473,706 Members | 2,543 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

ASP.NET Forms Authentication

I'm trying to figure out the ASP.NET Forms Auth

I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want to manually authenticate users to provide acess

My project has 2 web.config files... the default file
<authenticati on mode="Forms"><f orms loginUrl="Login .aspx" protection="All " timeout="30" path="/SecureSite"/></authentication> <authorization> <allow users="?" /></authorization

This allows users accress to my default page, reg page and a few others..

if the user clicks on a link that takes them to the SecureSite dir, my app auto navaigates to the login page

on the login button

cCustomer oCust = new cCustomer()

if (oCust.LoginCus tomer(txtUserna me.Text.ToStrin g(), txtPassword.Tex t.ToString()) ==true

HttpCookie cookie = FormsAuthentica tion.GetAuthCoo kie (txtUsername.Te xt.ToString(),c hkPersist.Check ed)
cookie.Expires = DateTime.Now.Ad d(new TimeSpan(30, 12, 30, 0))
Response.Cookie s.Add (cookie)
Response.Redire ct (FormsAuthentic ation.GetRedire ctUrl (txtUsername.Te xt.ToString(),c hkPersist.Check ed))
and the web.config file in the SecureSite dir
<authorization> <deny users="?" /></authorization

The problem is..

The code authorizes the user... it even runs Response.Redire ct, with the correct page, but the page goes back to the login form endlessly... Do i have a config file setting wrong? What do you think

Any ideas

Thanks
Gavin Steven
ga***@yourcompu ter.com
Nov 18 '05 #1
5 2876
Have you tried using FormsAuthentica tion.RedirectFr omLoginPage, rather than
setting the cookie manually and doing a Response.Redire ct? Maybe the cookie
is being lost when Response.Redire ct is called directly? (just guessing -
I've never tried it your way)

Pete Beech

"Gavin Stevens" <an*******@disc ussions.microso ft.com> wrote in message
news:9C******** *************** ***********@mic rosoft.com...
I'm trying to figure out the ASP.NET Forms Auth.

I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want to
manually authenticate users to provide acess.
My project has 2 web.config files... the default file:
<authenticati on mode="Forms"><f orms loginUrl="Login .aspx" protection="All " timeout="30"
path="/SecureSite"/></authentication> <authorization> <allow users="?"
/></authorization>
This allows users accress to my default page, reg page and a few others...

if the user clicks on a link that takes them to the SecureSite dir, my app auto navaigates to the login page.
on the login button:

cCustomer oCust = new cCustomer();

if (oCust.LoginCus tomer(txtUserna me.Text.ToStrin g(), txtPassword.Tex t.ToString()) ==true) {
HttpCookie cookie = FormsAuthentica tion.GetAuthCoo kie (txtUsername.Te xt.ToString(),c hkPersist.Check ed); cookie.Expires = DateTime.Now.Ad d(new TimeSpan(30, 12, 30, 0));
Response.Cookie s.Add (cookie);
Response.Redire ct (FormsAuthentic ation.GetRedire ctUrl (txtUsername.Te xt.ToString(),c hkPersist.Check ed)); }

and the web.config file in the SecureSite dir:
<authorization> <deny users="?" /></authorization>

The problem is...

The code authorizes the user... it even runs Response.Redire ct, with the correct page, but the page goes back to the login form endlessly... Do i
have a config file setting wrong? What do you think?
Any ideas?

Thanks,
Gavin Stevens
ga***@yourcompu ter.com

Nov 18 '05 #2
Yes, I tried that... I'm thinking the problem if more in the way I have the whole thing configured with the web.config files and the site structure rather than the methods... Not sure exactly..

Gavin
Nov 18 '05 #3
I've had a closer look at what you've got - I think the path setting in the
form element is at least part of the problem. The path attribute is not the
path to secure, but the path for the cookie..*

You've already secured the path in the web.config file using the
authorization element - so remove the path attribute from the <forms> tag,
and see if that helps.

Cheers,
Pete Beech
PS. In case that doesn't work, I also usually do the basic authentication
similar to this - i.e:

if (MyAuthenticate Method(UserName .Text,
UserPassword.Te xt))
{
FormsAuthentica tion.RedirectFr omLoginPage(Use rName.Text,
Persist.Checked );
}

assuming UserName and UserPassword textboxes, and a Persist checkbox
* From the quickstart docs, it states that this is the "path to use for the
issued cookie. The default value is "/" to avoid difficulties with
mismatched case in paths, since browsers are strictly case-sensitive when
returning cookies. Applications in a shared-server environment should use
this directive to maintain private cookies. (Alternatively, they can specify
the path at runtime using the APIs to issue cookies.)"

"Gavin Stevens" <an*******@disc ussions.microso ft.com> wrote in message
news:55******** *************** ***********@mic rosoft.com...
Yes, I tried that... I'm thinking the problem if more in the way I have the whole thing configured with the web.config files and the site structure
rather than the methods... Not sure exactly...
Gavin

Nov 18 '05 #4
First, I don't see in your code, where did you set the Auth cookie? Use
FormsAuthentica tion.SetAuthCoo kie, not GetAuthCookie.
You do not have to set manually an expiration on that cookie - it is done in
the web.config.

Second - Problem is actually here - do you run 2 applications (I see 2
web.config files)? You don't have to. Just configure you first web.config
appropriately:
<?xml version="1.0"?>
<configuratio n>

<-- This is for you public part -->
<system.web>
...
<authenticati on mode="Forms">
<forms loginUrl="login .aspx" name="MyAuthCoo kie" timeout="30" />
</authentication>
<authorizatio n>
<allow users="*" />
</authorization>
...
</system.web>
...

<-- This is for you secure part -->
<location path="SecureSit e/">
<system.web>
...
<authenticati on mode="Forms">
<forms loginUrl="login .aspx" name="MyAuthCoo kie"
timeout="30" />
</authentication>
<authorizatio n>
<deny users="?" />
</authorization>
...
</system.web>
</location>

</configuration>

"Gavin Stevens" <an*******@disc ussions.microso ft.com> wrote in message
news:9C******** *************** ***********@mic rosoft.com...
I'm trying to figure out the ASP.NET Forms Auth.

I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want to
manually authenticate users to provide acess.
My project has 2 web.config files... the default file:
<authenticati on mode="Forms"><f orms loginUrl="Login .aspx" protection="All " timeout="30"
path="/SecureSite"/></authentication> <authorization> <allow users="?"
/></authorization>
This allows users accress to my default page, reg page and a few others...

if the user clicks on a link that takes them to the SecureSite dir, my app auto navaigates to the login page.
on the login button:

cCustomer oCust = new cCustomer();

if (oCust.LoginCus tomer(txtUserna me.Text.ToStrin g(), txtPassword.Tex t.ToString()) ==true) {
HttpCookie cookie = FormsAuthentica tion.GetAuthCoo kie (txtUsername.Te xt.ToString(),c hkPersist.Check ed); cookie.Expires = DateTime.Now.Ad d(new TimeSpan(30, 12, 30, 0));
Response.Cookie s.Add (cookie);
Response.Redire ct (FormsAuthentic ation.GetRedire ctUrl (txtUsername.Te xt.ToString(),c hkPersist.Check ed)); }

and the web.config file in the SecureSite dir:
<authorization> <deny users="?" /></authorization>

The problem is...

The code authorizes the user... it even runs Response.Redire ct, with the correct page, but the page goes back to the login form endlessly... Do i
have a config file setting wrong? What do you think?
Any ideas?

Thanks,
Gavin Stevens
ga***@yourcompu ter.com

Nov 18 '05 #5
The main problem actually seems to be the path setting in the forms tag -
try setting up a project and include the path setting, and you should find
that you can reproduce the behaviour Gavin mentions.

I agree about the use of GetAuthCookie, etc. I usually just let the
RedirectFromLog inPage function create the cookie for me.

You can do the web.config your way, but you can also have web.configs at
different levels - which some people prefer to do. In any case, this isn't
the cause of the problem.

Cheers,
Pete

"Viktor Jevdokimov" <vj*********@ho tmail.com> wrote in message
news:OD******** *****@TK2MSFTNG P12.phx.gbl...
First, I don't see in your code, where did you set the Auth cookie? Use
FormsAuthentica tion.SetAuthCoo kie, not GetAuthCookie.
You do not have to set manually an expiration on that cookie - it is done in the web.config.

Second - Problem is actually here - do you run 2 applications (I see 2
web.config files)? You don't have to. Just configure you first web.config
appropriately:
<?xml version="1.0"?>
<configuratio n>

<-- This is for you public part -->
<system.web>
..
<authenticati on mode="Forms">
<forms loginUrl="login .aspx" name="MyAuthCoo kie" timeout="30" /> </authentication>
<authorizatio n>
<allow users="*" />
</authorization>
...
</system.web>
...

<-- This is for you secure part -->
<location path="SecureSit e/">
<system.web>
...
<authenticati on mode="Forms">
<forms loginUrl="login .aspx" name="MyAuthCoo kie"
timeout="30" />
</authentication>
<authorizatio n>
<deny users="?" />
</authorization>
...
</system.web>
</location>

</configuration>

"Gavin Stevens" <an*******@disc ussions.microso ft.com> wrote in message
news:9C******** *************** ***********@mic rosoft.com...
I'm trying to figure out the ASP.NET Forms Auth.

I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want

to manually authenticate users to provide acess.

My project has 2 web.config files... the default file:
<authenticati on mode="Forms"><f orms loginUrl="Login .aspx" protection="All " timeout="30"
path="/SecureSite"/></authentication> <authorization> <allow users="?"
/></authorization>

This allows users accress to my default page, reg page and a few others...
if the user clicks on a link that takes them to the SecureSite dir, my

app auto navaigates to the login page.

on the login button:

cCustomer oCust = new cCustomer();

if (oCust.LoginCus tomer(txtUserna me.Text.ToStrin g(),

txtPassword.Tex t.ToString()) ==true)
{
HttpCookie cookie = FormsAuthentica tion.GetAuthCoo kie

(txtUsername.Te xt.ToString(),c hkPersist.Check ed);
cookie.Expires = DateTime.Now.Ad d(new TimeSpan(30, 12, 30, 0));
Response.Cookie s.Add (cookie);
Response.Redire ct (FormsAuthentic ation.GetRedire ctUrl

(txtUsername.Te xt.ToString(),c hkPersist.Check ed));
}

and the web.config file in the SecureSite dir:
<authorization> <deny users="?" /></authorization>

The problem is...

The code authorizes the user... it even runs Response.Redire ct, with the

correct page, but the page goes back to the login form endlessly... Do i
have a config file setting wrong? What do you think?

Any ideas?

Thanks,
Gavin Stevens
ga***@yourcompu ter.com


Nov 18 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
4831
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms Authentication set up and it worked just fine. Then I realized that I needed to have some pages unsecure. I then created 2 directories. One named Secure and the other named Public. I placed my web.config file in my
3
4867
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be protected by forms authentication. When I create forms authentication at root level it works but when I move my code up to the subfolder I get this error: Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
2
2509
by: Eric | last post by:
I am trying to build an app where the stuff in the root directory is open to all, but anything under the Restricted directory requires you to login and I want to use Forms to do it. I'm having trouble getting the web.config to work properly. First I tried to have a second web.config in the sub directory with authentication and authorization set to forms, but it blew up. Next, I tried to modify the root web.config in the following manner...
0
4235
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET Applications and owner of Access Microsystems. Doug can be reached at doug@accessmicrosystems.com. --------------------------------------------------------------------------------
7
2045
by: Justin | last post by:
I am trying to password protect a subdirectory using forms authentication. I am using the "Location" tag to specify the directory to be protected. The login.aspx page is in the root directory of the app. Here is the web.config: <location path="Admin"> <system.web> <authentication mode="Forms"> <forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30"> <credentials passwordFormat="Clear"> <user name="Admin"...
5
1664
by: V. Jenks | last post by:
Using forms authentication, can I control which pages and/or directories a user would have access to or is that only available with Windows authentication? Thanks!
4
424
by: =?Utf-8?B?R3V1czEyMw==?= | last post by:
Hi, I created a web site on a remote server. To logon the user must enter a user id and password. The site is uses Forms Authentication. The web config file looks as follows: <configuration> <system.web> <customErrors mode="Off"/>
4
5325
by: Bjorn Sagbakken | last post by:
In a web-application with login creds (user, pwd), these are checked against a user table on a SQL server. On a positive validation I have saved the userID, name, custno and role-settings in a userobject (custom build class) and added this to the session using as session variable like session For all other pages I have added a small test in the page_load event, basically testing if the session != null, but also checking if the...
5
3557
by: Rory Becker | last post by:
Having now created a Custom MembershipProvider that seems to work correctly with my Logon and ChangePassword controls, I am, as they say, a happy bunny. The next stange is to move on to the creation of content which adjusts based on the user. I have several pages which require a user to be logged on and several which do not. Prior to this point in time I have used 2 different master pages. one with a control which checks a session...
1
2582
by: Sean | last post by:
Hi, I've taken over a website, which has an admin section that is currently open. I added Forms Authentication to the admin directory with the using the location section in web.config: <location path="admin"> <system.web> <customErrors mode="Off"/> <authentication mode="Forms"> <forms name=".COOKIEDEMO" loginUrl="login.aspx" protection="All" timeout="60" path="/">
0
9276
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9141
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
9038
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8982
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7895
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6607
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5934
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
1
3140
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
2084
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.