0

Using asp.net and c# and visual studio 2010 I have a login page and a login control in it and i'm doing something that when a user try's to login , it will detect the user role. Here's my code :

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Configuration;
using System.Data.SqlClient;
using System.Web.Security;

public partial class Login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Login1_LoggedIn(object sender, EventArgs e)
    {
        if (Session["Admin"] != null)
        {
            Response.Redirect("~/Admin/HomeAdmin.aspx");
        }
        else if (Session["Professor"] != null)
        {
            Response.Redirect("~/Professor/HomeProfessor.aspx");
        }
        else if (Session["Student"] != null)
        {
            Response.Redirect("~/Student/HomeStudent.aspx");
        }            
    }

    protected void Login1_LoggingIn(object sender, LoginCancelEventArgs e)
    {
        if (Roles.IsUserInRole("Administor"))
        {
            Session["Admin"] = Login1.UserName;
            //only run for admins
        }




        else if (Roles.IsUserInRole("Professor"))
        {
            Session["Professor"] = Login1.UserName;
            //only run for professors
        }





        else if (Roles.IsUserInRole("Student"))
        {
            Session["Student"] = Login1.UserName;
            //only run for students
        }
    }
}

Then when i login it will detect the wrong role for example i login with a Admin user but it will detect it as a Student! And as you see in the code it will redirect me to the page (HomeStudent.aspx).

Here's a view of my role manager:Click here to see the image of my role manager

What do you think is the problem and what should i do?!!

Mohammadali Talaie
  • 118
  • 1
  • 1
  • 10
  • Why don't you put the role in one `Session["Role"]` and assign a different value on each login. Then, on `Login1_LoggingIn` event you could first reset your Session with `Session.Clear()` ,then assign it to the new value – Ange1 Oct 23 '15 at 08:39
  • You mean making 3 login pages? (for each role one login page?) – Mohammadali Talaie Oct 23 '15 at 09:04
  • No, not at all. Just the Session["Role"] will have three values, based on the role logged in, like this: `if (Roles.IsUserInRole("Administor")) { Session["Role"] ="Administrator"; //only run for admins } else if (Roles.IsUserInRole("Professor")) { Session["Role"] = "Professor"; //only run for professors }` and then call the value of the Session, instead of checking if it's `null`. I have not checked at detail the code above, but probably this should work – Ange1 Oct 23 '15 at 09:06
  • I did what you said but i still have the problem. I think because the main problem is : when the compiler is reading the IF section – Mohammadali Talaie Oct 23 '15 at 09:30
  • I did what you said but i still have the problem. I think it's because the main problem is from somewhere else : when the compiler is reading the IF section , this problem happens. As i said when it reads the if section it can't validate if the user is in for example admin role or not... – Mohammadali Talaie Oct 23 '15 at 09:36
  • Just a question, this problem happened since the first time you tried to login, or just after you logged out as a Student and tried to log in as an Admin? – Ange1 Oct 23 '15 at 09:39
  • The first time that i login this problem happens – Mohammadali Talaie Oct 23 '15 at 09:43
  • Where are the roles being stored? If you put a breakpoint in `if (Roles.IsUserInRole("Administor")) { Session["Admin"] = Login1.UserName; //only run for admins }` after the first bracket, what is the value you see? – Ange1 Oct 23 '15 at 09:47
  • So, you close every instance of the code, every process that is accessing it, and when you run the code again, you have the same problem? – Ange1 Oct 23 '15 at 09:48
  • It's disordered sometimes when i login for the first time there is no problem and it does it right but second time it does it wrong AND sometimes when i login for the first time it does it wrong but second time it does it with no problem – Mohammadali Talaie Oct 23 '15 at 09:48
  • Then, the problem should be with the logout function. After you logout a user, be sure to clear the Session, or it will save the last value it had – Ange1 Oct 23 '15 at 09:50
  • A question : when i run the project (start debugging the login page) and then i login and then i stop debugging and then again start debugging have i logged out the again logged in? – Mohammadali Talaie Oct 23 '15 at 09:54
  • it depends. Sometimes, the process associated with the debugged project does not end, so it saves the last values of unclosed Sessions. However, do you have a logout function? How do you manage the logout? – Ange1 Oct 23 '15 at 09:57
  • I have a Login Status in each home page for each roles . in the event(logged out) of the login status i have wrote this : Session.Clear() – Mohammadali Talaie Oct 23 '15 at 10:02
  • And you still have the problem? – Ange1 Oct 23 '15 at 10:13
  • yep when i login as an admin and then log out and then again i login but this time as an student i see a page with an error the error is this the resource cannot be found – Mohammadali Talaie Oct 23 '15 at 10:18
  • Then, try to debug the program. Take it back at it's original state and see what values do you retrieve from the Sessions – Ange1 Oct 23 '15 at 10:54
  • How can i see what values do i retrieve from the Sessions? – Mohammadali Talaie Oct 24 '15 at 17:22
  • first, put a breakpoint at the sessions, ore second option, instead of redirecting, put a `Response.Write(Session["Role"].ToString())` and see what it outputs at the page itself – Ange1 Oct 24 '15 at 19:55
  • When i do that , the compiler gives me this error: ::::::::::::::::::::::::::::::::Object reference not set to an instance of an object :::::: ////And it puts the error on the code yousaid.::::::::::::::::::::::::::::::::::::::::: – Mohammadali Talaie Oct 28 '15 at 17:01
  • 1
    Wait a minute i think my problem is solved What i was wrong in was that i forget to put a (login1.username) before the user.isinrole! – Mohammadali Talaie Oct 28 '15 at 17:18
  • Well, this explain the nullPointerException...OK, if that solved the problem, than post the solution as an answer and accept it yourself – Ange1 Oct 29 '15 at 08:22

2 Answers2

0

Event LoggingIn is fired when login form is posted, but before user is authenticated (check on msdn).

You should check Roles.IsUserInRole("yourRole") on LoggedIn event rather then LoggingIn.

Andrei Mihalciuc
  • 2,148
  • 16
  • 14
0

I found the solution and solved my problem by changing codes to this :

 if (Roles.IsUserInRole(Login1.UserName , "Administor"))
    {
        Session["Admin"] = Login1.UserName;
        Response.Redirect("~/Admin/HomeAdmin.aspx");       
        //only run for admins

    }


    else if (Roles.IsUserInRole(Login1.UserName , "Professor"))
    {
        Session["Professor"] = Login1.UserName;
        Response.Redirect("~/Professor/HomeProfessor.aspx");
        //only run for professors
    }



    else if (Roles.IsUserInRole(Login1.UserName , "Student"))
    {
        Session["Student"] = Login1.UserName;
        Response.Redirect("~/Student/HomeStudent.aspx"); 
        //only run for students
    }
Mohammadali Talaie
  • 118
  • 1
  • 1
  • 10