Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

forms authentication

Status
Not open for further replies.
JohnBeton

JohnBeton

Programmer
Feb 9, 2004
21
BE
Hi everyone,

I have a problem with forms authentication. It seems to be a problem that occurs a lot (found a lot of people on forums with the same problem) but i can't find a descent solution.

The thing is that when an unauthenticated user wants to access a secured page, he gets transferred to the loginpage.
There he can enter his credentials, after pressing the loginButton the application looks up his id and password in a database. A valid login fires the FormsAuthentication.RedirectFromLoginPage method.
But then it goes wrong: instead of going to the secured page, he returns to the login-page again.

What am i doing wrong ? any help is appreciated
 
Sort by date Sort by votes
I can't really say what you are doing wrong (you may be able to tell by stepping through your code) but here's an MSDN article that you can follow to make sure you have coded the various steps correctly:


--------------------------------------------------------------------------------------------------------------------------------------------

Need help finding an answer?

Try the search facility ( or read FAQ222-2244 on how to get better results.
 
Upvote 0 Downvote
my code:

web.config file from the secured webpage (location: schippers/nl/index.aspx):
Code: 
<authentication mode="Forms" > 
  <forms loginUrl="[URL unfurl="true"]http://localhost/schippers/webLogin/schippersLogin.aspx">[/URL]
  </forms>
</authentication>

<authorization>
        <deny users="?" /> 
</authorization>

loginpage code (location: schippers/webLogin/schippersLogin.aspx)
Code: 
Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnLogin.Click
        If checkUser(txtUser.Text, txtPass.Text, cn) Then
            FormsAuthentication.RedirectFromLoginPage(txtUser.Text, chkRemember.Checked)
        Else
            lblErr.Text = "Invalid username and/or password."
            txtUser.Text = String.Empty
            txtPass.Text = String.Empty
        End If
    End Sub

    Private Function checkUser(ByVal name As String, ByVal pwd As String, ByVal cn As OleDbConnection) As Boolean
        Dim myReader As OleDbDataReader
        Dim myCommand As OleDbCommand = New OleDbCommand("SELECT * from tblUsers where usrID = '" & name & "' and usrPassword = '" & pwd & "'", cn)

        Try
            If (Not cn.State.Equals(ConnectionState.Open)) Then
                cn.Open()
            End If
            myReader = myCommand.ExecuteReader()
            If myReader.HasRows Then
                checkUser = True
            Else
                checkUser = False
            End If
        Catch ex As Exception
            lblErr.Text = ex.Message
            checkUser = False
        Finally
            If (cn.State.Equals(ConnectionState.Open)) Then
                cn.Close()
            End If
        End Try
    End Function

It's the 'RedirectFromLoginPage'-method that fails, the rest of the code is going fine.
Hope you can help me with this...
 
Upvote 0 Downvote
Hi,

Shouldn't your web.config read like so:

<system.web>


<!-- Other stuff -->
<compilation defaultLanguage="vb" debug="false" />
<customErrors mode="Off" />

<!-- Forms auth -->
<authentication mode="Forms">
<forms name="PWAuth" loginUrl="YourloginPage.aspx" timeout="60" protection="All" path="/" />
</authentication>

</system.web>

<location path="schippersLogin.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>

</configuration>

hth
j

----------------------------------------------------------------------------------------
 
Upvote 0 Downvote
hmm, I'm not sure...

I got the web.config from the microsoft tutorial on this matter.

By adding the location element:
<location path="schippersLogin.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Doesn't that mean that unauthorized users can NOT acces the schipperslogin.aspx page ?
 
Upvote 0 Downvote
Sorry yes,

The location is an area where you can put the pages you wish to protect.

<system.web>


<!-- Other stuff -->
<compilation defaultLanguage="vb" debug="false" />
<customErrors mode="Off" />

<!-- Forms auth -->
<authentication mode="Forms">
<forms name="PWAuth" loginUrl="schipperslogin.aspx" timeout="60" protection="All" path="/" />
</authentication>

</system.web>

<location path="ThePageToProtect.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>

</configuration>



----------------------------------------------------------------------------------------
 
Upvote 0 Downvote
ic...
But what's the difference between using the location-area or just put the:
<authorization>
<deny users="?" />
</authorization>
in the web.config of the 'pageToProtect.aspx' ?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Moregelen
  • Locked
  • Question
Domain Authentication
Replies
0
Views
323
Moregelen
Moregelen
G12Consult
  • Locked
  • Question
Forms authentication not working
Replies
4
Views
241
Rajkumarrrrr
Rajkumarrrrr
NoCoolHandle
  • Locked
  • Question
Integrate Facebook (social) logins with Forms authentication..
Replies
0
Views
97
NoCoolHandle
NoCoolHandle
WIREMESH
  • Locked
  • Question
Adding https to existing ASP.NET 2.0 web forms application
Replies
1
Views
128
jbenson001
jbenson001
tshad
  • Locked
  • Question
Windows forms show and showdialog working differently displaying datagridview
Replies
3
Views
116
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top