I have setup a ASP.NET web application.
I have 2 forms:
My login page is bog standard. Username and password textboxes, a msg label and a login button.
My main page has a picture...simple 
The code for the login page is:
VB Code:
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
lblMessage.Text = vbNullString
Session.Abandon()
FormsAuthentication.SignOut()
End Sub
Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
Dim objTicket As FormsAuthenticationTicket
Dim objCookie As HttpCookie
Dim strReturnURL As String
If IsValid Then
If txtUsername.Text = "wokawidget" And txtPassword.Text = "woof" Then
objTicket = New FormsAuthenticationTicket(txtUsername.Text, False, 5)
objCookie = New HttpCookie(".ASPXAUTH")
objCookie.Value = FormsAuthentication.Encrypt(objTicket)
Response.Cookies.Add(objCookie)
strReturnURL = Request.Params("ReturnURL")
If strReturnURL Is Nothing Then
Response.Redirect("Main.aspx")
Else
Response.Redirect(strReturnURL)
End If
Else
lblMessage.Text = "Incorect username/password"
End If
Else
lblMessage.Text = "Incorect username/password"
End If
End Sub
...and I have the following in my web.config file:
Code:
<authentication mode="Forms">
<forms
name=".opsreport"
loginUrl="login.aspx"
protection="All"
slidingExpiration="true"
timeout = "10"
/>
</authentication>
<authorization>
<allow users="*" /> <!-- Allow all users -->
<deny users="?" /> <!-- Deny anon users -->
</authorization>
Now, according to all the stuff I have read then this should force users to get redirected to my login page if they have not signed in. However, it allows me to view the main.aspx page WITHOUT having to login 
Why?
Woka
Can't get Form Authentication to work...
Reply With Quote