Hello,
I get back to an old web app where the authentication does not work.
we can always access the pages even if we don't have the correct role.
it seems that some part are missing in the solution but I don't know which ones
to resume
I have i my web.config the below settings
<roleManager defaultProvider="SqlProviderRoles" enabled="true"><providers><clear/><add name="SqlProviderRoles" type="System.Web.Security.SqlRoleProvider" connectionStringName="appConnectionString" applicationName="app.Config"/></providers></roleManager><membership defaultProvider="SqlProviderMembership" userIsOnlineTimeWindow="15"><providers><clear/><add name="SqlProviderMembership" type="System.Web.Security.SqlMembershipProvider" connectionStringName="appConnectionString" applicationName="app.Config" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed"/></providers></membership>
the appconnectionstring point to a sql membership table that contains user and role access
I have also a web.sitemap page where pages access are controled by role access, and a ref to this sitemap in the web.config like below
<siteMap enabled="true" defaultProvider="XmlSiteMapProvider"><providers><add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="Web.sitemap" securityTrimmingEnabled="true"/></providers></siteMap>
I don't have any authentication node in the web.config but I tried Windows and it's not working either
I just want that a user that is already login on the domain network can access pages based on he's role defnied in the SQL table