Well, I learned a hard lesson tonight. I had wired up the SqlMembershipProvider for this web site I'm working on and things seemed to be working perfectly when I was testing earlier, then I noticed that I had left an "i" out of the Role Name Administrator, calling it Adminstrator instead. Simple mistake. I deleted all the users & the errant role & re-added it correctly. this evening when I came back, i couldn't get to any of the pages in my Admin directory (which was protected by access rules). No matter what I tried, i just kept getting kicked back to my log-in page.
I checked everything very carefully & couldn't find anywhere that Administrator was misspelled or anything. After a while I ended up just sitting & staring at the ASP.NET Web Site Administration tool, after a few minutes I started to read what was on the screen in front of me & wouldn't you know, the MembershipProvider uses "short-circuit" logic. Whichever access rule it comes upon first that matches it uses.
Basically what was happening was that ASP.NET was finding my "Subscriber" role before it would find my "Administrator" role. It would assume then that I was not an Administrator, had no access in the Admin directory, & dutifully kick me back to the log-in page.
Anyways, I don't know how many folks this will really apply to, but... if you happen to be wiring up a Membership provider for an ASP.NET site & you have secured subdirectories in your website based on application roles, it's good to keep this short-circuit logic in mind.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment