472,121 Members | 1,507 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

home > topics > asp.net > questions > problem with masterpages and security

Join Bytes to post your question to a community of 472,121 software developers and data experts.

problem with masterpages and security

Hello,

I have a problem with masterpages and forms security.

I made a new Web site, in which I have my page of login like of beginning, a
master page with only a sitemappath object in it, the file of map of the
site,
the web.config and another page to do tests.
In the page redirected from login there are a label and a combo (dropdown)
object
and the only thing this page do is to modify label with the text that this
one has
The problem is that it again redirects me to the login page, i singn in
again an then
the page redirects me to the initial state of the second page, but i nees
that this redirect
to the login page only happens when the 5 minutes timeout is reached.

I put my code down to them, hopefully you see something that is I making
wrong

hanking for beforehand your time and help.
Sergio E.
---------codigo del login.aspx

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Login.aspx.vb"
Inherits="Login" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >

<head runat="server">

<title>Login</title>

<link href="Styles/MiStyleSheet.css" rel="stylesheet" type="text/css" />

</head>

<body>

<form id="Form1" runat="server" method="post">

<div style="text-align: center">

<asp:Label ID="Label1" runat="server" Text="Reporteador"></asp:Label><br />

<br />

Acceso al Sistema<br />

<table style="width: 395px">

<tr>

<td style="width: 188px">

Usuario:

</td>

<td style="width: 199px">

<asp:TextBox ID="TxtUsuario" runat="server"
Width="150px"></asp:TextBox></td>

</tr>

<tr>

<td style="width: 188px">

Clave:</td>

<td style="width: 199px">

<asp:TextBox ID="TxtPwd" runat="server" TextMode="Password"
Width="150px"></asp:TextBox></td>

</tr>

</table>

<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server"
ControlToValidate="TxtUsuario"

Display="None" ErrorMessage="El campo Usuario no debe estar
vacío."></asp:RequiredFieldValidator>

<asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server"
ControlToValidate="TxtPwd"

Display="None" ErrorMessage="El campo Clave no debe estar
vacío."></asp:RequiredFieldValidator><br />

<asp:ValidationSummary ID="ResumenValidacion" runat="server" Height="85px"
ShowMessageBox="True"

ShowSummary="False" Width="153px" />

<br />

<asp:Button ID="BtnLogin" runat="server" Text="Ingresar" /><br />

<br />

<br />

<asp:Label ID="LblError" runat="server" ForeColor="Red" Text="¡¡¡Error:
Usuario o Clave incorrectos!!!"

Visible="False"></asp:Label>&nbsp;</div>

</form>

</body>

</html>

--- codigo en la pagina de login.aspx.vb que define la cookie

Protected Sub BtnLogin_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles BtnLogin.Click

dim bUsuarioValido as boolean = ValidaUsuarioEnBDD() 'Este metodo es el que
se conecta a la base de datos y valida realmente al usuario
dim NomPaginaOk as string = "~/Reporte.aspx"

If Not (bUsuarioValido) Then

Me.LblError.Visible = True

Me.TxtUsuario.Text = ""

Me.TxtPwd.Text = ""

Else

FormsAuthentication.SetAuthCookie(Me.TxtUsuario.Te xt, True)

Session.Add(VariablesGlobales.NombreVarSesionEstad oAutorizado,
VariablesGlobales.ValorEsperadoSesionEstadoAutoriz ado)

Server.Transfer(NomPaginaOk,True)

End If

-------------- codigo de la pagina maestra

<%@ Master Language="VB" CodeFile="Header.master.vb" Inherits="Header" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >

<head runat="server">

<title>Reporte</title>

</head>

<body>

<form id="form1" runat="server">

<div style="text-align: left">

<center <strong>REPORTEADOR</strong></center<br />

<asp:SiteMapPath ID="smpMiSitio" runat="server" Font-Names="Verdana"
Font-Size="0.8em"

PathSeparator=" : ">

<PathSeparatorStyle Font-Bold="True" ForeColor="#990000" />

<CurrentNodeStyle ForeColor="#333333" />

<NodeStyle Font-Bold="True" ForeColor="#990000" />

<RootNodeStyle Font-Bold="True" ForeColor="#FF8000" />

</asp:SiteMapPath>

<br />

<br />

<asp:contentplaceholder id="phContenido" runat="server">

</asp:contentplaceholder>

</div>

<br />

<strong><em><span style="text-decoration: underline">(C) Todos los derechos
reservados...</span></em></strong>

</form>

</body>

</html>

---------- codigo del archivo reporte.aspx

<%@ Page Language="VB" MasterPageFile="~/Header.master"
AutoEventWireup="false" CodeFile="Reporte.aspx.vb" Inherits="Reporte"
title="Reporte" %>

<asp:Content ID="Content1" ContentPlaceHolderID="phContenido"
Runat="Server">

<asp:Label ID="lblEtiqueta" runat="server" Text="Label"></asp:Label>

<asp:DropDownList ID="DropDownList1" runat="server" AutoPostBack="True">

<asp:ListItem>hola</asp:ListItem>

<asp:ListItem>compa</asp:ListItem>

</asp:DropDownList>

</asp:Content>

--------- codigo del archivo reporte.aspx.vb

Partial Class Reporte

Inherits System.Web.UI.Page

Protected Sub DropDownList1_SelectedIndexChanged(ByVal sender As Object,
ByVal e As System.EventArgs) Handles DropDownList1.SelectedIndexChanged

Me.lblEtiqueta.Text = Me.DropDownList1.SelectedItem.Text

End Sub

End Class

------------ codigo del archivo web.sitemap

<?xml version="1.0" encoding="utf-8" ?>

<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >

<siteMapNode url="Login.aspx" title="" description="Acceso al Sistema">

<siteMapNode url="Reporte.aspx" title="Inicio" description="Reporte">

</siteMapNode>

</siteMapNode>

</siteMap>

--------codigo del archivo web.config

<?xml version="1.0"?>

<configuration>

<appSettings/>

<connectionStrings>

<add name="AConnectionString" connectionString="Data
Source=DBServer001;Initial Catalog=DBVentas;Persist Security Info=True;User
ID=sa;Password=sa;Connect Timeout=60" providerName="System.Data.SqlClient"/>

</connectionStrings>

<system.web>

<compilation debug="true" strict="true" explicit="true"/>

<pages>

<namespaces>

<clear/>

<add namespace="System"/>

<add namespace="System.Collections"/>

<add namespace="System.Collections.Specialized"/>

<add namespace="System.Configuration"/>

<add namespace="System.Text"/>

<add namespace="System.Text.RegularExpressions"/>

<add namespace="System.Web"/>

<add namespace="System.Web.Caching"/>

<add namespace="System.Web.SessionState"/>

<add namespace="System.Web.Security"/>

<add namespace="System.Web.Profile"/>

<add namespace="System.Web.UI"/>

<add namespace="System.Web.UI.WebControls"/>

<add namespace="System.Web.UI.WebControls.WebParts"/>

<add namespace="System.Web.UI.HtmlControls"/>

</namespaces>

</pages>

<authentication mode="Forms">

<forms loginUrl="Login.aspx" name=".rptcookie" timeout="5" >

<!--protection="All" timeout="1">-->

</forms>

</authentication>
<authorization>

<deny users="?"/>

</authorization>

<customErrors mode="Off"/>

</system.web>

</configuration>
Dec 8 '06 #1
0 2164

This discussion thread is closed

Start new discussion

Replies have been disabled for this discussion.

Similar topics
Code in MasterPages
4 posts views Thread by Jeff Lynch | last post: by
asp.net 2.0 master pages problem
7 posts views Thread by Martijn Saly | last post: by
CMS for asp.net 2.0 and masterpages
3 posts views Thread by Lars W. Andersen | last post: by
Nested Masterpages and naming
2 posts views Thread by iturner100 | last post: by
Masterpages and FindControl
2 posts views Thread by encoad | last post: by
forms security problem
reply views Thread by Sergio E. | last post: by
Two masterpages in one application problem
6 posts views Thread by =?Utf-8?B?U3RlcGhlbiBIYXRmaWVsZA==?= | last post: by
MasterPages and applying CSS to content pages
8 posts views Thread by Mort Strom | last post: by
openGauss security policy
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Advertise
Terms Of Use
Privacy Policy
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates