Results 1 to 16 of 16

Thread: Authentication...slight problem :( going round in circles.

  1. #1

    Thread Starter
    Super Moderator Wokawidget's Avatar
    Join Date
    Nov 2001
    Location
    Headingly Occupation: Classified
    Posts
    9,633

    Authentication...slight problem :( going round in circles.

    I have a small ASP.NET web site.
    I have 3 pages...Login, Main and Downloads.
    I use forms security and in my config file I have:
    Code:
    <authentication mode="Forms"> 
       <forms 
          loginUrl="Login.aspx" 
       />
    </authentication>
    <authorization>
       <deny users="?" />
    </authorization>
    I then handle security and login using:
    VB Code:
    1. Dim objTicket As FormsAuthenticationTicket
    2.         Dim objCookie As HttpCookie
    3.         Dim strReturnURL As String
    4.         If ValidateLogin() Then
    5.             objTicket = New FormsAuthenticationTicket(txtUsername.Text, False, 30)
    6.             objCookie = New HttpCookie(".ASPXAUTH")
    7.             objCookie.Value = FormsAuthentication.Encrypt(objTicket)
    8.             Response.Cookies.Add(objCookie)
    9.             strReturnURL = Request.Params("ReturnURL")
    10.             If strReturnURL Is Nothing Then
    11.                 Response.Redirect("Main.aspx")
    12.             Else
    13.                 Response.Redirect(strReturnURL)
    14.             End If
    15.         Else
    16.             lblMessage.Visible = True
    17.             lblMessage.Text = "Invalid username/password."
    18.         End If
    Now, when running in VS it works. I get redirected to the login page until I login. When I do login I get sent to Main page, unless I was previously redirected to the login from another page.

    So, this works when running on LocalHost in VS.
    I now move the folder to my web server.
    Set up an active directory in IIS and browse the site to test it.
    Everything still works fine....exactly how it should.

    BUT when I go to:

    www.fishybadgers.com

    which is a web address pointing at my server then I can see the login screen, but when I log in I get redirected back to the login screen. I have an event table in my SQL Server DB on the server and trace logins. Everything works. Except I get redirected back to the login page...why???

  2. #2
    I wonder how many charact
    Join Date
    Feb 2001
    Location
    Savage, MN, USA
    Posts
    3,705
    Just to ask, is your server running version 1.1, and are the username and password existent on the server db or password file? I would also check the strReturnURl is actually holding the refer url.

  3. #3

    Thread Starter
    Super Moderator Wokawidget's Avatar
    Join Date
    Nov 2001
    Location
    Headingly Occupation: Classified
    Posts
    9,633
    Yes, yes, and yes.
    It all works...in IIS if I browse the site it works.
    Only when I access the site by going to the web site does it not work...

    Although mendhack just tried it, and it worked for him!!!
    But it doesn't even work on my work PC.

    My server is at home in my bedroom.

    Woof

  4. #4

  5. #5
    Frenzied Member
    Join Date
    Feb 2003
    Location
    Argentina
    Posts
    1,950
    I get a "page can not be displayed" error.

  6. #6

  7. #7

  8. #8
    Frenzied Member
    Join Date
    Feb 2003
    Location
    Argentina
    Posts
    1,950
    Yep, ok with Firefox, regular & safe mode. Not with IE, though. Maybe a security setting?

  9. #9

  10. #10
    I wonder how many charact
    Join Date
    Feb 2001
    Location
    Savage, MN, USA
    Posts
    3,705
    hmm... this does the same thing and works for me..

    VB Code:
    1. If isauthenticateduser Then
    2.             'Dim roles As String = GetRoles(txtUserName.Text, txtPassword.Text)
    3.             'create the authentication ticket
    4.             Dim authTicket As FormsAuthenticationTicket = _
    5.             New FormsAuthenticationTicket(1, userguid, DateTime.Now, DateTime.Now.AddMinutes(60), False, "")
    6.  
    7.             'encrypt ticket
    8.             Dim encryptedTicket As String = FormsAuthentication.Encrypt(authTicket)
    9.  
    10.             'create a cookie and add the encrypted ticket to the cookie as data
    11.             Dim authcookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
    12.             'add cookie to outgoing cookies collection
    13.             Response.Cookies.Add(authcookie)
    14.             'redirect user to default page
    15.  
    16.             'go where you want to go
    17.  
    18.             If FormsAuthentication.GetRedirectUrl(userguid, False).IndexOf("default.aspx", 0) > 0 Then
    19.  
    20.                 Response.Redirect("AppMain.aspx")
    21.             Else
    22.                 Response.Redirect(FormsAuthentication.GetRedirectUrl(userguid, False))
    23.             End If

  11. #11
    I wonder how many charact
    Join Date
    Feb 2001
    Location
    Savage, MN, USA
    Posts
    3,705
    Maybe savelinus was on to something though...

    if it works for Firefox but not IE, you must have some sort of security setting in the security tab for IE, that's different from the Internet Zone, and the Intranet Zone.

  12. #12
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    32,983
    Worked for me in FF0.8 and IE6. ??????

    TG
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  13. #13

  14. #14

    Thread Starter
    Super Moderator Wokawidget's Avatar
    Join Date
    Nov 2001
    Location
    Headingly Occupation: Classified
    Posts
    9,633
    right...thank you everyone.

    Bit confused though.

    I go to Tools, Internet Options in IE.

    then to the privicy tab.

    It's set to medium by default.
    If I set it to low, then guess what...it works

    But...

    Why?! Why doesn't VBF's cookies get blocked?
    Why are my cookies different from other cookies???
    And no, it has nothing to do with the fact mine arn't choccy chip

    nemaroller, is your auth code better?

    Woka

  15. #15
    I wonder how many charact
    Join Date
    Feb 2001
    Location
    Savage, MN, USA
    Posts
    3,705
    Woka,

    No... I just saw that my constructor for the new authentication ticket was more verbose, initially I thought perhaps that had something to do with it (?)...

    But if it works changing your security level in IE, then there must be something about your cookie that isn't fully formed perhaps.

    What OS are you running on (XP?) and if XP did you install SP2?

  16. #16
    Fanatic Member pax's Avatar
    Join Date
    Mar 2001
    Location
    Denmark
    Posts
    840
    Originally posted by Wokawidget
    Why?! Why doesn't VBF's cookies get blocked?
    Why are my cookies different from other cookies???
    And no, it has nothing to do with the fact mine arn't choccy chip
    I think it has to do with certificates.
    VBF's cookies has something that identifies them as legit.
    Your's don't (I guess). Which means that you have to accept them explicitly or reduce your security settings.

    Are you absolutely 100% positive that the choccy chip aren't the reason?
    I wish I could think of something witty to put in my sig...

    ...Currently using VS2013...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width