asp.net - Why is my application going back to the login page after successful authentication? -
i'm working on asp.net web application uses forms-based authentication. i'm authenticating against active directory domain. i'm getting successful authentication, getting information need ad, , using response.redirect() redirect user application's default.aspx page, instead returning login.aspx. can't figure out what's going wrong.
here's login code (gets run when user enters domain, username, , password , clicks "login"):
protected void btnlogin_click(object sender, eventargs e) { string adpath = "ldap://my.ad.path:636"; formsauth.ldapauthentication adauth = new formsauth.ldapauthentication(adpath); bool isauthenticated = false; //"loggedinuser" class hold information user loggedinuser = adauth.loginandgetrequestorlogininfo(out isauthenticated, tbxdomain.text, tbxusername.text, tbxpassword.text); if (isauthenticated) { //create ticket formsauthenticationticket authticket = new formsauthenticationticket(1, tbxusername.text, datetime.now, datetime.now.addminutes(60), true, tbxusername.text); //encrypt ticket. string encryptedticket = formsauthentication.encrypt(authticket); //create cookie, , add encrypted ticket cookie data. httpcookie authcookie = new httpcookie(formsauthentication.formscookiename, encryptedticket); //set cookie expiration match ticket expiration authcookie.expires = authticket.expiration; //add cookie outgoing cookies collection. response.cookies.add(authcookie); //store user information in session use later session["verifieduser"] = loggedinuser; //now redirect default page response.redirect("~/user/default.aspx"); } else { lblerror.text = "authentication did not succeed. please check user name , password."; lblerror.visible = true; } } //end method btnlogin_click here's ldap authentication code (in separate class):
using system; using system.directoryservices; using system.text; namespace formsauth { public class ldapauthentication { private string _path; private string _filterattribute; public ldapauthentication(string path) { _path = path; } public bool isauthenticated(string domain, string username, string pwd) { string domainandusername = domain + @"\" + username; directoryentry entry = new directoryentry(_path); try { //bind native adsobject force authentication. object obj = entry.nativeobject; directorysearcher search = new directorysearcher(entry); search.filter = string.format("(samaccountname={0})", username); search.propertiestoload.add("samaccountname"); searchresult result = search.findone(); if (result == null) { return false; } //update new path user in directory. _path = result.path; _filterattribute = (string)result.properties["cn"][0]; } catch (exception ex) { throw new exception("error authenticating user. " + ex.message); } return true; } public requestor loginandgetrequestorlogininfo(out bool isauthenticated, string domain, string username, string pwd) { requestor req = new requestor(); directoryentry entry = new directoryentry(_path); try { //bind native adsobject force authentication. object obj = entry.nativeobject; directorysearcher search = new directorysearcher(entry); search.filter = string.format("(samaccountname={0})", username); search.propertiestoload.add("samaccountname"); search.propertiestoload.add("cn"); search.propertiestoload.add("sn"); search.propertiestoload.add("givenname"); search.propertiestoload.add("employeeid"); search.propertiestoload.add("telephonenumber"); search.propertiestoload.add("mail"); searchresult result = search.findone(); if (result == null) { isauthenticated = false; return null; } //populate requestor object results returned directory search if (result.properties["samaccountname"] != null && result.properties["samaccountname"].count > 0) { req.login = domain + "\\" + result.properties["samaccountname"][0].tostring(); } if (result.properties["sn"] != null && result.properties["sn"].count > 0) { req.lname = result.properties["sn"][0].tostring(); } if (result.properties["givenname"] != null && result.properties["givenname"].count > 0) { req.fname = result.properties["givenname"][0].tostring(); } if (result.properties["employeeid"] != null && result.properties["employeeid"].count > 0) { if (result.properties["employeeid"][0].tostring().length > 0) { req.employeeid = convert.toint32(result.properties["employeeid"][0].tostring()); } } if (result.properties["telephonenumber"] != null && result.properties["telephonenumber"].count > 0) { req.phone = result.properties["telephonenumber"][0].tostring(); } if (result.properties["mail"] != null && result.properties["mail"].count > 0) { req.email = result.properties["mail"][0].tostring(); } } catch (exception ex) { throw new exception("error authenticating user. " + ex.message); } isauthenticated = true; return req; } //end method loginandgetrequestorlogininfo } }
as turns out comments in questions, it's matter of order roles , members have been authorized or deauthorized in configuration.
authorization happens in order it's declared. if give authorization members , roles, they'll deauthorized if later deny access all.
just have authorization done in way gets denied access first, roles , members authorized after that, , you're set.
Comments
Post a Comment