FromsAuthentication.RedirectFromLoginPage - problem [*Resolved*]
Hello
I am using forms authentication which worked fine using this code below. In the project l have customerlist set as the startup page, and a login page. If there are no cookies on the users computer it will rediret to the customerlist page, else the login page will display and ask the user to login. All this works fine.
Code:
//When the user clicks the login button - execute this code
if ( FromsAuthentication.Authenticate( txtUsername.Text, txtPassword.Text) )
{
FromsAuthentication.RedirectFromLoginPage(txtUsername.Text, chkRemember.Checked)
}
In the web.config file l had the usernames and passwords.
<authentication mode="Forms">
<forms name="AuthTicket" protection="All"
loginUrl="Login.aspx" path="/" timeout="20">
<credentials passwordFormat="Clear">
<user name="John" password="john"/>
<user name="Mary" password="mary"/>
<user name="Glen" password="glenn"/>
</credentials>
</forms>
</authentication>
and....
<location path="CustomerList.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
I have now changed this to use a database, so i am not using the code in the web.config file. This is because there will be a lot of people accessing. So l am using a sql query to see if the username and password is in the database. My problem is how can l check for cookies and then redirect to the customerlist page. When l am not using the web.config file.
Code:
//This is the code l am using
//Check to see if there are any cookies on the users computer - Don't know how to do this
try
{
SqlConnection cnn = new SqlConnection("server = steves-pc; initial catalog = Condo; integrated security = true");
cnn.Open();
SqlCommand cmd = cnn.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "SELECT * FROM [User] " +
"WHERE username = '" + username + "' AND UserPassword = '" + userPassword + "' ";
SqlDataReader dr = cmd.ExecuteReader(CommandBehavior.SingleRow);
if ( dr.Read() )
{
if ( dr["Username"].ToString() == username && dr["UserPassword"].ToString() == userPassword )
{
FromsAuthentication.SetAuthCookie(Username, ture)
//Redirect to the customerlist page - Don't know how to do this
}
else
{
//Deny access
}
}
else
{
//Deny access;
}
}
Thanks in advance,
Steve
Re: FromsAuthentication.RedirectFromLoginPage - problem
You still need to use the web.config file as follows:
Code:
<authentication mode="Forms">
<forms name="AuthTicket" protection="All"
loginUrl="Login.aspx" path="/" timeout="20">
</forms>
</authentication>
and....
<location path="CustomerList.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Instead of using FromsAuthentication.SetAuthCookie use FormsAuthentication.RedirectFromLoginPage (it has the same arguments). This method will create the authentication ticket and sort out all the page redirection for you.
Does that cover everything?
DJ
Re: FromsAuthentication.RedirectFromLoginPage - problem
Whoops ignore that - I've just read your post again - I'm still half-asleep!
DJ
Re: FromsAuthentication.RedirectFromLoginPage - problem
To check if a user is logged in use User.Identity.IsAuthenticated which returns a Boolean value.
Thing is if the user is logged in they won't be redirected to the login page in any case (you do still need the code in the web.config in my first post).
DJ
Re: FromsAuthentication.RedirectFromLoginPage - problem
Hello,
Thanks for your help. This is my code that works.
Code:
private void btnLogin_Click(object sender, System.EventArgs e)
{
bool grantAccess = false;
try
{
Condo.CondoServices loginAccess = new Condo.CondoServices();
grantAccess = loginAccess.login(txtUsername.Text,txtPassword.Text);
//Once the user has been granted set cookie and redirect to mainMenu page
if ( grantAccess == true )
{
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text,chkRememberCredentials.Checked);
}
else if ( grantAccess == false ) //Deny access to this user
{
lblMessage.Text = "Access denied - username or password incorrect";
}
}
catch ( SqlException ex )
{
Response.Write(ex.Message);
}
catch ( Exception ex )
{
Response.Write(ex.Message);
}
}
this is the code in the web.config file.
Code:
<authentication mode="Forms">
<forms name="AuthTicket" protection="All"
loginUrl="Login.aspx" path="/" timeout="20">
</forms>
</authentication>
<location path="mainMenu.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Thanks
Steve
