0

sorry for my poor english.

The Facts:

  • ASP.NET MVC3
  • EF5.
  • FormAuthentication
  • roleManager disabled

My implementation follows this concept! + See Code below

Everything works well on

  • a local Server IIS Win7 (WebDeploy)
  • & my old Windows Server 2008

until I deployed the App to a

  • new Windows Server 2008 Web

I have issues with the roles

  • isInRole() and the
  • [Authorize(Roles = "member,admin")] Attribute

is not working properly.

Here are some code snippets + debug output

Helper Class

public static class UserHelper
{
        public static bool IsAdmin(this ViewUserControl pg)
        {
            // @TODO Delete (Glimpse output)

            string s = HttpContext.Current.User.IsInRole("admin") ? "UserHelper.IsAdmin()  IsInRole() == true" : "UserHelper.IsAdmin() Application_AuthenticateRequest  IsInRole() == false";
            string b = pg.Page.User.IsInRole("admin") ? "UserHelper.IsAdmin()  IsInRole() == true" : "UserHelper.IsAdmin() Application_AuthenticateRequest  IsInRole() == false";

            Trace.Write(s);
            Trace.Write(b);           

            var id = HttpContext.Current.User.Identity as FormsIdentity;
            Trace.Write("UserHelper.isAdmin(): UserData"+id.Ticket.UserData);

            // ============================

            return HttpContext.Current.User.IsInRole("admin");
        }
}

Global.asax.cs

public class MvcApplication : HttpApplication
{
    protected void Application_AuthenticateRequest(Object sender, EventArgs e)
    {
        if (HttpContext.Current.User == null) return;
        if (!HttpContext.Current.User.Identity.IsAuthenticated) return;
        if (!(HttpContext.Current.User.Identity is FormsIdentity)) return;

        var id = HttpContext.Current.User.Identity as FormsIdentity;
        var userState = new UserState();
        userState.FromString(id.Ticket.UserData);
        HttpContext.Current.User = new GenericPrincipal(id, userState.Rollen.Split(new[] { ',' }));

        // @TODO Delete (Glimpse output)
        Trace.Write("Global.asax.cs -> Application_AuthenticateRequest Userdata: "+id.Ticket.UserData);
        string s = HttpContext.Current.User.IsInRole("admin") ? "Global.asax.cs -> Application_AuthenticateRequest IsInRole() == true" : "Global.asax.cs -> Application_AuthenticateRequest IsInRole() == false";
        Trace.Write(s);
    }

AccountController.cs (Example)

   [Authorize(Roles = "member,admin")]
   [UserActive]
   public ActionResult ChangePassword()
   {
     return View();
   }

FormAuthService.cs

public class FormAuthService : IFormsAuthentication
{
    public void Login(string userName, bool createPersistentCookie, IEnumerable<string> roles, int? userID = null)
    {
        var str = string.Join(",", roles);

        var userData = new UserState
        {
            Benutzername = userName,
            ID = userID.HasValue ? userID.Value : 0,
            Rollen = str,
            IsAdmin = str.Split(',').Contains("admin")
        };

        var authTicket = new FormsAuthenticationTicket(
            1,
            userName,
            DateTime.Now,
            DateTime.Now.AddDays(30),
            createPersistentCookie,
            userData.ToString(),
            "/"
        );

        var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(authTicket));

        if (authTicket.IsPersistent)
            cookie.Expires = authTicket.Expiration;

        HttpContext.Current.Response.Cookies.Add(cookie);
    }
}

I was debugging my code with Glimpse. What I'm trying to achieve is the first screenshot...

In my UserHelper Class and all other Classes with the Attribute [Authorize] it works locally with this Setup.

But when I deploy the Application to my Remote IIS it doesn't recognize that I'm logged in as admin (I'm logged in but the roles aren't working). You can see, in the second screenshot the UserData with "admin" is there but the IsInRole Method fails....

Screenshots:

localhost http://s13.postimg.org/o9uqhlv6v/wi_local_glimpse_works.png

Remote Server http://s9.postimg.org/pcavzvczj/wi_local_glimpse_works23.png

What I'm missing? Anyone experienced the same problem?

Community
  • 1
  • 1
Kevin Regenrek
  • 842
  • 2
  • 8
  • 17
  • This may be obvious but did you check the remote database to ensure that your User tables and rows for the roles exist? It might be as simple as creating the tables & data. – Rich Bianco Aug 06 '13 at 15:42
  • Hi, the database should be fine. I'm using the same (remote) database in my local environment as on my production server. I checked it twice. – Kevin Regenrek Aug 06 '13 at 16:01

1 Answers1

1

ok I solved it myself, This post got me on the right track.

One problem was, that I couldn't change the directory permissions for the Application Pool User in the Default Web Site

So I created a New Website in IIS 7.5 and deployed my Application again.

Then I checked the permission for the application pool User to the directory.

D:\webapplication -> right click -> Properties -> Security -> allow modify 
for the Application Pool User.

Last I got some error for some .dll's missing (really don't know why). So I upgraded my ASP.NET MVC 3 Application to MVC 4 and everything works now (local and remote).

Kevin Regenrek
  • 842
  • 2
  • 8
  • 17