <roleManager enabled="true" defaultProvider="MyProvider">
       <providers>
        <add name="MyProvider"
        type="System.Web.Security.SqlRoleProvider" 
        connectionStringName="Devices"
        applicationName="MembersTable" />
       </providers>
    </roleManager>

    <membership defaultProvider="MyProvider">
      <providers>
        <add name="MyProvider"
        type="System.Web.Security.SqlMembershipProvider"
        connectionStringName="" />
      </providers>          
    </membership>
    <authentication mode="Forms">
        <forms loginUrl="Denied.aspx" name=".ASPXFORMSAUTH"/>
    </authentication>
  <compilation debug="true" targetFramework="4.0" />
</system.web>
<system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>`

and in specified folder my config looks like

<configuration>
  <location>
    <system.web>
        <authorization>
            <allow roles="role1"/>
            <deny users="*" />
        </authorization>
    </system.web>
  </location>
</configuration>

But after login I dont get access to folder files , it returns me on Denied.aspx page I verify user with Membership.ValidateUser method and call page with Response.Redirect. Is this enough or I need a different way of requesting protected page

if (
       Membership.ValidateUser(this.txtUsername.Text, this.txtPassword.Text))
        {

                Response.Redirect("/tempUser/Role1Page.aspx");

        }
        else {
            Response.Redirect("Denied.aspx");
        }
djedjica
  • 115
  • 10
  • Have you validated your user is in the role? – Kevin LaBranche Jan 17 '13 at 14:09
  • Looking at your config - don't the membership users and roles both have an application setting? From your config, it seems you've specified applicationName="MembersTable" only for the roles provider. http://msdn.microsoft.com/en-us/library/system.web.security.membership.providers.aspx indicates that membership providers also have an application name. – Shan Plourde Jan 17 '13 at 14:22
  • No, changed it, but problem seems to be something else. – djedjica Jan 17 '13 at 14:35

1 Answers1

0

It sounds like the user(s) aren't in the role OR roles are not quite configured properly (although it looks correct in your snippet). You can check this by viewing the Web Site configuration tool (Project Menu, ASP.Net Configuration, Security) or in code: User.IsInRole("rolename").

Kevin LaBranche
  • 20,908
  • 5
  • 52
  • 76
  • Nop, tried that, as I understand there is hierarchical order so when user comes first is checked if it is role1 and allows access, if not then checks next statement which is so it's being rejected,or I'm I mistaken?? – djedjica Jan 17 '13 at 14:18
  • @djedjica - I mispoke and after a bit of thought changed my answer completely.... – Kevin LaBranche Jan 17 '13 at 14:19