473,397 Members | 1,949 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > forms authentication not working

Join Bytes to post your question to a community of 473,397 software developers and data experts.

Forms authentication not working

Hi, I'm adding a security layer to a companies intranet pages. I have
created a login page, using the Asp.Net 2 login control, and am using
Forms Authentication. I have set the <formstimeout attribute to
5mins, as they don't want anyone to be able to view the secure pages
without logging in. It works fine when I build the project and run
through Visual Studio, redirecting to the login page after timeout.
However, since publishing the website and moving it to a server, the
timeout is now having no effect at all - coming back to the page after
20mins idle, you can click a link and it goes there, with no redirect.
I have tried closing the browser, and then opening it again - you can
simply type the url of a page in the secure section and it loads up,
without having to login again.

Any suggestions gratefully received!

Mat

Sep 13 '06 #1
4 1600

Sep 13 '06 #2
Mat,

Although I'm using 1.1 Forms Auth I had a few gotcha's.....

Login.aspx FormsAuthentication.Initialize()

Although I have a login page, its purpose is to either login w/an ID or via
querystring passing in the ID.

My formsAuth method is contained in my Common.vb for reusability in other
web projects.

PageLoad event for all pages....

'Check security token
If Not Session("securityToken") Is Nothing Then
If Not CType(Session("securityToken"),
Common.SecurityToken).IsLoggedIn Then
Response.Redirect("./LogOut.aspx")
End If
Else : Response.Redirect("./LogOut.aspx")
End If

I'm not sure if this helps but in my searching there were many suggestions
that there may also be an issue w/the machine.config

HTH

JeffP....

<mw****@mbasys.co.ukwrote in message
news:11**********************@e63g2000cwd.googlegr oups.com...
Hi, I'm adding a security layer to a companies intranet pages. I have
created a login page, using the Asp.Net 2 login control, and am using
Forms Authentication. I have set the <formstimeout attribute to
5mins, as they don't want anyone to be able to view the secure pages
without logging in. It works fine when I build the project and run
through Visual Studio, redirecting to the login page after timeout.
However, since publishing the website and moving it to a server, the
timeout is now having no effect at all - coming back to the page after
20mins idle, you can click a link and it goes there, with no redirect.
I have tried closing the browser, and then opening it again - you can
simply type the url of a page in the secure section and it loads up,
without having to login again.

Any suggestions gratefully received!

Mat

Sep 13 '06 #3
Hi,
thanks for the reply. I found an article
http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/ that I think
explains the problem - basically, forms authentication does not apply
to .htm and .html files since they are not ASP.NET filetypes, so it
does not even see requests to the pages and therefore cannot act on
them. The site I'm working on is very old, and made entirely of .htm
files - my login page is the only .aspx file there is!

Mat

Sep 13 '06 #4
Mat, Since it is htm, prehaps you could write an aspx wrapper for the entire
site and javaScript to check for isLoggedIn, or use a VB6 dll that checks
the cookie... good luck.... JeffP...

<mw****@mbasys.co.ukwrote in message
news:11**********************@b28g2000cwb.googlegr oups.com...
Hi,
thanks for the reply. I found an article
http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/ that I think
explains the problem - basically, forms authentication does not apply
to .htm and .html files since they are not ASP.NET filetypes, so it
does not even see requests to the pages and therefore cannot act on
them. The site I'm working on is very old, and made entirely of .htm
files - my login page is the only .aspx file there is!

Mat

Sep 13 '06 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Problem in forms auth, not going back to members page
by: Senthil | last post by:
1. Created a new C# web application project 2. Change the name of webform1 to login.aspx 3. And in the .cs file change the name of the class to login, and include System.web.security namespace....
.NET Framework
11
Forms Authentication Problem
by: ElmoWatson | last post by:
I tried on the Security newgroup, as well as other places, and haven't gotten an answer yet - - I'm pulling my hair out over this one. I'm trying to get Forms Authentication working.....I can get...
ASP.NET
2
Setting Forms Authentication...
by: Kian Goh | last post by:
Hi there, I am trying to use an entry level security for my resources website. I followed the procedures in the MS published Self-Paced Training Kit, everything seems working as expected....
ASP.NET
3
Forms authentication - credential store
by: Martin | last post by:
Dear fellow ASP.NET programmer, I stared using forms authentication and temporarily used a <credentials> tag in web.config. After I got it working I realized this wasn't really practical. I...
ASP.NET
2
Forms Authentication question: How to have some pages open and some requiring forms authentication
by: Eric | last post by:
I am trying to build an app where the stuff in the root directory is open to all, but anything under the Restricted directory requires you to login and I want to use Forms to do it. I'm having...
ASP.NET
3
forms authentication timeout
by: Andrew Robinson | last post by:
Is there any way to dynamically set the timeout while using forms based authentication? I want to change this value depending on the type of user that logs into my system. I understand that this...
ASP.NET
4
Forms Authentication
by: =?Utf-8?B?R3V1czEyMw==?= | last post by:
Hi, I created a web site on a remote server. To logon the user must enter a user id and password. The site is uses Forms Authentication. The web config file looks as follows: ...
ASP.NET
2
Forms Authentication with AD storage for credentials.
by: Max2006 | last post by:
Hi, We prefer ASP.NET Forms Authentication in our ASP.NET 3.5 application; however we have to use Active Directory for user name and password storage. Is that possible? Is there any sample...
ASP.NET
5
Forms Authentication vs MembershipProvider
by: Rory Becker | last post by:
Having now created a Custom MembershipProvider that seems to work correctly with my Logon and ChangePassword controls, I am, as they say, a happy bunny. The next stange is to move on to the...
ASP.NET
3
Forms Authentication question in web.config
by: =?Utf-8?B?TWlrZSBDb2xsaW5z?= | last post by:
I have a web application that I started building. I created a master page with some javascript in the head: <script src="<%# Request.ApplicationPath%>/Scripts/Main.js"...
ASP.NET
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!