Implementing Role-based security

[mike55]

Hi all,

 

Am following a series of instructions from a tutorial at: http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=433 regarding implementing role-based security. One point that the author makes is that the code line :

FormsAuthentication.RedirectFromLoginPage(strUser, False)

could replace the authentication ticket (cookie) that will be added. However another developer that I talked with indicated that the above line was necessary so as to pass the cookie around to the other pages in the web site. Would appreciate it if someone could shine some light on my problem, the code that I am use to create the cookie/ticket is:

FormsAuthentication.Initialize()
               'The AddMinutes determines how long the user will be logged in after leaving
               'the site if he doesn't log off.
               Dim token As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, _
               txtMobile.Text, DateTime.Now, _
               DateTime.Now.AddMinutes(20), True, access, _
               FormsAuthentication.FormsCookiePath)                 Response.Cookies.Add(New HttpCookie(FormsAuthentication.FormsCookieName, _
               FormsAuthentication.Encrypt(token)))
               'FormsAuthentication.RedirectFromLoginPage(strUser, False)
               Response.Redirect("Sendmessage.aspx")

 

What I have added to my web.config file for each page is the following:

<location path="OrgProfile.aspx">
	<system.web>
		<authorization>
			<deny users="?"/>
                                                  <allow roles="1"/>
                                                  <deny roles="2"/>
		</authorization>
	</system.web>
</location>

 

Mike55

[PlausiblyDamp]

Are you getting any errors with the above code or is it just not working as expected?