469,582 Members | 2,316 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

home > topics > asp.net > questions > asp.net forms authentication

Post your question to a community of 469,582 developers. It's quick & easy.

ASP.NET Forms Authentication

I'm trying to figure out the ASP.NET Forms Auth

I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want to manually authenticate users to provide acess

My project has 2 web.config files... the default file
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All" timeout="30" path="/SecureSite"/></authentication><authorization><allow users="?" /></authorization

This allows users accress to my default page, reg page and a few others..

if the user clicks on a link that takes them to the SecureSite dir, my app auto navaigates to the login page

on the login button

cCustomer oCust = new cCustomer()

if (oCust.LoginCustomer(txtUsername.Text.ToString(), txtPassword.Text.ToString()) ==true

HttpCookie cookie = FormsAuthentication.GetAuthCookie (txtUsername.Text.ToString(),chkPersist.Checked)
cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 12, 30, 0))
Response.Cookies.Add (cookie)
Response.Redirect (FormsAuthentication.GetRedirectUrl (txtUsername.Text.ToString(),chkPersist.Checked))
and the web.config file in the SecureSite dir
<authorization><deny users="?" /></authorization

The problem is..

The code authorizes the user... it even runs Response.Redirect, with the correct page, but the page goes back to the login form endlessly... Do i have a config file setting wrong? What do you think

Any ideas

Thanks
Gavin Steven
ga***@yourcomputer.com
Nov 18 '05 #1
5 2574
Have you tried using FormsAuthentication.RedirectFromLoginPage, rather than
setting the cookie manually and doing a Response.Redirect? Maybe the cookie
is being lost when Response.Redirect is called directly? (just guessing -
I've never tried it your way)

Pete Beech

"Gavin Stevens" <an*******@discussions.microsoft.com> wrote in message
news:9C**********************************@microsof t.com...
I'm trying to figure out the ASP.NET Forms Auth.

I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want to
manually authenticate users to provide acess.
My project has 2 web.config files... the default file:
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All" timeout="30"
path="/SecureSite"/></authentication><authorization><allow users="?"
/></authorization>
This allows users accress to my default page, reg page and a few others...

if the user clicks on a link that takes them to the SecureSite dir, my app auto navaigates to the login page.
on the login button:

cCustomer oCust = new cCustomer();

if (oCust.LoginCustomer(txtUsername.Text.ToString(), txtPassword.Text.ToString()) ==true) {
HttpCookie cookie = FormsAuthentication.GetAuthCookie (txtUsername.Text.ToString(),chkPersist.Checked); cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 12, 30, 0));
Response.Cookies.Add (cookie);
Response.Redirect (FormsAuthentication.GetRedirectUrl (txtUsername.Text.ToString(),chkPersist.Checked)); }

and the web.config file in the SecureSite dir:
<authorization><deny users="?" /></authorization>

The problem is...

The code authorizes the user... it even runs Response.Redirect, with the correct page, but the page goes back to the login form endlessly... Do i
have a config file setting wrong? What do you think?
Any ideas?

Thanks,
Gavin Stevens
ga***@yourcomputer.com

Nov 18 '05 #2
Yes, I tried that... I'm thinking the problem if more in the way I have the whole thing configured with the web.config files and the site structure rather than the methods... Not sure exactly..

Gavin
Nov 18 '05 #3
I've had a closer look at what you've got - I think the path setting in the
form element is at least part of the problem. The path attribute is not the
path to secure, but the path for the cookie..*

You've already secured the path in the web.config file using the
authorization element - so remove the path attribute from the <forms> tag,
and see if that helps.

Cheers,
Pete Beech
PS. In case that doesn't work, I also usually do the basic authentication
similar to this - i.e:

if (MyAuthenticateMethod(UserName.Text,
UserPassword.Text))
{
FormsAuthentication.RedirectFromLoginPage(UserName .Text,
Persist.Checked);
}

assuming UserName and UserPassword textboxes, and a Persist checkbox
* From the quickstart docs, it states that this is the "path to use for the
issued cookie. The default value is "/" to avoid difficulties with
mismatched case in paths, since browsers are strictly case-sensitive when
returning cookies. Applications in a shared-server environment should use
this directive to maintain private cookies. (Alternatively, they can specify
the path at runtime using the APIs to issue cookies.)"

"Gavin Stevens" <an*******@discussions.microsoft.com> wrote in message
news:55**********************************@microsof t.com...
Yes, I tried that... I'm thinking the problem if more in the way I have the whole thing configured with the web.config files and the site structure
rather than the methods... Not sure exactly...
Gavin

Nov 18 '05 #4
First, I don't see in your code, where did you set the Auth cookie? Use
FormsAuthentication.SetAuthCookie, not GetAuthCookie.
You do not have to set manually an expiration on that cookie - it is done in
the web.config.

Second - Problem is actually here - do you run 2 applications (I see 2
web.config files)? You don't have to. Just configure you first web.config
appropriately:
<?xml version="1.0"?>
<configuration>

<-- This is for you public part -->
<system.web>
...
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="MyAuthCookie" timeout="30" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
...
</system.web>
...

<-- This is for you secure part -->
<location path="SecureSite/">
<system.web>
...
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="MyAuthCookie"
timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
...
</system.web>
</location>

</configuration>

"Gavin Stevens" <an*******@discussions.microsoft.com> wrote in message
news:9C**********************************@microsof t.com...
I'm trying to figure out the ASP.NET Forms Auth.

I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want to
manually authenticate users to provide acess.
My project has 2 web.config files... the default file:
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All" timeout="30"
path="/SecureSite"/></authentication><authorization><allow users="?"
/></authorization>
This allows users accress to my default page, reg page and a few others...

if the user clicks on a link that takes them to the SecureSite dir, my app auto navaigates to the login page.
on the login button:

cCustomer oCust = new cCustomer();

if (oCust.LoginCustomer(txtUsername.Text.ToString(), txtPassword.Text.ToString()) ==true) {
HttpCookie cookie = FormsAuthentication.GetAuthCookie (txtUsername.Text.ToString(),chkPersist.Checked); cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 12, 30, 0));
Response.Cookies.Add (cookie);
Response.Redirect (FormsAuthentication.GetRedirectUrl (txtUsername.Text.ToString(),chkPersist.Checked)); }

and the web.config file in the SecureSite dir:
<authorization><deny users="?" /></authorization>

The problem is...

The code authorizes the user... it even runs Response.Redirect, with the correct page, but the page goes back to the login form endlessly... Do i
have a config file setting wrong? What do you think?
Any ideas?

Thanks,
Gavin Stevens
ga***@yourcomputer.com

Nov 18 '05 #5
The main problem actually seems to be the path setting in the forms tag -
try setting up a project and include the path setting, and you should find
that you can reproduce the behaviour Gavin mentions.

I agree about the use of GetAuthCookie, etc. I usually just let the
RedirectFromLoginPage function create the cookie for me.

You can do the web.config your way, but you can also have web.configs at
different levels - which some people prefer to do. In any case, this isn't
the cause of the problem.

Cheers,
Pete

"Viktor Jevdokimov" <vj*********@hotmail.com> wrote in message
news:OD*************@TK2MSFTNGP12.phx.gbl...
First, I don't see in your code, where did you set the Auth cookie? Use
FormsAuthentication.SetAuthCookie, not GetAuthCookie.
You do not have to set manually an expiration on that cookie - it is done in the web.config.

Second - Problem is actually here - do you run 2 applications (I see 2
web.config files)? You don't have to. Just configure you first web.config
appropriately:
<?xml version="1.0"?>
<configuration>

<-- This is for you public part -->
<system.web>
..
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="MyAuthCookie" timeout="30" /> </authentication>
<authorization>
<allow users="*" />
</authorization>
...
</system.web>
...

<-- This is for you secure part -->
<location path="SecureSite/">
<system.web>
...
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="MyAuthCookie"
timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
...
</system.web>
</location>

</configuration>

"Gavin Stevens" <an*******@discussions.microsoft.com> wrote in message
news:9C**********************************@microsof t.com...
I'm trying to figure out the ASP.NET Forms Auth.

I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want

to manually authenticate users to provide acess.

My project has 2 web.config files... the default file:
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All" timeout="30"
path="/SecureSite"/></authentication><authorization><allow users="?"
/></authorization>

This allows users accress to my default page, reg page and a few others...
if the user clicks on a link that takes them to the SecureSite dir, my

app auto navaigates to the login page.

on the login button:

cCustomer oCust = new cCustomer();

if (oCust.LoginCustomer(txtUsername.Text.ToString(),

txtPassword.Text.ToString()) ==true)
{
HttpCookie cookie = FormsAuthentication.GetAuthCookie

(txtUsername.Text.ToString(),chkPersist.Checked);
cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 12, 30, 0));
Response.Cookies.Add (cookie);
Response.Redirect (FormsAuthentication.GetRedirectUrl

(txtUsername.Text.ToString(),chkPersist.Checked));
}

and the web.config file in the SecureSite dir:
<authorization><deny users="?" /></authorization>

The problem is...

The code authorizes the user... it even runs Response.Redirect, with the

correct page, but the page goes back to the login form endlessly... Do i
have a config file setting wrong? What do you think?

Any ideas?

Thanks,
Gavin Stevens
ga***@yourcomputer.com


Nov 18 '05 #6

This discussion thread is closed

Start new discussion

Replies have been disabled for this discussion.

Similar topics
Forms authentication in a subfolder problem, please help
3 posts views Thread by Kris van der Mast | last post: by
ASP.NET Forms Authentication Best Practices
reply views Thread by Anonieko Ramos | last post: by
Trouble with forms authentication
7 posts views Thread by Justin | last post: by
Forms Auth. Question
5 posts views Thread by V. Jenks | last post: by
Forms Authentication
4 posts views Thread by =?Utf-8?B?R3V1czEyMw==?= | last post: by
Forms authentication vs session variable
4 posts views Thread by Bjorn Sagbakken | last post: by
Forms Authentication vs MembershipProvider
5 posts views Thread by Rory Becker | last post: by
Forms Authentication for single directory
1 post views Thread by Sean | last post: by
Prime numbers
4 posts views Thread by guiromero | last post: by
BYTES.COM © 2021
About Us
Advertise
Terms Of Use
Privacy Policy
Manage Cookies
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates
By using this site, you agree to our Privacy Policy and Terms of Use.