I am testing ASP.NET 2.0 Forms athentication with user credentials in
SQL Server 2005. I don't want to put user credentials in web.config,
so the credentials section is commented out. The following is the
relevant part in my web.config.
<authenticati on mode="Forms">
<forms name=".MyWebApp Auth"
path="/"
loginUrl="Defau lt.aspx"
protection="All "
timeout="30">
<!-- I will get username
and password from SQL Server.
<credentials>
<user name="myusernam e" password="mypas sword"/>
</credentials>
-->
</forms>
</authentication>
<!-- keep out anonymous users -->
<authorizatio n>
<deny users="?"/>
</authorization>
My login page is Default.aspx as you see from above. The code-behind
of Default.aspx, i.e., Default.aspx.cs , calls a stored procedure in
SQL Server 2005, which takes the user name and password as its
parameters. It returns 1 if the username/password pair is found,
otherwise, it returns 0.
In Default.aspx.cs , I say:
if (validateUser(n ame, password) == 1)
{
Response.Redire ct("UserProfile .aspx");
}
else
{
// authentication failed. show a message
lblMessage.Text = "Invalid username/password."
}
validateUser is simply a method I implement to validate the user. I
know the login process itself works OK. In other words, validateUser
method does return 1 if the username/password pair is found in the
database, and it does return 0 if the username/password pair is not
found.
But, the user is kicked back to Default.aspx immediately after he is
redirected to UserProfile.asp x.
This must have to do with the section in web.config, which says:
<!-- keep out anonymous users -->
<authorizatio n>
<deny users="?"/>
</authorization>
Because if I comment out this section, the user can be successfully
redirected to UserProfile.asp x and stays on that page nicely.
So, apparently, my user login satus is not maintained in the
application.
I cannot google out topics on maintaining user login status. Please
give me a hint. Thanks a lot.