ASP.net role based authorization using froms authentication fails

Hi Dot Net Gurus,

I am trying to implement a simple role based authorization using forms authentication in ASP.net. It works perfectly fine in my local system but fails when I deploy in production (shared hosting). Whenever I try to log in, rather than taking me to the default page in specified directory it throws me back to the login page. I suspect that there is some issues with the configuration but not sure where the problem is. The code is provided below:

Web.config (root):

<authentication mode="Forms">
	<forms name="userId" loginUrl="Login.aspx" defaultUrl="Default.aspx" path="/" timeout="240" requireSSL="false" />
</authentication>

Web.config (Member directory):

<configuration>
    <appSettings/>
    <connectionStrings/>
    <system.web>        
        <authorization>
            <allow roles="Member" />
            <deny users="*" />
        </authorization>
    </system.web>
</configuration>

Login.aspx:

    protected void btnLogin_Click(object sender, ImageClickEventArgs e)
    {
        String email = "";
        String password = "";
        try
        {
            email = txtEmail.Text;
            password = txtPassword.Text;

            Member member = null;            
            member = _memberService.GetMemberByEmailAndPassword(email,password);

            if (member != null)
            {
                FormsAuthentication.Initialize();
                String strRoles = "Member";

                
                FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
                    txtEmail.Text, 
                    DateTime.Now,
                    DateTime.Now.AddMinutes(30), 
                    false, 
                    strRoles,
                    FormsAuthentication.FormsCookiePath);
                Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(fat)));

                Response.Redirect("~/Member/Default.aspx");
            }
            else
            {
                lblShowMessage.Text = "Login failed.";
            }
        }
        catch (Exception ex)
        {
            lblShowMessage.Text = "Login failed.";
        }
    }

Global.asax:

<%@ Application Language="C#" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Security.Principal" %>

    protected void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        //Fires upon attempting to authenticate the use
        if (!(HttpContext.Current.User == null))
        {
            if (HttpContext.Current.User.Identity.IsAuthenticated)
            {
                if (HttpContext.Current.User.Identity.GetType() == typeof(FormsIdentity))
                {
                    FormsIdentity fi = (FormsIdentity)HttpContext.Current.User.Identity;
                    FormsAuthenticationTicket fat = fi.Ticket;

                    String[] astrRoles = fat.UserData.Split('|');
                    HttpContext.Current.User = new GenericPrincipal(fi, astrRoles);
                }
            }
        }
    }

Works fine in local machine but shared hosting is not taking the authenticated user to the pages inside the secured folders. What can be the issue? Any pointers would be welcome.

-Das

Re: ASP.net role based authorization using froms authentication fails

Since you're using shared hosing, have you tried setting the applicationName attribute in the membership provider section in the web.config to some unique name?

Also, are customErrors on? If so, where does it redirect when an error is thrown? If it's the login page, I'd suggest turning off customErrors to troubleshoot the issue. It may provide you with more information.