471,074 Members | 1,411 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,074 software developers and data experts.

Problem with Forms Authentication

Rob
I'm not sure if I'm missing something but my forms authentication
doesn't work. I'm trying to access my page and I should be redirected to
login.aspx but it just let's me access the page.

Here's my web.config code:

<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>

My login page takes care of the login information:

Dim sql As String
sql = "SELECT username FROM contacts WHERE username ='" &
txtUsername.Text & "' AND password ='" & txtPassword.Text & "'"
Dim cn As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings("C ONN_STRING"))
Dim comm As SqlCommand = New SqlCommand(sql, cn)
comm.Connection.Open()
Dim reader As SqlDataReader =
comm.ExecuteReader(CommandBehavior.CloseConnection )

If reader.Read() Then
FormsAuthentication.RedirectFromLoginPage(txtUsern ame.Text, True)
Else
lblMessage.Text = "Invalid User"
End If

This web config is in the same folder as my web pages so if I should try
to access "page1.aspx", I should be redirected to login.aspx.

Am I not correct or am I missing something.

Thanks for you help.

Rob

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #1
7 1509
I believe is should be:

<authorization>
<deny users="?" />
</authorization>

Greg

"Rob" <rv******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...
I'm not sure if I'm missing something but my forms authentication
doesn't work. I'm trying to access my page and I should be redirected to
login.aspx but it just let's me access the page.

Here's my web.config code:

<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>

My login page takes care of the login information:

Dim sql As String
sql = "SELECT username FROM contacts WHERE username ='" &
txtUsername.Text & "' AND password ='" & txtPassword.Text & "'"
Dim cn As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings("C ONN_STRING"))
Dim comm As SqlCommand = New SqlCommand(sql, cn)
comm.Connection.Open()
Dim reader As SqlDataReader =
comm.ExecuteReader(CommandBehavior.CloseConnection )

If reader.Read() Then
FormsAuthentication.RedirectFromLoginPage(txtUsern ame.Text, True)
Else
lblMessage.Text = "Invalid User"
End If

This web config is in the same folder as my web pages so if I should try
to access "page1.aspx", I should be redirected to login.aspx.

Am I not correct or am I missing something.

Thanks for you help.

Rob

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #2
Rob <rv******@hotmail.com> wrote in news:#sLU2TUlEHA.3816
@TK2MSFTNGP14.phx.gbl:
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
Remote allow user="*". You're telling Forms Auth to allow all users access.

If reader.Read() Then
FormsAuthentication.RedirectFromLoginPage(txtUsern ame.Text, True)
Else
lblMessage.Text = "Invalid User"
End If


You should do a reader.close before redirecting. Otherwise you'll have a
connection leak.
--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/
Nov 18 '05 #3
Rob

Thanks guys,
I made the change you suggested and it still allows me to access the
page???

Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #4
Can you post your web.config?

Greg

"Rob" <rv******@hotmail.com> wrote in message
news:eM**************@TK2MSFTNGP09.phx.gbl...

Thanks guys,
I made the change you suggested and it still allows me to access the
page???

Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #5
Rob

This is my web.config file. I've removed the comments for clarity.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key=.../>
<add key=.../>
</appSettings>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password="
cookieless="false"
timeout="20"
/>

<globalization requestEncoding="utf-8" responseEncoding="utf-8"
/>

</system.web>

</configuration>

Thanks
Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #6
The page you can access without it redirecting you to login.aspx, it is
still page1.aspx right? Forms authentication will not stop you from viewing
..html files. (grasping here)

You do have anonymous access turned on for the virtual directory (in IIS,
this is the default). This web.config is in the root directory of your
virtual directory right?

<forms name="login" loginUrl="login.aspx" protection="All" timeout="15" />

(you don't need protect="All", that is the default)

Everything looks ok to me. I dunno what is wrong.

Greg
"Rob" <rv******@hotmail.com> wrote in message
news:OK**************@TK2MSFTNGP09.phx.gbl...

This is my web.config file. I've removed the comments for clarity.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key=.../>
<add key=.../>
</appSettings>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password="
cookieless="false"
timeout="20"
/>

<globalization requestEncoding="utf-8" responseEncoding="utf-8"
/>

</system.web>

</configuration>

Thanks
Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #7
Rob
Ya, you're right in all cases. I'll keep trying and if I figure it out,
I'll post the results. Thanks for your help.

Rob

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 18 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

11 posts views Thread by ElmoWatson | last post: by
1 post views Thread by Scott | last post: by
3 posts views Thread by Kris van der Mast | last post: by
3 posts views Thread by Karen A Hodge | last post: by
3 posts views Thread by Simon Harvey | last post: by
4 posts views Thread by David | last post: by
reply views Thread by Kristian Reukauff | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.