473,699 Members | 2,625 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Forms authentication not working

Hi, I'm adding a security layer to a companies intranet pages. I have
created a login page, using the Asp.Net 2 login control, and am using
Forms Authentication. I have set the <formstimeout attribute to
5mins, as they don't want anyone to be able to view the secure pages
without logging in. It works fine when I build the project and run
through Visual Studio, redirecting to the login page after timeout.
However, since publishing the website and moving it to a server, the
timeout is now having no effect at all - coming back to the page after
20mins idle, you can click a link and it goes there, with no redirect.
I have tried closing the browser, and then opening it again - you can
simply type the url of a page in the secure section and it loads up,
without having to login again.

Any suggestions gratefully received!

Mat

Sep 13 '06 #1
4 1612

Sep 13 '06 #2
Mat,

Although I'm using 1.1 Forms Auth I had a few gotcha's.....

Login.aspx FormsAuthentica tion.Initialize ()

Although I have a login page, its purpose is to either login w/an ID or via
querystring passing in the ID.

My formsAuth method is contained in my Common.vb for reusability in other
web projects.

PageLoad event for all pages....

'Check security token
If Not Session("securi tyToken") Is Nothing Then
If Not CType(Session(" securityToken") ,
Common.Security Token).IsLogged In Then
Response.Redire ct("./LogOut.aspx")
End If
Else : Response.Redire ct("./LogOut.aspx")
End If

I'm not sure if this helps but in my searching there were many suggestions
that there may also be an issue w/the machine.config

HTH

JeffP....

<mw****@mbasys. co.ukwrote in message
news:11******** **************@ e63g2000cwd.goo glegroups.com.. .
Hi, I'm adding a security layer to a companies intranet pages. I have
created a login page, using the Asp.Net 2 login control, and am using
Forms Authentication. I have set the <formstimeout attribute to
5mins, as they don't want anyone to be able to view the secure pages
without logging in. It works fine when I build the project and run
through Visual Studio, redirecting to the login page after timeout.
However, since publishing the website and moving it to a server, the
timeout is now having no effect at all - coming back to the page after
20mins idle, you can click a link and it goes there, with no redirect.
I have tried closing the browser, and then opening it again - you can
simply type the url of a page in the secure section and it loads up,
without having to login again.

Any suggestions gratefully received!

Mat

Sep 13 '06 #3
Hi,
thanks for the reply. I found an article
http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/ that I think
explains the problem - basically, forms authentication does not apply
to .htm and .html files since they are not ASP.NET filetypes, so it
does not even see requests to the pages and therefore cannot act on
them. The site I'm working on is very old, and made entirely of .htm
files - my login page is the only .aspx file there is!

Mat

Sep 13 '06 #4
Mat, Since it is htm, prehaps you could write an aspx wrapper for the entire
site and javaScript to check for isLoggedIn, or use a VB6 dll that checks
the cookie... good luck.... JeffP...

<mw****@mbasys. co.ukwrote in message
news:11******** **************@ b28g2000cwb.goo glegroups.com.. .
Hi,
thanks for the reply. I found an article
http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/ that I think
explains the problem - basically, forms authentication does not apply
to .htm and .html files since they are not ASP.NET filetypes, so it
does not even see requests to the pages and therefore cannot act on
them. The site I'm working on is very old, and made entirely of .htm
files - my login page is the only .aspx file there is!

Mat

Sep 13 '06 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
1722
by: Senthil | last post by:
1. Created a new C# web application project 2. Change the name of webform1 to login.aspx 3. And in the .cs file change the name of the class to login, and include System.web.security namespace. 4. Place a textbox and a button in the login.aspx form. 5. Have the following code in the button click event. if (true) { FormsAuthentication.RedirectFromLoginPage(TextBox1.Text, false)
11
3580
by: ElmoWatson | last post by:
I tried on the Security newgroup, as well as other places, and haven't gotten an answer yet - - I'm pulling my hair out over this one. I'm trying to get Forms Authentication working.....I can get any requested page to automatically go to the Login.aspx page, AND, the ReturnURL querystring is correct in the address bar, but no matter what, I can't get it, once the user is authenticated, to redirect to the new page. It ALWAYS refreshes the...
2
1275
by: Kian Goh | last post by:
Hi there, I am trying to use an entry level security for my resources website. I followed the procedures in the MS published Self-Paced Training Kit, everything seems working as expected. However, I found that the authentication cookie never expires. I thought the default timeout is 30 minutes. Please tell me if I miss any step...
3
4739
by: Martin | last post by:
Dear fellow ASP.NET programmer, I stared using forms authentication and temporarily used a <credentials> tag in web.config. After I got it working I realized this wasn't really practical. I cannot write to web.config so I cannot dynamically update the credentials while the site is up. Since the FormsAuthentication.Authenticate() method's documentations claims the following: "Attempts to validate the credentials against those contained...
2
2507
by: Eric | last post by:
I am trying to build an app where the stuff in the root directory is open to all, but anything under the Restricted directory requires you to login and I want to use Forms to do it. I'm having trouble getting the web.config to work properly. First I tried to have a second web.config in the sub directory with authentication and authorization set to forms, but it blew up. Next, I tried to modify the root web.config in the following manner...
3
5502
by: Andrew Robinson | last post by:
Is there any way to dynamically set the timeout while using forms based authentication? I want to change this value depending on the type of user that logs into my system. I understand that this value lives in the config file but can I change it in code? Thanks, -Andy
4
424
by: =?Utf-8?B?R3V1czEyMw==?= | last post by:
Hi, I created a web site on a remote server. To logon the user must enter a user id and password. The site is uses Forms Authentication. The web config file looks as follows: <configuration> <system.web> <customErrors mode="Off"/>
2
1875
by: Max2006 | last post by:
Hi, We prefer ASP.NET Forms Authentication in our ASP.NET 3.5 application; however we have to use Active Directory for user name and password storage. Is that possible? Is there any sample application to do this? Thank you, Max
5
3553
by: Rory Becker | last post by:
Having now created a Custom MembershipProvider that seems to work correctly with my Logon and ChangePassword controls, I am, as they say, a happy bunny. The next stange is to move on to the creation of content which adjusts based on the user. I have several pages which require a user to be logged on and several which do not. Prior to this point in time I have used 2 different master pages. one with a control which checks a session...
3
7218
by: =?Utf-8?B?TWlrZSBDb2xsaW5z?= | last post by:
I have a web application that I started building. I created a master page with some javascript in the head: <script src="<%# Request.ApplicationPath%>/Scripts/Main.js" type="text/javascript"></script> I am also using themes and set my default theme in webconfig: <pages theme="Default"> <controls>
0
9174
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9034
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8914
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8883
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
7750
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6534
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4629
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3057
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2347
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.