Hello,

I have a little problem and a little trouble to solve it.

Like i already said in the tittle it's about working with roles in a .net webapplication.

I have three roles: students, teachers and admins

students have only the permissions to view files in the students folder, teachers in the teachers folder and so on...

 
first of all this is my web.config

?xml version="1.0"?>
<configuration>
  <!-- forms authenticatie debug = true! Na implementatie -> debug=false -->
  <system.web>
    <compilation debug="true"/>
    <authentication mode="Forms">
      <forms loginUrl="Default.aspx" protection="Validation" timeout="999999"/>
    </authentication>
  </system.web>

  <!-- configuration data -->
  <connectionStrings>
    <add name="ConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\vzwINTERTYP.mdf;Integrated Security=True;" providerName="System.Data.SqlClient" />
  </connectionStrings>
 
  <!-- authorisatie mappen -->
  <location path="leden">
    <system.web>
      <authorization>
        <allow roles="lid" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

  <location path="leerkrachten">
    <system.web>
      <authorization>
        <allow roles="leerkracht" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
 
  <location path="beheerders">
    <system.web>
      <authorization>
        <allow roles="beheerder" />
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
</configuration>

When i log in as a student the systems redirects me immedeatily back to the login page.

Same problem as a teacher.

The login method from a student equals the method from teacher. Therefore I'm going to post only the one of the student.

If (ddlRole.Text = "Student") Then
            Dim myStudent As New InterTyp.Student
            geslaagd = myStudent.Login(txtgebruiker.Text, txtwachtwoord.Text)
           
            If geslaagd = 0 Then
                lblMessage.Text = "Er zijn geen overeenkomende records gevonden in<br>onze database. Probeer opnieuw!"
            End If
           
            If geslaagd = 1 Then
                'FormsAuthentication.SetAuthCookie(txtgebruiker.Text.Trim(), ChkRemember.Checked)
                Dim ticket As New FormsAuthenticationTicket(1, txtgebruiker.Text.Trim(), DateTime.Now(), DateTime.Now.AddDays(1), ChkRemember.Checked, "lid")
                Dim cookie As New HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket))
                Response.Cookies.Add(cookie)
               
                Response.Redirect("leden/ledenmenu.aspx")
            End If

End If

The myStudent.login()-method returns a boolean of the student is found in the database.

 
Thanks in advance and i hope you can help me to solve this problem...
 

I found a very intresting website

http://www.xoc.net/works/tips/forms-authentication.asp

It works now like it should but I need to extend the code now.

Anyway Thanks