Roles authentication is not working in

I am using the code below to access a page base based upon user authentication

if (user.FirstOrDefault() == HashedPassword)
    string roles = "Member";

    // Create the authentication ticket
    FormsAuthenticationTicket authTicket = new
        FormsAuthenticationTicket(1,                          //  version
                                  loginName.Text,             // user name
                                  DateTime.Now,               //  creation 
                                  DateTime.Now.AddMinutes(60),// Expiration
                                  false,                      //  Persistent
                                  roles);                     // User data

    // Now encrypt the ticket.
    string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
    // Create a cookie and add the encrypted ticket to the
    // cookie as data.
    HttpCookie authCookie = 
                new HttpCookie(FormsAuthentication.FormsCookieName,
    // Add the cookie to the outgoing cookies collection.



The user is getting directed to ClientAccount.aspx if the login details are correct but I want that to happen only if his/her role is set as Admin as shown in the web.config file below .

<?xml version="1.0" encoding="utf-8"?>
    <location path="members.aspx">
                <allow roles="Member" />
                <allow roles="Admin" />
                <deny users="?" />
    <location path="ClientAccount.aspx">
                <allow roles="Admin" />
                <deny roles="Member"/>
                <deny users="?" />

How do I make this happen ?

I guess the web.config file is not looking at the cookie to do the authorization so I am doing something wrong there.


Double check your location path relative to the web.config, my guess is that is the problem.

<location path="/Members/ClientAccount.aspx">

Of course you'll need to do something else instead of this line, you were just doing this for testing I'd assume?


i.e. redirect them to a page you know they're not allowed to hit. I figure you're going to beef that part up once you're sure its not allowing members to access that page.

You should make sure your web.config has the following tag:

<authentication mode="Forms" />

You need to configure it right, there are lots of options:

<authentication mode="Forms">
    <forms loginUrl="Login.aspx"
           enableCrossAppRedirects="false" />

Need Your Help

How to prevent cart wipe when BACK pressed? session

I have an ASP.NET application with a shopping-cart type of scenario.

how to read URLs using JSP with JAVA

java jsp

I've a query regarding JAVA (Reading directly from the URLs). I want to read the contents from URLs. I've just implemented a code in JAVA and it works well. But i want that code to be implemented i...

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.