I really need some help I've been banging my head again wall with this one.

I have created login page, username and password stored in sql database but now I need to add roles to webpage. Need them to be stored in database because the high amout of users that will be using this webpage.

Just about every example is in C-sharp and I dont have clue how to program in that language, so I had to piece it together with my own code so I need someone's help to look over my code.

I know this post is long.



Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)
If Not (HttpContext.Current.User Is Nothing) Then
If HttpContext.Current.User.Identity.IsAuthenticated Then
If TypeOf HttpContext.Current.User.Identity Is FormsIdentity Then
Dim id As FormsIdentity = CType(HttpContext.Current.User.Identity, FormsIdentity)
Dim ticket As FormsAuthenticationTicket = id.Ticket
Dim userData As String = ticket.UserData
Dim roles As String() = userData.Split("admin")
HttpContext.Current.User = New GenericPrincipal(id, roles)
End If
End If
End If
End Sub


<authentication mode="Forms">
<allow users="*"/>
<allow roles="admin" />


Imports System.Web.Security
Imports System.Web
Imports System.Data
Imports System.Data.SqlClient

Public Class WebForm1
Inherits System.Web.UI.Page
Protected username As TextBox
Protected Password As TextBox
Protected ErrorLabel As Label
#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

End Sub

'NOTE: The following placeholder declaration is required by the Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
End Sub

#End Region

Sub btnLogin_Click(ByVal sender As Object, ByVal e As EventArgs)
Dim conn As SqlConnection = New SqlConnection("Server=(x);UID=x;Password=x;Database=x") Dim cmd As SqlCommand = conn.CreateCommand
cmd.CommandText = "SELECT roles FROM users WHERE username=@username " + "AND password=@password"

cmd.Parameters.Add("@username", username.Text)

cmd.Parameters.Add("@password", Password.Text)


Dim reader As SqlDataReader = cmd.ExecuteReader

If reader.Read Then
Dim ticket As FormsAuthenticationTicket = New FormsAuthenticationTicket(1, username.Text, DateTime.Now, DateTime.Now.AddMinutes(30), True, reader.GetString(0), FormsAuthentication.FormsCookiePath)
Dim hash As String = FormsAuthentication.Encrypt(ticket)
Dim cookie As HttpCookie = New HttpCookie("MYWEBAPP.ASPXAUTH")
If ticket.IsPersistent Then
cookie.Expires = ticket.Expiration
End If
Dim returnUrl As String = Request.QueryString("ReturnUrl")
If returnUrl Is Nothing Then
returnUrl = "default.aspx"
End If
ErrorLabel.Text = "Username / password incorrect. Please try again."
ErrorLabel.Visible = True
End If
End Sub

End Class


<script runat="server">
sub Page_Load(Object sender, EventArgs e)

if (User.IsInRole("Admin"))
AdminLink.Visible = true;

end sub
<p>Welcome, anonymous user, to our web site.</p>
<asp:HyperLink id="AdminLink" runat="server"
Text="Administrators, click here." NavigateUrl="administrators/"/>


The roles doesnt work right.. I just want admins to beable to see admin link on default.aspx webpage.

what do you mean by it isn't working right? Is it not showing up for admin's, showing up for everyone, etc?

Sorry for the late reply, forgot I post on this forum.

It doesnt work at all, Admin link comes up for all user.