1

I have a login screen that requires a username/password.

I am using ASP.NET's Membership and Role tables that is part of ASP.NET to store info when the user initially registered.

Once the user logs in with the appropriate role, then direct them to another page.

Here is the web.config file for the that other page. Note that it only allows role of SomeRole. 

    <configuration>
    <system.web>
    <authorization>
        <allow roles="SomeRole" />   
        <deny users="*" />                   
    </authorization>
   </system.web>
   </configuration>

In the login screen, I capture the username, password. I am not sure though how to make the following be the user's role.

I have the following code:

      protected void btnLogin_Click(object sender, EventArgs e)
      {    
          // not sure what code to put here so user logged in that has a Role of SomeRole works with code just below                   
          if (User.IsInRole("SomeRole"))

When I look to see, User's role shows up as blank. My question is, how do I make the current that is logged in have role of SomeRole so that 

    <allow roles="SomeRole" />

will work. Note that on the login screen, I have a user name and password that belongs to SomeRole but not sure how to make

if (User.IsInRole("SomeRole")) work so that inherit's that user's role. Hope this make sense.

Here is what my web.config looks like:

         <roleManager enabled="true" cacheRolesInCookie="true"
               defaultProvider="SiRoleProvider"
               createPersistentCookie="false"
               cookieProtection="All">
           <providers>
            <clear/>
             <add connectionStringName="SiiSQL1" applicationName="SiGen" name=" r" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
             </providers>
           </roleManager>

Thanks

Nate Pet
  • 44,246
  • 124
  • 269
  • 414
  • are you using CustomRoleProdiders? which RoleProdider you have in your config file? – Shoaib Shaikh Apr 21 '13 at 19:56
  • Hello, updated above with what I have in config file – Nate Pet Apr 21 '13 at 20:00
  • have you assigned/created roles in your system using WAT? or using code? – Shoaib Shaikh Apr 21 '13 at 20:03
  • I do that. I use the following code when I register the user: oMU = Membership.CreateUser(txtUserName.Text.Trim(), txtPassword.Text.Trim(), txtEmail.Text.Trim()); Membership.UpdateUser(oMU); Roles.AddUserToRole(oMU.UserName, "SomeRole"); – Nate Pet Apr 21 '13 at 20:04
  • I guess what knowing that if the user logs in with a username, password that belongs to Role = "SomeRole", why is if (User.IsInRole("SomeRole")) not taking that role. I believe I need to tell the code somehow – Nate Pet Apr 21 '13 at 20:10
  • It should work as you are using built in funtionality, Can you check the DB for data, check table aspnet_Roles and aspnet_UsersInRoles for the given user – Shoaib Shaikh Apr 21 '13 at 20:18
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/28617/discussion-between-nate-pet-and-shoaib-shaikh) – Nate Pet Apr 21 '13 at 20:19

1 Answers1

2

You need to set authentication cookie for user because you are using custom login control and in order to use Role.IsInRole

Try this in your custom Login button code. SetAuthCookie will actually set logged in user to be accessed by membership provider

protected void Login_Click(object sender, EventArgs e)
{

if (Membership.ValidateUser(txtUserName.Text, txtPassword.Text))
{

FormsAuthentication.SetAuthCookie(txtUserName.Text, true);

string url = "~/Member/Default.aspx";
Response.Redirect(url);
Shoaib Shaikh
  • 4,565
  • 1
  • 27
  • 35
  • @NatePet ...that's what I said [in this post](http://stackoverflow.com/questions/16107672/forms-authentication-subfolder-web-config-not-working/16108506#comment23006220_16108506). – MikeSmithDev Apr 22 '13 at 19:35