login problem

Hi

I have an asp.net 2.0 project and am experiencing a problem.

In the project, I am trying to make use of Membership.

I have one Role, called "Basic User" and two users - "admin" and "test".

"admin" is a member of the Role but "test" is not.

I have only a few pages in the project at the moment: -

• SecurePage.aspx - The page I want only authenticated users that are members of the Role to use.

• Login.aspx - Login page

• Unauthorized.aspx - Informs user that they cannot view the secure page because of a lack of permissions

SecurePage.aspx just contains a ChangePassword control.

Unauthorized.aspx has some text and a LoginStatus control.

So in the SecurePage.aspx, I have this code to handle this: -

Protected Sub form1_Load(ByVal sender As Object, ByVal e As System.EventArgs)

If User.Identity.IsAuthenticated = False Then
Server.Transfer("login.aspx")
End If

If Roles.IsUserInRole("Basic User") = False Then
Server.Transfer("unauthorized.aspx")
End If

End Sub

If I go to the SecurePage and am not authenticated, it transfers me to login.aspx.

If I then login with the user "admin", which is in the Role "Basic User", it works ok.

If I first login with "test", which is NOT in the Role, then I am transfered to the "unauthorized.aspx" page.

However, if I click "Logout" on the LoginStatus control on the "unauthorized" page it refreshes and changes to display "Login".

So, if I then click "Login", I am taken back to the login page. The URL in the address bar at this point is: -

http://localhost:1489/Lesson09/login...uthorized.aspx

If I then login with using "admin" - which is a member of the Role - this is where I get a problem.

Instead of being taken to the SecurePage.aspx as expected, I get taken back to the "unauthorized.aspx" page.

This is obviously wrong.

Now, I know that this should work but does anybody know why it is not working?

Is there some settings or something I need to change on my PC? Am I missing a step or not doing something?

I've checked the obvious things - like that the user was actually in the Role etc.

However, I just cannot get this to work.

I am new to ASP.Net and so I don't really know where to start to look for what the problem is?

I have gone through re-doing the project twice now and I still get the same problem.

For info, I am using: -

- Visual Studio .Net 2005 (Professional) (up to date)
- Latest .Net installed
- Windows XP Pro
- Internet Explorer 6 (version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519) SP2
- Code from a training video via www.asp.net (asp.net 2.0 - Lesson 09 - Bob Tabor)

I have tried using "Response.Redirect" instead but get the same problem.

I would very much appreciate any help or advice on this problem.

Thanks in advance.

Kind regards
Darren Brook
email: darrenbrook@btconnect.com