I don't know what happened to my site, a file must have been overwritten or something. I don't know what i need to get asp.net to look into the UserData section of the authentication ticket so forms based authentication works, as far as i can tell it should work.
I have my login, global.asax, and web.config file below. The global.asax file is where asp.net should be told what role the user is in, but i don't know.
LOGIN.aspx
<%@ Page Language="VB" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Threading" %>
<script runat="server">
Dim conMyData As SqlConnection
Dim conUserData As SqlConnection
Dim cmdSelect As SqlCommand
Dim cmdSelectRoles As SqlCommand
Dim parmReturnValue As SqlParameter
Dim intResult As Integer
Dim strLinkPath As String
Dim objTicket As FormsAuthenticationTicket
Dim objCookie As HttpCookie
Dim strReturnURL As String
Sub Button_Click(ByVal a As Object, ByVal e As EventArgs)
If IsValid Then
'load stored procedure DBAuthenticate
If DBAuthenticate(txtUsername.Text, txtPassword.Text) > 0 Then
Dim conRoles As SqlConnection
Dim cmdSelectRoles As SqlCommand
Dim dtrRoles As String
conRoles = New SqlConnection("Server=INTRANET;uid=sa;database=safety_training")
conRoles.Open()
cmdSelectRoles = New SqlCommand("SELECT g.name FROM dbo.Groups g WHERE g.group_id IN (SELECT r.group_id FROM dbo.Roles r WHERE r.user_id IN (SELECT ui.user_id FROM dbo.User_Info ui WHERE ui.user_name=@username AND ui.password=@password))", conRoles)
cmdSelectRoles.Parameters.AddWithValue("@username", txtUsername.Text)
cmdSelectRoles.Parameters.AddWithValue("@password", txtPassword.Text)
dtrRoles = cmdSelectRoles.ExecuteScalar
'create authentication ticket
objTicket = New FormsAuthenticationTicket(2, txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), False, dtrRoles)
conRoles.Close()
'create cookie UserName
Response.Cookies("UserName").Value = txtUsername.Text
objCookie = New HttpCookie(".ASPXAUTH")
objCookie.Value = FormsAuthentication.Encrypt(objTicket)
Response.Cookies.Add(objCookie)
strReturnURL = Request.Params("ReturnURL")
If strReturnURL <> Nothing Then
'returns user to previous page if greater authorization was required
Response.Redirect(strReturnURL)
Else
'forwards user after login
Response.Redirect("role_page.aspx")
End If
End If
End If
End Sub
'check failed login attempt count and if greater than 3 pauses for 2 hours
Sub Page_Load()
Dim objCounter As Object = Session("counter")
If Session("counter") > 3 Then
Thread.Sleep(7200000)
Response.Redirect("deny.aspx")
End If
End Sub
'stored procedure, returns 1 if successful login, -1 it not
Function DBAuthenticate(ByVal strUsername As String, ByVal strPassword As String) As Integer
conMyData = New SqlConnection("Server=INTRANET;UID=sa;Database=safety_training")
cmdSelect = New SqlCommand("DBAuthenticate", conMyData)
cmdSelect.CommandType = CommandType.StoredProcedure
parmReturnValue = cmdSelect.Parameters.Add("RETURN_VALUE", SqlDbType.Int)
parmReturnValue.Direction = ParameterDirection.ReturnValue
cmdSelect.Parameters.AddWithValue("@Username", strUsername)
cmdSelect.Parameters.AddWithValue("@Password", strPassword)
conMyData.Open()
cmdSelect.ExecuteNonQuery()
intResult = cmdSelect.Parameters("RETURN_VALUE").Value
conMyData.Close()
'if unsuccessful login display message and increase failed attempt count by 1 then
'pauses for 10, then 20, then 30 seconds if user keeps failign
If intResult = -1 Then
lblMessage.Text = "Your Username or Password is incorrect. Please try again."
Dim objCounter As Object = Session("counter")
If objCounter Is Nothing Then objCounter = 0
Session("counter") = CInt(objCounter) + 1
Thread.Sleep(10000 * (CInt(objCounter)))
End If
Return intResult
End Function
</script>
<html>
<head>
<title>Login.aspx</title>
<script>
if (document.images)
{
img1on = new Image();
img1off = new Image();
img1on.src = "images/bMore-on.gif";
img1off.src = "images/bMore.gif";
img2on = new Image();
img2off = new Image();
img2on.src = "images/bHome-on.gif";
img2off.src = "images/bHome.gif";
}
function jRollover(imgName)
{
document.images [imgName].src = (document.images [imgName].src == eval(imgName+"on.src")) ? eval(imgName+"off.src"):eval(imgName+"on.src");
}
</script>
</head>
<body style="text-align: center; border-right: #b5c7de 1px solid; border-top: #b5c7de 1px solid; border-left: #b5c7de 1px solid; border-bottom: #b5c7de 1px solid;">
<form id="Form1" runat="server">
<table style="width: 290px; border-right: #b5c7de 1px solid; border-top: #b5c7de 1px solid; border-left: #b5c7de 1px solid; border-bottom: #b5c7de 1px solid; height: 1px;">
<tr align=center valign=top>
<td bgcolor="#eff3fb" style="width: 272px; text-align: left; height: 146px;" bordercolorlight="#b5c7de">
<table style="width: 293px; height: 140px;">
<tr>
<td colspan="2"
style="text-align: center">
<strong><span style="font-weight: bold;
width: 280px;
color: white;
height: 14px;
background-color: #507cd1; font-family: Verdana;">Log In</span></strong></td>
</tr>
<tr align="center">
<td colspan="2" style="height: 8px">
<asp:Label
ID="lblMessage"
ForeColor="Red"
Runat="server" /></td>
</tr>
<tr valign=top>
<td style="width: 81px;">
<asp:Label ID="UserNameLabel"
runat="server" Font-Names="Verdana" Font-Size="0.8em">User Name:</asp:Label></td>
<td style="width: 9px;">
<asp:TextBox ID="txtUsername"
runat="server"
Width="160px" />
<asp:RequiredFieldValidator ID="RequiredFieldValidator1"
runat=server
ControlToValidate="txtUsername"
Text="You must enter a User Name." Width="186px" EnableViewState="False" Font-Names="Verdana" Font-Size="0.7em" /></td>
</tr>
<tr valign=top>
<td style="width: 81px; height: 39px;">
<asp:Label ID="PasswordLabel"
runat="server" Font-Names="Verdana" Font-Size="0.8em">Password:</asp:Label></td>
<td style="width: 9px; height: 39px;">
<asp:TextBox ID="txtPassword"
runat="server"
TextMode="Password"
Width="160px" TabIndex="1" />
<asp:RequiredFieldValidator ID="RequiredFieldValidator2"
runat=server
ControlToValidate="txtPassword"
Text="You must enter a Password." Width="178px" EnableViewState="False" Font-Names="Verdana" Font-Size="0.7em" /></td>
</tr>
<tr align="center">
<td colspan="2"
style="text-align: right;">
<asp:Button ID="Button1"
runat="server"
BackColor="White"
BorderColor="#507CD1"
BorderStyle="Solid"
BorderWidth="1px"
OnClick="Button_Click"
Font-Names="Verdana"
Font-Size="0.8em"
ForeColor="#284E98"
Text="Log In" TabIndex="2" /></td>
</tr>
</table>
<span style="font-size: 0.8em; color: red"></span></td>
</tr>
</table>
<br />
<hr>
</form>
</body>
</html>GLOBAL.asax
<%@ Import Namespace="System.Security.Principal" %>
<script language="C#" runat="server">
protected void Application_OnAuthenticateRequest(Object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
// Get Forms Identity From Current User
FormsIdentity id = (FormsIdentity)
HttpContext.Current.User.Identity;
// Get Forms Ticket From Identity object
FormsAuthenticationTicket ticket = id.Ticket;
// Retrieve stored user-data (role information is assigned when the ticket
// is created, separate multiple roles with commas)
string userData = ticket.UserData;
string[] roles = userData.Split(',');
// Create a new Generic Principal Instance and assign to Current User
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}
protected void Application_OnStart()
{
// Application startup code goes here.
}
protected void Session_OnStart()
{
// ' Session startup code goes here.
}
protected void Session_OnEnd()
{
// ' Session cleanup code goes here.
}
protected void Application_OnEnd()
{
// ' Application cleanup code goes here.
}
</script>WEB.config
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<connectionStrings>
<add name="Safety_TrainingConnectionString" connectionString="Data Source=INTRANET;Initial Catalog=Safety_Training;User ID=sa"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<authentication mode="Forms" />
<customErrors mode="Off" />
<compilation debug="true" />
<authorization>
<deny users="?" />
<!--<allow roles="Admin" />-->
</authorization>
</system.web>
<appSettings>
<add key="MM_CONNECTION_HANDLER_sql" value="sqlserver.htm" />
<add key="MM_CONNECTION_STRING_sql" value="Data Source=INTRANET;Initial Catalog=safety_training;User ID=sa;" />
<add key="MM_CONNECTION_DATABASETYPE_sql" value="SQLServer" />
<add key="MM_CONNECTION_SCHEMA_sql" />
<add key="MM_CONNECTION_CATALOG_sql" value=" Safety_Training" />
</appSettings>
</configuration>