Allow Roles does not work

Question

I have a web application with 2 folders. Administrator and Trainer which contain their respective pages. I have a web.config in each folder as below. When i login using these configuration settings, the user is denied access to his home page and if I remove deny users everybody can login. I have created roles and added user to the roles using WSAT.

Web.Config For Administrator

<?xml version="1.0"?>
<configuration>
<system.web>
    <authorization>
      <allow roles="Administrator" />
      <deny users="?"/>
    </authorization>
</system.web>
</configuration>

Web.Config For Trainer

<?xml version="1.0"?>
<configuration>
<system.web>
    <authorization>
      <allow roles="Trainer" />
      <deny users="?"/>
    </authorization>
</system.web>
</configuration>

Root Folder Web.Config File

<?xml version="1.0"?>

<configuration>
<connectionStrings>
<add name="TSS" connectionString="Data Source = VC-SQL2008; Integrated
    Security=True;   database = aspnetdb" providerName="System.Data.SqlClient"/>
</connectionStrings>

<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Forms">
  <forms loginUrl="Login.aspx" timeout="2880" />
</authentication>
</system.web>

<system.web>
<membership>
  <providers>
    <clear/>
    <add name="AspNetSqlMembershipProvider"
 type="System.Web.Security.SqlMembershipProvider" connectionStringName="TSS"
 requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
 enablePasswordRetrieval="false" enablePasswordReset="false"
 maxInvalidPasswordAttempts="5" minRequiredPasswordLength="1"
 minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
 applicationName="/"/>

  </providers>
  </membership>

  <profile>
  <providers>
    <clear/>
    <add name="AspNetSqlProfileProvider"
  type="System.Web.Profile.SqlProfileProvider"
   connectionStringName="TSS" applicationName="/"/>
  </providers>
 </profile>

 <roleManager enabled="true">
  <providers>
    <clear />
    <add connectionStringName="TSS" applicationName="/" name="AspNetSqlRoleProvider"
   type="System.Web.Security.SqlRoleProvider" />
    <!--<add applicationName="/" name="AspNetWindowsTokenRoleProvider"
      type="System.Web.Security.WindowsTokenRoleProvider" />-->
  </providers>
</roleManager>

<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>

<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>

web.sitemap example on how I have added roles

enter<siteMapNode url="Administrator/Admin_Home.aspx" title="Home"  description=""
roles="Administrator">

Login.aspx.cs namespace TSS { public partial class Login2 : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { dbConnection dbConn = new dbConnection(); }

  protected void submit_Click(object sender, EventArgs e)
  {
       // var a = Session["username"];
       string password = tb_password.Text;
       // Membership.CreateUser("[email protected]", "9000");

       bool x = Membership.ValidateUser(tb_email.Text, password);
       string f_name;
       string l_name;
       string trainer="";
       DataTable dt = new DataTable();
       dt = TSS_WebService.getEmployeeByEmail(tb_email.Text);

       foreach (DataRow row in dt.Rows)
       {
            f_name = row["First_Name"].ToString();
            l_name = row["Last_Name"].ToString();
             trainer = row["First_Name"].ToString() + " " +   
           row["Last_Name"].ToString();
       }

   if (x == true)
  {

    Session["username"] = tb_email.Text;
    Session["trainer"] = trainer;

    if (Roles.IsUserInRole(tb_email.Text, "Administrator"))
    {
         Response.Redirect("~/Administrator/Admin_Home.aspx");
    }

  if (Roles.IsUserInRole(tb_email.Text, "Trainer"))
  {

   Response.Redirect("~/Trainer/Trainer_Home.aspx");
  }

   if (Roles.IsUserInRole(tb_email.Text, "Salon Manager"))
   {

    Response.Redirect("~/Salon/Salon_Home.aspx");
   }

   if (Roles.IsUserInRole(tb_email.Text, "IT"))
    {

     Response.Redirect("Home.aspx");
     }
   }

   else
   {
        FormsAuthentication.RedirectToLoginPage();
   }
  }

  }
  }


***Login.aspx***
    <%@ Page Title="" Language="C#" MasterPageFile="~/Master/Master.Master"     
    AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="TSS.Login2" %>
    <asp:Content ID="Content1" ContentPlaceHolderID="head" runat="server">
    </asp:Content>
    <asp:Content ID="Content2" ContentPlaceHolderID="BreadCrumbs" runat="server">
    <asp:SiteMapPath ID="SiteMapPath1" runat="server">
    </asp:SiteMapPath>
    </asp:Content>
    <asp:Content ID="Content3" ContentPlaceHolderID="MainArea" runat="server">
    <div id = "loginBox">
    <h2> LOGIN</h2>
    <asp:TextBox ID="tb_email" runat="server" class = "ipBox_large"></asp:TextBox><br 
    />
    <asp:TextBox ID="tb_password" runat="server" class = "ipBox_large"></asp:TextBox>  
     <br />   
     <asp:ImageButton ID= "btn" ImageUrl = "../Images/btnLogin.gif" OnClick = 
     "submit_Click"  
     runat="server" />
     <asp:CheckBox id="NotPublicCheckBox" runat="server" /> 
     </div>
    </asp:Content>

I've been stuck with this for 2 days now and have researched everything I possibly could.Any help or advice is much appreciated thanks.

I have role manager enabled to true in my web.config. Is there something I am missing? I am not sure about role providers. — user1288906
Please verify your question. As you cannot have two web.config in root directory. — Krishanu Dey

Krishanu Dey Krishanu Dey · Accepted Answer · 2012-05-15T19:58:58

2

votes

Use <deny users="?"/> rather than <deny users="*"/>

Allow Roles does not work

2 Answers