Authentication Issues...again

B

bri189a

Senior Contributor
Joined
Sep 11, 2003
Messages
1,004
Location
VA
Okay I'm using Forms Authentication and it works great...sort of. I made my own customized logon page that pulls from my sql db... it also pulls the roles for that user once I determine that the user exists (this all happens in a class I have called Security). On my Global.Session_Start I look for the user to see if the cookie is there and recall the procedure that gets the member roles if it's valid:

if(User!=null)
{
Context.User = new GenericPrincipal(User.Identity, Security.GetRoles(User.Identity.Name));
}

So when I'm automatcially logged in or logged in via the logon page the next page I go to has all the admin buttons that are suppose to be there... I use:

if(!User.IsMemberOf("rolename"))
{
//make non-role member buttons invisible
}

But immidately if I reload the page, the User is still there (I checked with Response.Write(User.Name))... but suddenly all the roles have disappeared and there no longer is an identity for him. So now my procedure above picks up and all my admin buttons are invisible....<grrrrr!>

I think it would be stupid to have to query the database for roles each time I change pages but what else am I suppose to do...put it in a cookie? Shouldn't since it saves the Context.User between post-backs it should also save the member roles?

What am I doing wrong?

Thanks...
 
bri189a said:
Okay I'm using Forms Authentication and it works great...sort of. I made my own customized logon page that pulls from my sql db... it also pulls the roles for that user once I determine that the user exists (this all happens in a class I have called Security). On my Global.Session_Start I look for the user to see if the cookie is there and recall the procedure that gets the member roles if it's valid:

if(User!=null)
{
Context.User = new GenericPrincipal(User.Identity, Security.GetRoles(User.Identity.Name));
}

So when I'm automatcially logged in or logged in via the logon page the next page I go to has all the admin buttons that are suppose to be there... I use:

if(!User.IsMemberOf("rolename"))
{
//make non-role member buttons invisible
}

But immidately if I reload the page, the User is still there (I checked with Response.Write(User.Name))... but suddenly all the roles have disappeared and there no longer is an identity for him. So now my procedure above picks up and all my admin buttons are invisible....<grrrrr!>

I think it would be stupid to have to query the database for roles each time I change pages but what else am I suppose to do...put it in a cookie? Shouldn't since it saves the Context.User between post-backs it should also save the member roles?

What am I doing wrong?

Thanks...
Click to expand...
shouldnt you be using the session variable pool?
 
Joe Mamma said:
shouldnt you be using the session variable pool?
Click to expand...
If I wanted to do my authentication that way I could, but I'm using Forms Authentication as was suggested to me...it's the more proper way rather than using custom login solutions...so I'm told.
 
Back
Top