Thread: authenticated..but...

Using forms authentication...
simple login form...

after user authenticates him / her self I want to take the user to another page...

But I noticed in ASP.net when one authenticates him / her self the login page just gets posted back when using:

FormsAuthentication.RedirectFromLoginPage(UserName, chkPersistant)

So what do I need to do here?

The app currently posts back to itself...

I read something that said
"We are calling the FormsAuthentications.RedirectFromLoginPage method, which takes care of granting ther authentication cookie to the client and then redirecting the client to the page she originally requested..."

Umm OK...but my app just posts back to the login.aspx page.

For instance, lets say a user tries to access a page without being authenticated, I use the loginURL attribute to set the login page for unauthenticated users in my web.config file. This works fine by redirecting the end user to that page. But once the user DOES authenticate themselves it simply reposts that login.aspx page, it does not take them to the page they were trying to go to.

Anyone have a clue ???

Where exactly does that go?

Code:

<%@ Page Language="VB" %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SqlClient" %>

<script runat="server">

    Sub Page_Load

    End Sub
    
    Sub Button_Click( s As Object, e As EventArgs )
       lblMessage.Text = ""
       If IsValid Then
         If DBAuthenticate( txtUsername.Text, txtPassword.Text ) > 0 Then
           FormsAuthentication.RedirectFromLoginPage( txtUsername.Text, chkRemember.Checked )
         End If
       End If
    End Sub
    
    Function DBAuthenticate( strUsername As String, strPassword As String ) As Integer
       Dim conMyData As SqlConnection
       Dim cmdSelect As SqlCommand
       Dim parmReturnValue As SqlParameter
       Dim intResult As Integer
    
	'try and make a connection   
	Try
	       conMyData = New SqlConnection( ConfigurationSettings.AppSettings("strConn") )
	       cmdSelect = New SqlCommand( "DBAuthenticate", conMyData )
	       cmdSelect.CommandType = CommandType.StoredProcedure
	       parmReturnValue = cmdSelect.Parameters.Add( "RETURN_VALUE", SqlDbType.Int )
	       parmReturnValue.Direction = ParameterDirection.ReturnValue
	       cmdSelect.Parameters.Add( "@username", strUsername )
	       cmdSelect.Parameters.Add( "@password", strPassword )
	       conMyData.Open()
	       cmdSelect.ExecuteNonQuery()
	       intResult = cmdSelect.Parameters( "RETURN_VALUE" ).Value
       	'catch any exceptions that might be thrown
	Catch e as Exception
		Response.Write("An Error Occurred: " & e.toString())
	'clean up and close resources
	Finally
		conMyData.Close()
	End Try
			
       If intResult < 0 Then
         If intResult = -1 Then
           lblMessage.Text = "Username Not Registered!"
         Else
           lblMessage.Text = "Invalid Password!"
         End If
       End If
       Return intResult
    End Function

</script>

That is my script

woka

it does not work here...

Woka,

I have 2 web.config files. One sits on the root directory because this allows ANY user to access login.aspx, and registration.aspx.
Inside of this web.config file:

Code:

 <authentication mode="Forms"> 
	<forms
		name=".IMSCookie" 
		loginUrl = "/login.aspx"
		protection = "All"
		path="/" />
	</authentication>

Notice there is no authorization attribute...

In a path within the root called /sites I have another web.config file. This web config file has

Code:

	<authorization>
		<deny users="?" />
	</authorization>

This means ONLY authenticated users can access these pages...

So my problem still exists...anyone else ?

Originally posted by Wokawidget
Hmmm...ok. Never done auth over different virtual dirs.
Hmmmm.
One thing.
Why don't you have:

Code:

<authorization>
   <allow users="?" />
</authorization>

in your root config?

Also, do you have <Authentication> in the path /Sites?

Will be at home in 30mins.

Woka

Errrr...

In the root config I do NOT need to authorize authenticated users. I want to allow any user to access login.aspx / register.aspx that is why I dont. Many many asp.net applications are built like this.
I dont think I need authentication path in the /sites directory because it inherits from the root.

Gosh darn no frigging asp.net site or forum is any good

Does ANYONE on the web have a clue about anything ???

Whats a good asp forum ? And dont say asp.net since that one is just ridiculious with the pathetic "Must review your post before you submit it" feature.

Originally posted by Wokawidget
Didn't know it automatically inherrited it from the root.

Code:

<authorization>
   <allow users="?"/>
</authorization>

ALLOWS anon users...it doesn't deny them.

17 mins and I will be at home.
I'll write a test thingy and see what I can come up with.

I know how you feel when you can't find the correct info on the web...it's well annoying Makes you want to give up *boooo*

Woka

I got it ... it was a problem with the database actually which was odd rather than the code. Deleted the record and recreated the user id. I think it is because I had just recently set it to an identity and my old loginid was actually 0