Problem with Forms Authentication

Rob

I'm not sure if I'm missing something but my forms authentication
doesn't work. I'm trying to access my page and I should be redirected to
login.aspx but it just let's me access the page.

Here's my web.config code:

<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>

My login page takes care of the login information:

Dim sql As String
sql = "SELECT username FROM contacts WHERE username ='" &
txtUsername.Text & "' AND password ='" & txtPassword.Text & "'"
Dim cn As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings("C ONN_STRING"))
Dim comm As SqlCommand = New SqlCommand(sql, cn)
comm.Connection.Open()
Dim reader As SqlDataReader =
comm.ExecuteReader(CommandBehavior.CloseConnection )

If reader.Read() Then
FormsAuthentication.RedirectFromLoginPage(txtUsern ame.Text, True)
Else
lblMessage.Text = "Invalid User"
End If

This web config is in the same folder as my web pages so if I should try
to access "page1.aspx", I should be redirected to login.aspx.

Am I not correct or am I missing something.

Thanks for you help.

Rob

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #1

Subscribe Post Reply

1572

Greg Burns

I believe is should be:

<authorization>
<deny users="?" />
</authorization>

Greg

"Rob" <rv******@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl...

I'm not sure if I'm missing something but my forms authentication
doesn't work. I'm trying to access my page and I should be redirected to
login.aspx but it just let's me access the page.

Here's my web.config code:

<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>

My login page takes care of the login information:

Dim sql As String
sql = "SELECT username FROM contacts WHERE username ='" &
txtUsername.Text & "' AND password ='" & txtPassword.Text & "'"
Dim cn As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings("C ONN_STRING"))
Dim comm As SqlCommand = New SqlCommand(sql, cn)
comm.Connection.Open()
Dim reader As SqlDataReader =
comm.ExecuteReader(CommandBehavior.CloseConnection )

If reader.Read() Then
FormsAuthentication.RedirectFromLoginPage(txtUsern ame.Text, True)
Else
lblMessage.Text = "Invalid User"
End If

This web config is in the same folder as my web pages so if I should try
to access "page1.aspx", I should be redirected to login.aspx.

Am I not correct or am I missing something.

Thanks for you help.

Rob

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #2

Lucas Tam

Rob <rv******@hotmail.com> wrote in news:#sLU2TUlEHA.3816
@TK2MSFTNGP14.phx.gbl:

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
Remote allow user="*". You're telling Forms Auth to allow all users access.

If reader.Read() Then
FormsAuthentication.RedirectFromLoginPage(txtUsern ame.Text, True)
Else
lblMessage.Text = "Invalid User"
End If

You should do a reader.close before redirecting. Otherwise you'll have a
connection leak.
--
Lucas Tam (RE********@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Nov 18 '05 #3

Rob

Thanks guys,
I made the change you suggested and it still allows me to access the
page???

Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #4

Greg Burns

Can you post your web.config?

Greg

"Rob" <rv******@hotmail.com> wrote in message
news:eM**************@TK2MSFTNGP09.phx.gbl...

Thanks guys,
I made the change you suggested and it still allows me to access the
page???

Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #5

Rob

This is my web.config file. I've removed the comments for clarity.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key=.../>
<add key=.../>
</appSettings>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password="
cookieless="false"
timeout="20"
/>

<globalization requestEncoding="utf-8" responseEncoding="utf-8"
/>

</system.web>

</configuration>

Thanks
Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #6

Greg Burns

The page you can access without it redirecting you to login.aspx, it is
still page1.aspx right? Forms authentication will not stop you from viewing
..html files. (grasping here)

You do have anonymous access turned on for the virtual directory (in IIS,
this is the default). This web.config is in the root directory of your
virtual directory right?

<forms name="login" loginUrl="login.aspx" protection="All" timeout="15" />

(you don't need protect="All", that is the default)

Everything looks ok to me. I dunno what is wrong.

Greg
"Rob" <rv******@hotmail.com> wrote in message
news:OK**************@TK2MSFTNGP09.phx.gbl...

This is my web.config file. I've removed the comments for clarity.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key=.../>
<add key=.../>
</appSettings>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password="
cookieless="false"
timeout="20"
/>

<globalization requestEncoding="utf-8" responseEncoding="utf-8"
/>

</system.web>

</configuration>

Thanks
Rob
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #7

Rob

Ya, you're right in all cases. I'll keep trying and if I figure it out,
I'll post the results. Thanks for your help.

Rob

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 18 '05 #8

by: MJ | last post by:

I'm building an application that has a file structure similar to the following: /myapp/user_login.aspx /myapp/user_page_1.aspx /myapp/user_page_2.aspx /myapp/user_page_3.aspx...

.NET Framework

Problem in forms auth, not going back to members page

by: Senthil | last post by:

1. Created a new C# web application project 2. Change the name of webform1 to login.aspx 3. And in the .cs file change the name of the class to login, and include System.web.security namespace....

.NET Framework

Forms Authentication Problem

by: ElmoWatson | last post by:

I tried on the Security newgroup, as well as other places, and haven't gotten an answer yet - - I'm pulling my hair out over this one. I'm trying to get Forms Authentication working.....I can get...

ASP.NET

Problem with Forms Authentication cookies

by: Scott | last post by:

Hi, We're having an issue with Forms Authentication cookies being treated as expired / invalid, and being deleted. This is causing our intranet users a great deal of pain - Running IIS 5.0 on...

ASP.NET

Forms authentication in a subfolder problem, please help

by: Kris van der Mast | last post by:

Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...

ASP.NET

Problem with Excel template

by: Karen A Hodge | last post by:

I have a website that has an Excel template. The template contains 3 QueryTables. The template is located on the web server. I would like to refresh the data prior to the user opening the template...

ASP.NET

A little problem with Forms authentication :-(

by: Simon Harvey | last post by:

Hi All, I'm hoping somebody could help me with the following problem. I'm using forms authentication and the user is getting authenticated no problem. Once authenticated the user can look at...

ASP.NET

Problem with ASP.NET 2.0 Location override of Forms Authentication settings

by: n33470 | last post by:

Hi all, We have an asp.net 1.1 app that we're in the process of converting to 2.0. What I'm about to describe runs just great in the 1.1 framework, but does not work in the 2.0 framework. ...

ASP.NET

Forms Authentication problem

by: David | last post by:

Hi all, I have a problem with Forms Auth. I am not using the protected folder method, rather, I want some parts of the page to be shown depending on the authentication state. Basically, I...

ASP.NET

Authentifation failure. (remoting problem)

by: Kristian Reukauff | last post by:

Hi I have a problem with the .Net-Securty-Functions. I've got a client and a server. When I try to register a channel at the server with this line: ChannelServices.RegisterChannel(chan, false);...

C# / C Sharp

Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"

by: taylorcarr | last post by:

A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...

General

How to turn on java script in a villaon keypad mobile phone

by: Charles Arthur | last post by:

How do i turn on java script on a villaon, callus and itel keypad mobile phone

Java

Basic Javascript concepts

by: aa123db | last post by:

Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...

Javascript

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

Problem with Forms Authentication

Similar topics