By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,441 Members | 979 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,441 IT Pros & Developers. It's quick & easy.

Trouble with forms authentication

P: n/a
I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:

<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="Admin" password="pass"/>
<user name="Ashlyinn" password="pass"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

The problem is event if I put in the proper valid credentials authorization
fails.

Any suggestions?

Thanks, Justin.
Nov 18 '05 #1
Share this Question
Share on Google+
7 Replies


P: n/a
Hey Justin,
When u mean authorization do u mean th user can login but he is not
getting the appropriate resources?
That means is he authenticated?

"Justin" wrote:
I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:

<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="Admin" password="pass"/>
<user name="Ashlyinn" password="pass"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

The problem is event if I put in the proper valid credentials authorization
fails.

Any suggestions?

Thanks, Justin.

Nov 18 '05 #2

P: n/a
No, the user is not authenticated at all, meaning it goes to the else
statement in the code below no matter what:

private void Login_Click(object sender, System.EventArgs e)
{
if (FormsAuthentication.Authenticate(Email.Text, Password.Text))
{
FormsAuthentication.RedirectFromLoginPage(Email.Te xt, false);
}
else
{
lblStatus.Text = "Authentication Failed.";
}
}

"Patrick.O.Ige" wrote:
Hey Justin,
When u mean authorization do u mean th user can login but he is not
getting the appropriate resources?
That means is he authenticated?

"Justin" wrote:
I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:

<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="Admin" password="pass"/>
<user name="Ashlyinn" password="pass"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

The problem is event if I put in the proper valid credentials authorization
fails.

Any suggestions?

Thanks, Justin.

Nov 18 '05 #3

P: n/a
Ok Justin so No authentication at al!!
Are u sure u have all the right settings?
First check to see whether u have Anonymous Auth checked in IIS.
Got to ur WebServer and right click on ur Virtual Directory of ur
Application >Go to Properties >Directory security TAB> On the Anonymouse
Access and Auth control
click EDIT and make sure u check Anonymous access!
Also make sure u have :- <identity impersonate="true" /> placed in ur
web.config
Try all that!
Let me know if it works for u..if not post ur Question.

"Justin" wrote:
No, the user is not authenticated at all, meaning it goes to the else
statement in the code below no matter what:

private void Login_Click(object sender, System.EventArgs e)
{
if (FormsAuthentication.Authenticate(Email.Text, Password.Text))
{
FormsAuthentication.RedirectFromLoginPage(Email.Te xt, false);
}
else
{
lblStatus.Text = "Authentication Failed.";
}
}

"Patrick.O.Ige" wrote:
Hey Justin,
When u mean authorization do u mean th user can login but he is not
getting the appropriate resources?
That means is he authenticated?

"Justin" wrote:
I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:

<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="Admin" password="pass"/>
<user name="Ashlyinn" password="pass"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

The problem is event if I put in the proper valid credentials authorization
fails.

Any suggestions?

Thanks, Justin.

Nov 18 '05 #4

P: n/a
Well, unfortunetly it still does not work. I am sure its something simle but
sometimes simple problems are hard to fix.

Thanks for the help.

Justin.

"Patrick.O.Ige" wrote:
Ok Justin so No authentication at al!!
Are u sure u have all the right settings?
First check to see whether u have Anonymous Auth checked in IIS.
Got to ur WebServer and right click on ur Virtual Directory of ur
Application >Go to Properties >Directory security TAB> On the Anonymouse
Access and Auth control
click EDIT and make sure u check Anonymous access!
Also make sure u have :- <identity impersonate="true" /> placed in ur
web.config
Try all that!
Let me know if it works for u..if not post ur Question.

"Justin" wrote:
No, the user is not authenticated at all, meaning it goes to the else
statement in the code below no matter what:

private void Login_Click(object sender, System.EventArgs e)
{
if (FormsAuthentication.Authenticate(Email.Text, Password.Text))
{
FormsAuthentication.RedirectFromLoginPage(Email.Te xt, false);
}
else
{
lblStatus.Text = "Authentication Failed.";
}
}

"Patrick.O.Ige" wrote:
Hey Justin,
When u mean authorization do u mean th user can login but he is not
getting the appropriate resources?
That means is he authenticated?

"Justin" wrote:

> I am trying to password protect a subdirectory using forms authentication. I
> am using the "Location" tag to specify the directory to be protected. The
> login.aspx page is in the root directory of the app. Here is the web.config:
>
> <location path="Admin">
> <system.web>
> <authentication mode="Forms">
> <forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
> <credentials passwordFormat="Clear">
> <user name="Admin" password="pass"/>
> <user name="Ashlyinn" password="pass"/>
> </credentials>
> </forms>
> </authentication>
> <authorization>
> <deny users="?"/>
> </authorization>
> </system.web>
> </location>
>
> The problem is event if I put in the proper valid credentials authorization
> fails.
>
> Any suggestions?
>
> Thanks, Justin.

Nov 18 '05 #5

P: n/a
Just try looking through ur code carefully ok!

Justin try looking through:-Forms Authentication here:-
http://samples.gotdotnet.com/quickstart/aspplus/
o
http://support.microsoft.com/default...301240&SD=MSDN
or
http://www.costudio.com/form_auth.asp


"Justin" wrote:
Well, unfortunetly it still does not work. I am sure its something simle but
sometimes simple problems are hard to fix.

Thanks for the help.

Justin.

"Patrick.O.Ige" wrote:
Ok Justin so No authentication at al!!
Are u sure u have all the right settings?
First check to see whether u have Anonymous Auth checked in IIS.
Got to ur WebServer and right click on ur Virtual Directory of ur
Application >Go to Properties >Directory security TAB> On the Anonymouse
Access and Auth control
click EDIT and make sure u check Anonymous access!
Also make sure u have :- <identity impersonate="true" /> placed in ur
web.config
Try all that!
Let me know if it works for u..if not post ur Question.

"Justin" wrote:
No, the user is not authenticated at all, meaning it goes to the else
statement in the code below no matter what:

private void Login_Click(object sender, System.EventArgs e)
{
if (FormsAuthentication.Authenticate(Email.Text, Password.Text))
{
FormsAuthentication.RedirectFromLoginPage(Email.Te xt, false);
}
else
{
lblStatus.Text = "Authentication Failed.";
}
}

"Patrick.O.Ige" wrote:

> Hey Justin,
> When u mean authorization do u mean th user can login but he is not
> getting the appropriate resources?
> That means is he authenticated?
>
>
>
> "Justin" wrote:
>
> > I am trying to password protect a subdirectory using forms authentication. I
> > am using the "Location" tag to specify the directory to be protected. The
> > login.aspx page is in the root directory of the app. Here is the web.config:
> >
> > <location path="Admin">
> > <system.web>
> > <authentication mode="Forms">
> > <forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
> > <credentials passwordFormat="Clear">
> > <user name="Admin" password="pass"/>
> > <user name="Ashlyinn" password="pass"/>
> > </credentials>
> > </forms>
> > </authentication>
> > <authorization>
> > <deny users="?"/>
> > </authorization>
> > </system.web>
> > </location>
> >
> > The problem is event if I put in the proper valid credentials authorization
> > fails.
> >
> > Any suggestions?
> >
> > Thanks, Justin.

Nov 18 '05 #6

P: n/a
This link shoud help for sure:-
http://www.15seconds.com/issue/020220.htm
And by the way in ur Web.Config why don't u do:-
<configuration>
<system.web>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="login.aspx"
protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="jeff" password="test" />
<user name="mike" password="test" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

And then if u want to perform Auhtorization use the location PATH and specify
whch users can see access contents of a particular FOLDER!
GDLUCK


"Patrick.O.Ige" wrote:
Just try looking through ur code carefully ok!

Justin try looking through:-Forms Authentication here:-
http://samples.gotdotnet.com/quickstart/aspplus/
or
http://support.microsoft.com/default...301240&SD=MSDN
or
http://www.costudio.com/form_auth.asp


"Justin" wrote:
Well, unfortunetly it still does not work. I am sure its something simle but
sometimes simple problems are hard to fix.

Thanks for the help.

Justin.

"Patrick.O.Ige" wrote:
Ok Justin so No authentication at al!!
Are u sure u have all the right settings?
First check to see whether u have Anonymous Auth checked in IIS.
Got to ur WebServer and right click on ur Virtual Directory of ur
Application >Go to Properties >Directory security TAB> On the Anonymouse
Access and Auth control
click EDIT and make sure u check Anonymous access!
Also make sure u have :- <identity impersonate="true" /> placed in ur
web.config
Try all that!
Let me know if it works for u..if not post ur Question.

"Justin" wrote:

> No, the user is not authenticated at all, meaning it goes to the else
> statement in the code below no matter what:
>
> private void Login_Click(object sender, System.EventArgs e)
> {
> if (FormsAuthentication.Authenticate(Email.Text, Password.Text))
> {
> FormsAuthentication.RedirectFromLoginPage(Email.Te xt, false);
> }
> else
> {
> lblStatus.Text = "Authentication Failed.";
> }
> }
>
>
>
> "Patrick.O.Ige" wrote:
>
> > Hey Justin,
> > When u mean authorization do u mean th user can login but he is not
> > getting the appropriate resources?
> > That means is he authenticated?
> >
> >
> >
> > "Justin" wrote:
> >
> > > I am trying to password protect a subdirectory using forms authentication. I
> > > am using the "Location" tag to specify the directory to be protected. The
> > > login.aspx page is in the root directory of the app. Here is the web.config:
> > >
> > > <location path="Admin">
> > > <system.web>
> > > <authentication mode="Forms">
> > > <forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
> > > <credentials passwordFormat="Clear">
> > > <user name="Admin" password="pass"/>
> > > <user name="Ashlyinn" password="pass"/>
> > > </credentials>
> > > </forms>
> > > </authentication>
> > > <authorization>
> > > <deny users="?"/>
> > > </authorization>
> > > </system.web>
> > > </location>
> > >
> > > The problem is event if I put in the proper valid credentials authorization
> > > fails.
> > >
> > > Any suggestions?
> > >
> > > Thanks, Justin.

Nov 18 '05 #7

P: n/a
Ok, I am getting closer to getting this to work the only problem is that
after loging in it redirects to default.aspx in the root directory instead of
admin/default.aspx.

How do I manualy set redirect url?

"Patrick.O.Ige" wrote:
This link shoud help for sure:-
http://www.15seconds.com/issue/020220.htm
And by the way in ur Web.Config why don't u do:-
<configuration>
<system.web>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms name="appNameAuth" path="/" loginUrl="login.aspx"
protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="jeff" password="test" />
<user name="mike" password="test" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

And then if u want to perform Auhtorization use the location PATH and specify
whch users can see access contents of a particular FOLDER!
GDLUCK


"Patrick.O.Ige" wrote:
Just try looking through ur code carefully ok!

Justin try looking through:-Forms Authentication here:-
http://samples.gotdotnet.com/quickstart/aspplus/
or
http://support.microsoft.com/default...301240&SD=MSDN
or
http://www.costudio.com/form_auth.asp


"Justin" wrote:
Well, unfortunetly it still does not work. I am sure its something simle but
sometimes simple problems are hard to fix.

Thanks for the help.

Justin.

"Patrick.O.Ige" wrote:

> Ok Justin so No authentication at al!!
> Are u sure u have all the right settings?
> First check to see whether u have Anonymous Auth checked in IIS.
> Got to ur WebServer and right click on ur Virtual Directory of ur
> Application >Go to Properties >Directory security TAB> On the Anonymouse
> Access and Auth control
> click EDIT and make sure u check Anonymous access!
> Also make sure u have :- <identity impersonate="true" /> placed in ur
> web.config
> Try all that!
> Let me know if it works for u..if not post ur Question.
>
>
>
> "Justin" wrote:
>
> > No, the user is not authenticated at all, meaning it goes to the else
> > statement in the code below no matter what:
> >
> > private void Login_Click(object sender, System.EventArgs e)
> > {
> > if (FormsAuthentication.Authenticate(Email.Text, Password.Text))
> > {
> > FormsAuthentication.RedirectFromLoginPage(Email.Te xt, false);
> > }
> > else
> > {
> > lblStatus.Text = "Authentication Failed.";
> > }
> > }
> >
> >
> >
> > "Patrick.O.Ige" wrote:
> >
> > > Hey Justin,
> > > When u mean authorization do u mean th user can login but he is not
> > > getting the appropriate resources?
> > > That means is he authenticated?
> > >
> > >
> > >
> > > "Justin" wrote:
> > >
> > > > I am trying to password protect a subdirectory using forms authentication. I
> > > > am using the "Location" tag to specify the directory to be protected. The
> > > > login.aspx page is in the root directory of the app. Here is the web.config:
> > > >
> > > > <location path="Admin">
> > > > <system.web>
> > > > <authentication mode="Forms">
> > > > <forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
> > > > <credentials passwordFormat="Clear">
> > > > <user name="Admin" password="pass"/>
> > > > <user name="Ashlyinn" password="pass"/>
> > > > </credentials>
> > > > </forms>
> > > > </authentication>
> > > > <authorization>
> > > > <deny users="?"/>
> > > > </authorization>
> > > > </system.web>
> > > > </location>
> > > >
> > > > The problem is event if I put in the proper valid credentials authorization
> > > > fails.
> > > >
> > > > Any suggestions?
> > > >
> > > > Thanks, Justin.

Nov 18 '05 #8

This discussion thread is closed

Replies have been disabled for this discussion.