Problem with Forms Authentication

Rob

I'm not sure if I'm missing something but my forms authentication
doesn't work. I'm trying to access my page and I should be redirected to
login.aspx but it just let's me access the page.

Here's my web.config code:

<authenticati on mode="Forms">
<forms name="login" loginUrl="login .aspx" protection="All "
timeout="15" />
</authentication>

<authorizatio n>
<allow users="*" />
<deny users="?" />
</authorization>

My login page takes care of the login information:

Dim sql As String
sql = "SELECT username FROM contacts WHERE username ='" &
txtUsername.Tex t & "' AND password ='" & txtPassword.Tex t & "'"
Dim cn As SqlConnection = New
SqlConnection(C onfigurationSet tings.AppSettin gs("CONN_STRING "))
Dim comm As SqlCommand = New SqlCommand(sql, cn)
comm.Connection .Open()
Dim reader As SqlDataReader =
comm.ExecuteRea der(CommandBeha vior.CloseConne ction)

If reader.Read() Then
FormsAuthentica tion.RedirectFr omLoginPage(txt Username.Text, True)
Else
lblMessage.Text = "Invalid User"
End If

This web config is in the same folder as my web pages so if I should try
to access "page1.aspx ", I should be redirected to login.aspx.

Am I not correct or am I missing something.

Thanks for you help.

Rob

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #1

Subscribe Reply

1588

Greg Burns

I believe is should be:

<authorizatio n>
<deny users="?" />
</authorization>

Greg

"Rob" <rv******@hotma il.com> wrote in message
news:%2******** ********@TK2MSF TNGP14.phx.gbl. ..

I'm not sure if I'm missing something but my forms authentication
doesn't work. I'm trying to access my page and I should be redirected to
login.aspx but it just let's me access the page.

Here's my web.config code:

<authenticati on mode="Forms">
<forms name="login" loginUrl="login .aspx" protection="All "
timeout="15" />
</authentication>

<authorizatio n>
<allow users="*" />
<deny users="?" />
</authorization>

My login page takes care of the login information:

Dim sql As String
sql = "SELECT username FROM contacts WHERE username ='" &
txtUsername.Tex t & "' AND password ='" & txtPassword.Tex t & "'"
Dim cn As SqlConnection = New
SqlConnection(C onfigurationSet tings.AppSettin gs("CONN_STRING "))
Dim comm As SqlCommand = New SqlCommand(sql, cn)
comm.Connection .Open()
Dim reader As SqlDataReader =
comm.ExecuteRea der(CommandBeha vior.CloseConne ction)

If reader.Read() Then
FormsAuthentica tion.RedirectFr omLoginPage(txt Username.Text, True)
Else
lblMessage.Text = "Invalid User"
End If

This web config is in the same folder as my web pages so if I should try
to access "page1.aspx ", I should be redirected to login.aspx.

Am I not correct or am I missing something.

Thanks for you help.

Rob

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #2

Lucas Tam

Rob <rv******@hotma il.com> wrote in news:#sLU2TUlEH A.3816
@TK2MSFTNGP14.p hx.gbl:

<authorizatio n>
<allow users="*" />
<deny users="?" />
</authorization>
Remote allow user="*". You're telling Forms Auth to allow all users access.

If reader.Read() Then
FormsAuthentica tion.RedirectFr omLoginPage(txt Username.Text, True)
Else
lblMessage.Text = "Invalid User"
End If

You should do a reader.close before redirecting. Otherwise you'll have a
connection leak.
--
Lucas Tam (RE********@rog ers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Nov 18 '05 #3

Rob

Thanks guys,
I made the change you suggested and it still allows me to access the
page???

Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #4

Greg Burns

Can you post your web.config?

Greg

"Rob" <rv******@hotma il.com> wrote in message
news:eM******** ******@TK2MSFTN GP09.phx.gbl...

Thanks guys,
I made the change you suggested and it still allows me to access the
page???

Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #5

Rob

This is my web.config file. I've removed the comments for clarity.

<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>
<appSettings>
<add key=.../>
<add key=.../>
</appSettings>

<system.web>
<compilation defaultLanguage ="vb" debug="true" />
<customErrors mode="RemoteOnl y" />
<authenticati on mode="Forms">
<forms name="login" loginUrl="login .aspx" protection="All "
timeout="15" />
</authentication>

<authorizatio n>
<deny users="?" />
</authorization>

<trace enabled="false" requestLimit="1 0" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />
<sessionState
mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424"
sqlConnectionSt ring="data source=127.0.0. 1;user
id=sa;password= "
cookieless="fal se"
timeout="20"
/>

<globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8"
/>

</system.web>

</configuration>

Thanks
Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #6

Greg Burns

The page you can access without it redirecting you to login.aspx, it is
still page1.aspx right? Forms authentication will not stop you from viewing
..html files. (grasping here)

You do have anonymous access turned on for the virtual directory (in IIS,
this is the default). This web.config is in the root directory of your
virtual directory right?

<forms name="login" loginUrl="login .aspx" protection="All " timeout="15" />

(you don't need protect="All", that is the default)

Everything looks ok to me. I dunno what is wrong.

Greg
"Rob" <rv******@hotma il.com> wrote in message
news:OK******** ******@TK2MSFTN GP09.phx.gbl...

This is my web.config file. I've removed the comments for clarity.

<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>
<appSettings>
<add key=.../>
<add key=.../>
</appSettings>

<system.web>
<compilation defaultLanguage ="vb" debug="true" />
<customErrors mode="RemoteOnl y" />
<authenticati on mode="Forms">
<forms name="login" loginUrl="login .aspx" protection="All "
timeout="15" />
</authentication>

<authorizatio n>
<deny users="?" />
</authorization>

<trace enabled="false" requestLimit="1 0" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />
<sessionState
mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424"
sqlConnectionSt ring="data source=127.0.0. 1;user
id=sa;password= "
cookieless="fal se"
timeout="20"
/>

<globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8"
/>

</system.web>

</configuration>

Thanks
Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #7

Rob

Ya, you're right in all cases. I'll keep trying and if I figure it out,
I'll post the results. Thanks for your help.

Rob

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #8

Similar topics

2521

web.config and forms authentication problem

by: MJ | last post by:

I'm building an application that has a file structure similar to the following: /myapp/user_login.aspx /myapp/user_page_1.aspx /myapp/user_page_2.aspx /myapp/user_page_3.aspx /myapp/admin/admin_login.aspx /myapp/admin/admin_page_1.aspx /myapp/admin/admin_page_2.aspx

.NET Framework

1730

Problem in forms auth, not going back to members page

by: Senthil | last post by:

1. Created a new C# web application project 2. Change the name of webform1 to login.aspx 3. And in the .cs file change the name of the class to login, and include System.web.security namespace. 4. Place a textbox and a button in the login.aspx form. 5. Have the following code in the button click event. if (true) { FormsAuthentication.RedirectFromLoginPage(TextBox1.Text, false)

.NET Framework

3603

Forms Authentication Problem

by: ElmoWatson | last post by:

I tried on the Security newgroup, as well as other places, and haven't gotten an answer yet - - I'm pulling my hair out over this one. I'm trying to get Forms Authentication working.....I can get any requested page to automatically go to the Login.aspx page, AND, the ReturnURL querystring is correct in the address bar, but no matter what, I can't get it, once the user is authenticated, to redirect to the new page. It ALWAYS refreshes the...

ASP.NET

2470

Problem with Forms Authentication cookies

by: Scott | last post by:

Hi, We're having an issue with Forms Authentication cookies being treated as expired / invalid, and being deleted. This is causing our intranet users a great deal of pain - Running IIS 5.0 on Win2k Server - Forms Authentication is setup with a timeout value of 45 minutes in web.config - Session timeout is set to 45 minutes in web.config

ASP.NET

4871

Forms authentication in a subfolder problem, please help

by: Kris van der Mast | last post by:

Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be protected by forms authentication. When I create forms authentication at root level it works but when I move my code up to the subfolder I get this error: Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.

ASP.NET

1770

Problem with Excel template

by: Karen A Hodge | last post by:

I have a website that has an Excel template. The template contains 3 QueryTables. The template is located on the web server. I would like to refresh the data prior to the user opening the template from the website. This is the code: wb = excelApp.Workbooks.Add(FilePath) wb.RefreshAll() wb.Save() excelApp.Quit() .... User opens template

ASP.NET

1334

A little problem with Forms authentication :-(

by: Simon Harvey | last post by:

Hi All, I'm hoping somebody could help me with the following problem. I'm using forms authentication and the user is getting authenticated no problem. Once authenticated the user can look at all the appropriate pages and so on. When the user is inactive for a set period of time, I want their authentication ticket to expire. As I understand it, the next time the

ASP.NET

6452

Problem with ASP.NET 2.0 Location override of Forms Authentication settings

by: n33470 | last post by:

Hi all, We have an asp.net 1.1 app that we're in the process of converting to 2.0. What I'm about to describe runs just great in the 1.1 framework, but does not work in the 2.0 framework. This app uses forms authentication and denies all unauthenticated users. There is a location override in the web.config so that we can open up a directory for unauthenticated users to create a login account. There is only 1 web.config in the...

ASP.NET

1771

Forms Authentication problem

by: David | last post by:

Hi all, I have a problem with Forms Auth. I am not using the protected folder method, rather, I want some parts of the page to be shown depending on the authentication state. Basically, I have a dashboard application. In the dashboard, I have various hyperlinks and linkbuttons. I have also created roles and each user will be assigned a role and the buttons in the dashboard will depend on the role. If the person is not authenticated,...

ASP.NET

3404

Authentifation failure. (remoting problem)

by: Kristian Reukauff | last post by:

Hi I have a problem with the .Net-Securty-Functions. I've got a client and a server. When I try to register a channel at the server with this line: ChannelServices.RegisterChannel(chan, false); I get the following error - doesn't matter if I try it local from my machine or from a remote machine. (After the Errormessage is more text ;))

C# / C Sharp

9480

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

10315

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

10083

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8968

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6737

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

5511

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

4044

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

3645

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP

2877

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General