Results 1 to 4 of 4

Thread: Can't get Form Authentication to work...

  1. Jun 14th, 2004, 08:55 AM #1
    Wokawidget
    Wokawidget is offline

    Thread Starter
    Super Moderator Wokawidget's Avatar
    Join Date
    Nov 2001
    Location
    Headingly Occupation: Classified
    Posts
    9,632

    Unhappy Can't get Form Authentication to work...

    I have setup a ASP.NET web application.
    I have 2 forms:
    • Login.aspx
    • Main.aspx

    My login page is bog standard. Username and password textboxes, a msg label and a login button.
    My main page has a picture...simple

    The code for the login page is:
    VB Code:
    1. Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

    2.         'Put user code to initialize the page here

    3.         lblMessage.Text = vbNullString

    4.         Session.Abandon()

    5.         FormsAuthentication.SignOut()

    6.     End Sub

    7.  
    8.     Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click

    9.         Dim objTicket As FormsAuthenticationTicket

    10.         Dim objCookie As HttpCookie

    11.         Dim strReturnURL As String

    12.         If IsValid Then

    13.             If txtUsername.Text = "wokawidget" And txtPassword.Text = "woof" Then

    14.                 objTicket = New FormsAuthenticationTicket(txtUsername.Text, False, 5)

    15.                 objCookie = New HttpCookie(".ASPXAUTH")

    16.                 objCookie.Value = FormsAuthentication.Encrypt(objTicket)

    17.                 Response.Cookies.Add(objCookie)

    18.                 strReturnURL = Request.Params("ReturnURL")

    19.                 If strReturnURL Is Nothing Then

    20.                     Response.Redirect("Main.aspx")

    21.                 Else

    22.                     Response.Redirect(strReturnURL)

    23.                 End If

    24.             Else

    25.                 lblMessage.Text = "Incorect username/password"

    26.             End If

    27.         Else

    28.             lblMessage.Text = "Incorect username/password"

    29.         End If

    30.     End Sub
    ...and I have the following in my web.config file:
    Code:
    <authentication mode="Forms">
	<forms
		name=".opsreport" 
		loginUrl="login.aspx" 
		protection="All"
		slidingExpiration="true" 
		timeout = "10"
	/>
</authentication> 
<authorization>
        <allow users="*" /> <!-- Allow all users -->
	<deny users="?" /> <!-- Deny anon users -->    
</authorization>
    Now, according to all the stuff I have read then this should force users to get redirected to my login page if they have not signed in. However, it allows me to view the main.aspx page WITHOUT having to login

    Why?

    Woka
    My .NET Tutorials:
    Silverlight Enabled WebPart in WSS

    My VB.NET Code Examples:
    Create IIS Virtual DirectoryValidate Login Against Active DirectoryAutomatically retrieve Identity field value from inserted DataRow using SQL Server and ADO.NET

    My ASP.NET Code Examples:
    Login To Website (Forms Authentication)Login To Website (Custom Authentication)

    My VB6 Code Projects:
    Multithreading In VB6Custom TooltipsMulti Language SupportItem Selector ControlAnnimated Systray IconSimple Effective Graph ControlDownload From WebLiveUpdate, download application updates from the web automaticallySystray Notification MessagesSkin A FormAPI TimerBadger Messenger, an MSN clone that uses the MSN NetworkWokawidgets VB6 Component Suite
    Reply With Quote Reply With Quote
  2. Jun 14th, 2004, 09:02 AM #2
    Wokawidget
    Wokawidget is offline

    Thread Starter
    Super Moderator Wokawidget's Avatar
    Join Date
    Nov 2001
    Location
    Headingly Occupation: Classified
    Posts
    9,632
    FishCake has just told me that I need to remove this line:
    Code:
    <allow users="*" />
    But I was under the impression that this means ALL users who HAVE signed in can view the pages, and doing:
    Code:
    <deny users="?" />
    Means that to view any page they must me signed in.

    I have removed this line from my web.config file and yes, when I go to Main.aspx it redirects the user to the Login page. This works as I expected.
    However, when I login I try and redirect the user to the main page, as you can see from my login code, but what actually happens is that it gets redirected BACK to my loginscreen even if you enter the valid username and password.

    Am I doing something wrong?

    Woof
    My .NET Tutorials:
    Silverlight Enabled WebPart in WSS

    My VB.NET Code Examples:
    Create IIS Virtual DirectoryValidate Login Against Active DirectoryAutomatically retrieve Identity field value from inserted DataRow using SQL Server and ADO.NET

    My ASP.NET Code Examples:
    Login To Website (Forms Authentication)Login To Website (Custom Authentication)

    My VB6 Code Projects:
    Multithreading In VB6Custom TooltipsMulti Language SupportItem Selector ControlAnnimated Systray IconSimple Effective Graph ControlDownload From WebLiveUpdate, download application updates from the web automaticallySystray Notification MessagesSkin A FormAPI TimerBadger Messenger, an MSN clone that uses the MSN NetworkWokawidgets VB6 Component Suite
    Reply With Quote Reply With Quote
  3. Jun 14th, 2004, 11:28 AM #3
    Fishcake
    Fishcake is offline
    Frenzied Member Fishcake's Avatar
    Join Date
    Feb 2001
    Location
    Derby, UK
    Posts
    1,092
    This isn't something i deal with much as i did it once and always reuse my old code so not sure exactly how formsauthentication works but if you modify your code like this
    VB Code:
    1. Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click

    2.         Dim objTicket As FormsAuthenticationTicket

    3.         Dim objCookie As HttpCookie

    4.         Dim strReturnURL As String

    5.         If IsValid Then

    6.             If txtusername.Text = "wokawidget" And txtPassword.Text = "woof" Then

    7.                 'objTicket = New FormsAuthenticationTicket(txtusername.Text, False,5)

    8.                 FormsAuthentication.SetAuthCookie(txtusername.Text, False)

    9.                 'objCookie = New HttpCookie(".ASPXAUTH")

    10.                 'objCookie.Value = FormsAuthentication.Encrypt(objTicket)

    11.                 'Response.Cookies.Add(objCookie)

    12.  
    13.                 strReturnURL = Request.Params("ReturnURL")

    14.                 If strReturnURL Is Nothing Then

    15.                     Response.Redirect("Main.aspx")

    16.                 Else

    17.                     Response.Redirect(strReturnURL)

    18.                 End If

    19.             Else

    20.                 lblmessage.Text = "Incorect username/password"

    21.             End If

    22.         Else

    23.             lblmessage.Text = "Incorect username/password"

    24.         End If

    25.     End Sub
    You will be redirected as expected and if you wish you can still go ahead and set your own cookie.
    Reply With Quote Reply With Quote
  4. Jun 14th, 2004, 06:23 PM #4
    Wokawidget
    Wokawidget is offline

    Thread Starter
    Super Moderator Wokawidget's Avatar
    Join Date
    Nov 2001
    Location
    Headingly Occupation: Classified
    Posts
    9,632
    What is the difference in security there?

    Woka
    Last edited by Wokawidget; Jun 14th, 2004 at 06:38 PM.
    My .NET Tutorials:
    Silverlight Enabled WebPart in WSS

    My VB.NET Code Examples:
    Create IIS Virtual DirectoryValidate Login Against Active DirectoryAutomatically retrieve Identity field value from inserted DataRow using SQL Server and ADO.NET

    My ASP.NET Code Examples:
    Login To Website (Forms Authentication)Login To Website (Custom Authentication)

    My VB6 Code Projects:
    Multithreading In VB6Custom TooltipsMulti Language SupportItem Selector ControlAnnimated Systray IconSimple Effective Graph ControlDownload From WebLiveUpdate, download application updates from the web automaticallySystray Notification MessagesSkin A FormAPI TimerBadger Messenger, an MSN clone that uses the MSN NetworkWokawidgets VB6 Component Suite
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width