I'm trying to figure out the ASP.NET Forms Auth
I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want to manually authenticate users to provide acess
My project has 2 web.config files... the default file
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All" timeout="30" path="/SecureSite"/></authentication><authorization><allow users="?" /></authorization
This allows users accress to my default page, reg page and a few others..
if the user clicks on a link that takes them to the SecureSite dir, my app auto navaigates to the login page
on the login button
cCustomer oCust = new cCustomer()
if (oCust.LoginCustomer(txtUsername.Text.ToString(), txtPassword.Text.ToString()) ==true
HttpCookie cookie = FormsAuthentication.GetAuthCookie (txtUsername.Text.ToString(),chkPersist.Checked)
cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 12, 30, 0))
Response.Cookies.Add (cookie)
Response.Redirect (FormsAuthentication.GetRedirectUrl (txtUsername.Text.ToString(),chkPersist.Checked))
and the web.config file in the SecureSite dir
<authorization><deny users="?" /></authorization
The problem is..
The code authorizes the user... it even runs Response.Redirect, with the correct page, but the page goes back to the login form endlessly... Do i have a config file setting wrong? What do you think
Any ideas
Thanks
Gavin Steven ga***@yourcomputer.com 5  2829 
Have you tried using FormsAuthentication.RedirectFromLoginPage, rather than
setting the cookie manually and doing a Response.Redirect? Maybe the cookie
is being lost when Response.Redirect is called directly? (just guessing -
I've never tried it your way)
Pete Beech
"Gavin Stevens" <an*******@discussions.microsoft.com> wrote in message
news:9C**********************************@microsof t.com... I'm trying to figure out the ASP.NET Forms Auth.
I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5
or 6 pages I placed in another directory in the webproject. These I want to
manually authenticate users to provide acess.
My project has 2 web.config files... the default file:
<authentication mode="Forms"><forms loginUrl="Login.aspx"
protection="All" timeout="30"
path="/SecureSite"/></authentication><authorization><allow users="?"
/></authorization>
This allows users accress to my default page, reg page and a few others...
if the user clicks on a link that takes them to the SecureSite dir, my app
auto navaigates to the login page.
on the login button:
cCustomer oCust = new cCustomer();
if (oCust.LoginCustomer(txtUsername.Text.ToString(),
txtPassword.Text.ToString()) ==true) {
HttpCookie cookie = FormsAuthentication.GetAuthCookie
(txtUsername.Text.ToString(),chkPersist.Checked); cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 12, 30, 0));
Response.Cookies.Add (cookie);
Response.Redirect (FormsAuthentication.GetRedirectUrl
(txtUsername.Text.ToString(),chkPersist.Checked)); }
and the web.config file in the SecureSite dir:
<authorization><deny users="?" /></authorization>
The problem is...
The code authorizes the user... it even runs Response.Redirect, with the
correct page, but the page goes back to the login form endlessly... Do i
have a config file setting wrong? What do you think?
Any ideas?
Thanks,
Gavin Stevens
ga***@yourcomputer.com
Yes, I tried that... I'm thinking the problem if more in the way I have the whole thing configured with the web.config files and the site structure rather than the methods... Not sure exactly..
Gavin
I've had a closer look at what you've got - I think the path setting in the
form element is at least part of the problem. The path attribute is not the
path to secure, but the path for the cookie..*
You've already secured the path in the web.config file using the
authorization element - so remove the path attribute from the <forms> tag,
and see if that helps.
Cheers,
Pete Beech
PS. In case that doesn't work, I also usually do the basic authentication
similar to this - i.e:
if (MyAuthenticateMethod(UserName.Text,
UserPassword.Text))
{
FormsAuthentication.RedirectFromLoginPage(UserName .Text,
Persist.Checked);
}
assuming UserName and UserPassword textboxes, and a Persist checkbox
* From the quickstart docs, it states that this is the "path to use for the
issued cookie. The default value is "/" to avoid difficulties with
mismatched case in paths, since browsers are strictly case-sensitive when
returning cookies. Applications in a shared-server environment should use
this directive to maintain private cookies. (Alternatively, they can specify
the path at runtime using the APIs to issue cookies.)"
"Gavin Stevens" <an*******@discussions.microsoft.com> wrote in message
news:55**********************************@microsof t.com... Yes, I tried that... I'm thinking the problem if more in the way I have
the whole thing configured with the web.config files and the site structure
rather than the methods... Not sure exactly...
Gavin
First, I don't see in your code, where did you set the Auth cookie? Use
FormsAuthentication.SetAuthCookie, not GetAuthCookie.
You do not have to set manually an expiration on that cookie - it is done in
the web.config.
Second - Problem is actually here - do you run 2 applications (I see 2
web.config files)? You don't have to. Just configure you first web.config
appropriately:
<?xml version="1.0"?>
<configuration>
<-- This is for you public part -->
<system.web>
...
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="MyAuthCookie" timeout="30" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
...
</system.web>
...
<-- This is for you secure part -->
<location path="SecureSite/">
<system.web>
...
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="MyAuthCookie"
timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
...
</system.web>
</location>
</configuration>
"Gavin Stevens" <an*******@discussions.microsoft.com> wrote in message
news:9C**********************************@microsof t.com... I'm trying to figure out the ASP.NET Forms Auth.
I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5
or 6 pages I placed in another directory in the webproject. These I want to
manually authenticate users to provide acess.
My project has 2 web.config files... the default file:
<authentication mode="Forms"><forms loginUrl="Login.aspx"
protection="All" timeout="30"
path="/SecureSite"/></authentication><authorization><allow users="?"
/></authorization>
This allows users accress to my default page, reg page and a few others...
if the user clicks on a link that takes them to the SecureSite dir, my app
auto navaigates to the login page.
on the login button:
cCustomer oCust = new cCustomer();
if (oCust.LoginCustomer(txtUsername.Text.ToString(),
txtPassword.Text.ToString()) ==true) {
HttpCookie cookie = FormsAuthentication.GetAuthCookie
(txtUsername.Text.ToString(),chkPersist.Checked); cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 12, 30, 0));
Response.Cookies.Add (cookie);
Response.Redirect (FormsAuthentication.GetRedirectUrl
(txtUsername.Text.ToString(),chkPersist.Checked)); }
and the web.config file in the SecureSite dir:
<authorization><deny users="?" /></authorization>
The problem is...
The code authorizes the user... it even runs Response.Redirect, with the
correct page, but the page goes back to the login form endlessly... Do i
have a config file setting wrong? What do you think?
Any ideas?
Thanks,
Gavin Stevens
ga***@yourcomputer.com
The main problem actually seems to be the path setting in the forms tag -
try setting up a project and include the path setting, and you should find
that you can reproduce the behaviour Gavin mentions.
I agree about the use of GetAuthCookie, etc. I usually just let the
RedirectFromLoginPage function create the cookie for me.
You can do the web.config your way, but you can also have web.configs at
different levels - which some people prefer to do. In any case, this isn't
the cause of the problem.
Cheers,
Pete
"Viktor Jevdokimov" <vj*********@hotmail.com> wrote in message
news:OD*************@TK2MSFTNGP12.phx.gbl... First, I don't see in your code, where did you set the Auth cookie? Use
FormsAuthentication.SetAuthCookie, not GetAuthCookie.
You do not have to set manually an expiration on that cookie - it is done
in the web.config.
Second - Problem is actually here - do you run 2 applications (I see 2
web.config files)? You don't have to. Just configure you first web.config
appropriately:
<?xml version="1.0"?>
<configuration>
<-- This is for you public part -->
<system.web>
..
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="MyAuthCookie" timeout="30"
/> </authentication>
<authorization>
<allow users="*" />
</authorization>
...
</system.web>
...
<-- This is for you secure part -->
<location path="SecureSite/">
<system.web>
...
<authentication mode="Forms">
<forms loginUrl="login.aspx" name="MyAuthCookie"
timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
...
</system.web>
</location>
</configuration>
"Gavin Stevens" <an*******@discussions.microsoft.com> wrote in message
news:9C**********************************@microsof t.com... I'm trying to figure out the ASP.NET Forms Auth.
I have 3 or 4 pages i want to allow anonymous access to.. Then I have 5 or 6 pages I placed in another directory in the webproject. These I want
to manually authenticate users to provide acess.
My project has 2 web.config files... the default file:
<authentication mode="Forms"><forms loginUrl="Login.aspx" protection="All" timeout="30"
path="/SecureSite"/></authentication><authorization><allow users="?"
/></authorization>
This allows users accress to my default page, reg page and a few
others...
if the user clicks on a link that takes them to the SecureSite dir, my
app auto navaigates to the login page.
on the login button:
cCustomer oCust = new cCustomer();
if (oCust.LoginCustomer(txtUsername.Text.ToString(),
txtPassword.Text.ToString()) ==true) {
HttpCookie cookie = FormsAuthentication.GetAuthCookie
(txtUsername.Text.ToString(),chkPersist.Checked); cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 12, 30, 0));
Response.Cookies.Add (cookie);
Response.Redirect (FormsAuthentication.GetRedirectUrl
(txtUsername.Text.ToString(),chkPersist.Checked)); }
and the web.config file in the SecureSite dir:
<authorization><deny users="?" /></authorization>
The problem is...
The code authorizes the user... it even runs Response.Redirect, with the
correct page, but the page goes back to the login form endlessly... Do i
have a config file setting wrong? What do you think?
Any ideas?
Thanks,
Gavin Stevens
ga***@yourcomputer.com
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms...
|
by: Kris van der Mast |
last post by:
Hi,
I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be...
|
by: Eric |
last post by:
I am trying to build an app where the stuff in the root directory is open to
all, but anything under the Restricted directory requires you to login and I
want to use Forms to do it. I'm having...
|
by: Anonieko Ramos |
last post by:
ASP.NET Forms Authentication Best Practices
Dr. Dobb's Journal February 2004
Protecting user information is critical
By Douglas Reilly
Douglas is the author of Designing Microsoft ASP.NET...
|
by: Justin |
last post by:
I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of...
|
by: V. Jenks |
last post by:
Using forms authentication, can I control which pages
and/or directories a user would have access to or is that
only available with Windows authentication?
Thanks!
|
by: =?Utf-8?B?R3V1czEyMw==?= |
last post by:
Hi,
I created a web site on a remote server. To logon the user must enter a user
id and password. The site is uses Forms Authentication.
The web config file looks as follows:
...
|
by: Bjorn Sagbakken |
last post by:
In a web-application with login creds (user, pwd), these are checked against
a user table on a SQL server. On a positive validation I have saved the
userID, name, custno and role-settings in a...
|
by: Rory Becker |
last post by:
Having now created a Custom MembershipProvider that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.
The next stange is to move on to the...
|
by: Sean |
last post by:
Hi, I've taken over a website, which has an admin section that is
currently open. I added Forms Authentication to the admin directory
with the using the location section in web.config:
...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
