Hi,

I'm migrating an existing web site and I'm having problems with IsInRole always returning false.

Page.User.IsInRole("admin") ' or any other role

Page.User.Identity.Name works fine, returning the user name.

The FormsAuthenticationTicket is set with code that looks like this.

...
FormsAuthentication.Initialize()
...
Dim ticket As New FormsAuthenticationTicket(1, _
sUserName, _
DateTime.Now, _
DateTime.Now.AddDays(15), _
bPersists, sRoles, _
FormsAuthentication.FormsCookiePath)
Dim hash As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, hash)

If ticket.IsPersistent Then cookie.Expires = DateTime.Now.AddDays(15)
...

This code works on my dev machine, on at least one other web site and was working fine at my last provider.

Any idea on what could be wrong?


If someone is using FormsAuthentication like the above, could you show me how your web.config file is setup?

Otherwise, how should I authenticate users? The site was upgraded from ASP.NET 1.1. I'm using an Access database at the moment.

TIA,
Raymond

Hi,
Check out the search results here:
http://www.bing.com/search?q=FormsAuthentication+IsInRole
All the best,
Mark

Hi Raymond,

You mention you're using an access database but it's not entirely clear from your code snip what else you're doing to authenticate a user or test role membership for a user. Some more information or code pieces should help me understand your problem further.

Since you're using ms access I assume you've implemented your own MembershipProvider and RoleProvider descendants for ms access and implemented your own custom method overrides in these descendants to perform user validation, get user roles etc. If that's the case then I'll point you at these two supporting articles because they will be very similar to your implementation and may help you find the problem:

http://www.amergerzic.com/post/AccessFormsAuthentication.aspx
http://www.devx.com/asp/Article/29256/0/page/1


If you've not gone down that route to implement your ms access membership / role providers, you probably should have done because it's the recognized and documented pattern. To back that statement up, in the Apress Pro ASP.NET 3.5 (C# 2008) book I have in front of me now, there are examples of how to implement these same provider descendants using xml as a datastore.

In my DASP hosted web application, I have implemented 'out of the box' .NET 2.0 forms authentication, membership, role and profile APIs. The main difference between my application and yours in this particular area is that I use a SQL Server 2008 database with the standard membership database objects imported (the "aspnet_regsql -A all" database objects). This means that I'm using the SqlMembershipProvider in my applications' web.config, so there's no point showing you that because it won't help you at all. That said, I think it's worth mentioning as an example because I know firsthand that this configuration does successfully work for user authentication and role verification on the DASP servers.

Don't get me wrong, I'm not suggesting you need a SQL Server db for your application and you should be able to get this working with an access db if you really want to.

Cheers,
Joe

Thank you guys!

I finally created minimal Membership and Role providers and everything now works as expected. Almost!

Any idea why it does not seem to "remember me"?

Regards,
Raymond

What do you mean not 'Remember'? Are you saying you are getting log back out?

You probably mean the 'remember me' checkbox in the ASP.NET Login control.

If that is what you mean, I've never managed to get it working either. There is a huge number of people having a problem with this; Google for "asp.net membership remember me not working" and you'll see.

Some have attempted to workaround the problem with a custom cookie - in the end I didn't bother and just disabled the checkbox.

Thanks,

I'm not yet using the ASP.NET control but I guess it's the same issue.

I'll research this one later...

Regards,
Raymond