Trouble with forms authentication

I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:

<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="Admin" password="pass"/>
<user name="Ashlyinn" password="pass"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

The problem is event if I put in the proper valid credentials authorization
fails.

Any suggestions?

Thanks, Justin.

Hey Justin,
When u mean authorization do u mean th user can login but he is not
getting the appropriate resources?
That means is he authenticated?

"Justin" wrote:

I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:

<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="Admin" password="pass"/>
<user name="Ashlyinn" password="pass"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

The problem is event if I put in the proper valid credentials authorization
fails.

Any suggestions?

Thanks, Justin.

No, the user is not authenticated at all, meaning it goes to the else
statement in the code below no matter what:

private void Login_Click(object sender, System.EventArgs e)
{
if (FormsAuthentication.Authenticate(Email.Text, Password.Text))
{
FormsAuthentication.RedirectFromLoginPage(Email.Te xt, false);
}
else
{
lblStatus.Text = "Authentication Failed.";
}
}

"Patrick.O.Ige" wrote:

Hey Justin,
When u mean authorization do u mean th user can login but he is not
getting the appropriate resources?
That means is he authenticated?

"Justin" wrote:

I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:

<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="Admin" password="pass"/>
<user name="Ashlyinn" password="pass"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

The problem is event if I put in the proper valid credentials authorization
fails.

Any suggestions?

Thanks, Justin.

Ok Justin so No authentication at al!!
Are u sure u have all the right settings?
First check to see whether u have Anonymous Auth checked in IIS.
Got to ur WebServer and right click on ur Virtual Directory of ur
Application >Go to Properties >Directory security TAB> On the Anonymouse
Access and Auth control
click EDIT and make sure u check Anonymous access!
Also make sure u have :- <identity impersonate="true" /> placed in ur
web.config
Try all that!
Let me know if it works for u..if not post ur Question.

"Justin" wrote:

No, the user is not authenticated at all, meaning it goes to the else
statement in the code below no matter what:

private void Login_Click(object sender, System.EventArgs e)
{
if (FormsAuthentication.Authenticate(Email.Text, Password.Text))
{
FormsAuthentication.RedirectFromLoginPage(Email.Te xt, false);
}
else
{
lblStatus.Text = "Authentication Failed.";
}
}

"Patrick.O.Ige" wrote:

Hey Justin,
When u mean authorization do u mean th user can login but he is not
getting the appropriate resources?
That means is he authenticated?

"Justin" wrote:

> I am trying to password protect a subdirectory using forms authentication. I
> am using the "Location" tag to specify the directory to be protected. The
> login.aspx page is in the root directory of the app. Here is the web.config:
>
> <location path="Admin">
> <system.web>
> <authentication mode="Forms">
> <forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
> <credentials passwordFormat="Clear">
> <user name="Admin" password="pass"/>
> <user name="Ashlyinn" password="pass"/>
> </credentials>
> </forms>
> </authentication>
> <authorization>
> <deny users="?"/>
> </authorization>
> </system.web>
> </location>
>
> The problem is event if I put in the proper valid credentials authorization
> fails.
>
> Any suggestions?
>
> Thanks, Justin.

Well, unfortunetly it still does not work. I am sure its something simle but
sometimes simple problems are hard to fix.

Thanks for the help.

Justin.

"Patrick.O.Ige" wrote:

Ok Justin so No authentication at al!!
Are u sure u have all the right settings?
First check to see whether u have Anonymous Auth checked in IIS.
Got to ur WebServer and right click on ur Virtual Directory of ur
Application >Go to Properties >Directory security TAB> On the Anonymouse
Access and Auth control
click EDIT and make sure u check Anonymous access!
Also make sure u have :- <identity impersonate="true" /> placed in ur
web.config
Try all that!
Let me know if it works for u..if not post ur Question.

"Justin" wrote:

No, the user is not authenticated at all, meaning it goes to the else
statement in the code below no matter what:

private void Login_Click(object sender, System.EventArgs e)
{
if (FormsAuthentication.Authenticate(Email.Text, Password.Text))
{
FormsAuthentication.RedirectFromLoginPage(Email.Te xt, false);
}
else
{
lblStatus.Text = "Authentication Failed.";
}
}

"Patrick.O.Ige" wrote:

> Hey Justin,
> When u mean authorization do u mean th user can login but he is not
> getting the appropriate resources?
> That means is he authenticated?
>
>
>
> "Justin" wrote:
>
> > I am trying to password protect a subdirectory using forms authentication. I
> > am using the "Location" tag to specify the directory to be protected. The
> > login.aspx page is in the root directory of the app. Here is the web.config:
> >
> > <location path="Admin">
> > <system.web>
> > <authentication mode="Forms">
> > <forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
> > <credentials passwordFormat="Clear">
> > <user name="Admin" password="pass"/>
> > <user name="Ashlyinn" password="pass"/>
> > </credentials>
> > </forms>
> > </authentication>
> > <authorization>
> > <deny users="?"/>
> > </authorization>
> > </system.web>
> > </location>
> >
> > The problem is event if I put in the proper valid credentials authorization
> > fails.
> >
> > Any suggestions?
> >
> > Thanks, Justin.

Just try looking through ur code carefully ok!

Justin try looking through:-Forms Authentication here:-
http://samples.gotdotnet.com/quickstart/aspplus/
or
http://support.microsoft.com/default...301240&SD=MSDN
or
http://www.costudio.com/form_auth.asp


"Justin" wrote:

Well, unfortunetly it still does not work. I am sure its something simle but
sometimes simple problems are hard to fix.

Thanks for the help.

Justin.

"Patrick.O.Ige" wrote:

Ok Justin so No authentication at al!!
Are u sure u have all the right settings?
First check to see whether u have Anonymous Auth checked in IIS.
Got to ur WebServer and right click on ur Virtual Directory of ur
Application >Go to Properties >Directory security TAB> On the Anonymouse
Access and Auth control
click EDIT and make sure u check Anonymous access!
Also make sure u have :- <identity impersonate="true" /> placed in ur
web.config
Try all that!
Let me know if it works for u..if not post ur Question.

"Justin" wrote:

> No, the user is not authenticated at all, meaning it goes to the else
> statement in the code below no matter what:
>
> private void Login_Click(object sender, System.EventArgs e)
> {
> if (FormsAuthentication.Authenticate(Email.Text, Password.Text))
> {
> FormsAuthentication.RedirectFromLoginPage(Email.Te xt, false);
> }
> else
> {
> lblStatus.Text = "Authentication Failed.";
> }
> }
>
>
>
> "Patrick.O.Ige" wrote:
>
> > Hey Justin,
> > When u mean authorization do u mean th user can login but he is not
> > getting the appropriate resources?
> > That means is he authenticated?
> >
> >
> >
> > "Justin" wrote:
> >
> > > I am trying to password protect a subdirectory using forms authentication. I
> > > am using the "Location" tag to specify the directory to be protected. The
> > > login.aspx page is in the root directory of the app. Here is the web.config:
> > >
> > > <location path="Admin">
> > > <system.web>
> > > <authentication mode="Forms">
> > > <forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
> > > <credentials passwordFormat="Clear">
> > > <user name="Admin" password="pass"/>
> > > <user name="Ashlyinn" password="pass"/>
> > > </credentials>
> > > </forms>
> > > </authentication>
> > > <authorization>
> > > <deny users="?"/>
> > > </authorization>
> > > </system.web>
> > > </location>
> > >
> > > The problem is event if I put in the proper valid credentials authorization
> > > fails.
> > >
> > > Any suggestions?
> > >
> > > Thanks, Justin.

This link shoud help for sure:-
http://www.15seconds.com/issue/020220.htm
And by the way in ur Web.Config why don't u do:-
<configuration>
<system.web>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="login.aspx"
protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="jeff" password="test" />
<user name="mike" password="test" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

And then if u want to perform Auhtorization use the location PATH and specify
whch users can see access contents of a particular FOLDER!
GDLUCK


"Patrick.O.Ige" wrote:

Just try looking through ur code carefully ok!

Justin try looking through:-Forms Authentication here:-
http://samples.gotdotnet.com/quickstart/aspplus/
or
http://support.microsoft.com/default...301240&SD=MSDN
or
http://www.costudio.com/form_auth.asp


"Justin" wrote:

Well, unfortunetly it still does not work. I am sure its something simle but
sometimes simple problems are hard to fix.

Thanks for the help.

Justin.

"Patrick.O.Ige" wrote:

> Ok Justin so No authentication at al!!
> Are u sure u have all the right settings?
> First check to see whether u have Anonymous Auth checked in IIS.
> Got to ur WebServer and right click on ur Virtual Directory of ur
> Application >Go to Properties >Directory security TAB> On the Anonymouse
> Access and Auth control
> click EDIT and make sure u check Anonymous access!
> Also make sure u have :- <identity impersonate="true" /> placed in ur
> web.config
> Try all that!
> Let me know if it works for u..if not post ur Question.
>
>
>
> "Justin" wrote:
>
> > No, the user is not authenticated at all, meaning it goes to the else
> > statement in the code below no matter what:
> >
> > private void Login_Click(object sender, System.EventArgs e)
> > {
> > if (FormsAuthentication.Authenticate(Email.Text, Password.Text))
> > {
> > FormsAuthentication.RedirectFromLoginPage(Email.Te xt, false);
> > }
> > else
> > {
> > lblStatus.Text = "Authentication Failed.";
> > }
> > }
> >
> >
> >
> > "Patrick.O.Ige" wrote:
> >
> > > Hey Justin,
> > > When u mean authorization do u mean th user can login but he is not
> > > getting the appropriate resources?
> > > That means is he authenticated?
> > >
> > >
> > >
> > > "Justin" wrote:
> > >
> > > > I am trying to password protect a subdirectory using forms authentication. I
> > > > am using the "Location" tag to specify the directory to be protected. The
> > > > login.aspx page is in the root directory of the app. Here is the web.config:
> > > >
> > > > <location path="Admin">
> > > > <system.web>
> > > > <authentication mode="Forms">
> > > > <forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
> > > > <credentials passwordFormat="Clear">
> > > > <user name="Admin" password="pass"/>
> > > > <user name="Ashlyinn" password="pass"/>
> > > > </credentials>
> > > > </forms>
> > > > </authentication>
> > > > <authorization>
> > > > <deny users="?"/>
> > > > </authorization>
> > > > </system.web>
> > > > </location>
> > > >
> > > > The problem is event if I put in the proper valid credentials authorization
> > > > fails.
> > > >
> > > > Any suggestions?
> > > >
> > > > Thanks, Justin.