Home/ Questions/Q 4533618
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T14:10:42+00:00

I inherited an ASP.NET C# application that is not totally working. I have been

  • 0

I inherited an ASP.NET C# application that is not totally working. I have been told to use Form Authentication to prevent unauthorized users from accessing certain subdirectories.

I am having a problem understanding Forms Authentication. This is a public internet site and all users will have access to the main part of the site. However there is a subdirectory that is restricted to certain users. I know that a user is valid because they will enter a user name and password and I will look them up in a database. I have added these lines to the web.config file of the subdirectory. 

<configuration>
    <appSettings/>
    <connectionStrings/>
    <system.web>
        <authorization>
      <allow roles="Administrators, Examiners"/>
            <deny users="*"/>
        </authorization>
    </system.web>

The question is how do I set in my code that the user belongs to a certain role.

Here is the pseudo code.

If user name and password match then

Set this users role to Examiners.

I don’t know the code I need to set the user to a role.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Take a look at your membership database.

    To make a start here you go with the login method:

    protected void LoginButton_Click(object sender, EventArgs e)
{
 // Validate the user against the Membership framework user store
 if (Membership.ValidateUser(UserName.Text, Password.Text))
 {
 // Log the user into the site
 FormsAuthentication.RedirectFromLoginPage(UserName.Text, RememberMe.Checked);
 }
 // If we reach here, the user's credentials were invalid
 InvalidCredentialsMessage.Visible = true;
}

    you can check the user credentials within the authenticate method:

    protected void myLogin_Authenticate(object sender, AuthenticateEventArgs e)
{
 // Get the email address entered
 TextBox EmailTextBox = myLogin.FindControl("Email") as TextBox;
 string email = EmailTextBox.Text.Trim();

 // Verify that the username/password pair is valid
 if (Membership.ValidateUser(myLogin.UserName, myLogin.Password))
 {
 // Username/password are valid, check email
 MembershipUser usrInfo = Membership.GetUser(myLogin.UserName);
 if (usrInfo != null && string.Compare(usrInfo.Email, email, true) == 0)
 {
 // Email matches, the credentials are valid
 e.Authenticated = true;
 }
 else
 {
 // Email address is invalid...
 e.Authenticated = false;
 }
 }
 else
 {
 // Username/password are not valid...
 e.Authenticated = false;
 }
}

    For redirection depending on a specific role use this code:

    protected void Login1_LoggedIn(object sender, EventArgs e)
{
    if (Roles.IsUserInRole(Login1.UserName, "Admin"))
    {
         Response.Redirect("~/Admin/Default.aspx");
    }
    else if (Roles.IsUserInRole(Login1.UserName, "Examiner"))
    {
         Response.Redirect("~/Examiner/Default.aspx");
    }
    else
    {
         Response.Redirect("~/Login.aspx");
    }
}
    • 0