Welcome to WebmasterWorld Guest from 52.206.226.77

Forum Moderators: ocean10000

Message Too Old, No Replies

Login Redirect Problem

     
10:16 pm on Aug 11, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 10, 2008
posts: 1130
votes: 0


I just started on the admin part of my website. I ran aspnet_regsql batch file and it went fine. I added this to my web.config

<authentication mode="Forms">
<forms name="appNameAuth" loginUrl="Login.aspx" timeout="10" defaultUrl="Admin/Default.aspx">
<credentials passwordFormat="Clear">
</credentials>
</forms>
</authentication>
<roleManager enabled="true" defaultProvider="CustomizedRoleProvider">
<providers>
<add name="CustomizedRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="connectionString"/>
</providers>
</roleManager>
<membership defaultProvider="CustomizedMembershipProvider">
<providers>
<add name="CustomizedMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="connectionString" applicationName="clickablecommunity"
commandTimeout="30" enablePasswordRetrieval="false" enablePasswordReset="true"
requiresQuestionAndAnswer="true" requiresUniqueEmail="true" passwordFormat="Hashed"
maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"/>
</providers>
</membership>

And in my admin folder I have a web.config file that looks like this

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<deny users="*" />
<allow roles="BusinessAdmin" />
<allow roles="SuperAdmin" />
</authorization>
</system.web>
</configuration>

When I log in, it just get sent back to the login page. It even says welcome username in the corner (a loginview) so I know I'm logged in. I just added the login form that comes built in with VS 2008. Any ideas on what's wrong? Thanks

4:44 am on Aug 12, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 1, 2005
posts:732
votes: 0


try switching the order:

<allow roles="BusinessAdmin" />
<allow roles="SuperAdmin" />
<deny users="*" />

5:03 pm on Aug 12, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 10, 2008
posts: 1130
votes: 0


I didn't know that the web.config file processed things like that so that's nice to know. I had to change deny users to ? instead of * because it was denying access to everyone. Thanks for the input though.
5:07 am on Aug 13, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 1, 2005
posts:732
votes: 0


If you are allowing access to anyone that's logged in (irrelevant of which role they are in) with a <deny users="?" /> rule, it's unnecessary to have the 'allow roles' rules.
4:46 pm on Aug 13, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 10, 2008
posts: 1130
votes: 0


Yes I know, thank you for the thought. I just like to keep all of my web.config files the same. I put in every role and allow or deny them to make debugging by someone else easier.