forms security problem

Sergio E.

Hello,

I have a problem with masterpages and forms security.

I made a new Web site, in which I have my page login.aspx as the homepage ,
a master page with only a sitemappath object in it, the file of map of the
site,
the web.config and another page to do tests.

In the page redirected from login there are a label and a combo (dropdown)
object and the only thing this page do is to modify label with the text that
this
one has The problem is that it again redirects me to the login page, i singn
in
again an then the page redirects me to the initial state of the second page,
but i nees
that this redirect to the login page only happens when the 5 minutes timeout
is reached.

I put my code down to them, hopefully you see something that is I making
wrong

Thanking for beforehand your time and help.
Sergio E.
---------code: login.aspx

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Login.aspx.vb"
Inherits="Login" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >

<head runat="server">

<title>Login</title>

<link href="Styles/MiStyleSheet.css" rel="stylesheet" type="text/css" />

</head>

<body>

<form id="Form1" runat="server" method="post">

<div style="text-align: center">

<asp:Label ID="Label1" runat="server" Text="Reporteador"></asp:Label><br />

<br />

Acceso al Sistema<br />

<table style="width: 395px">

<tr>

<td style="width: 188px">

Usuario:

</td>

<td style="width: 199px">

<asp:TextBox ID="TxtUsuario" runat="server"
Width="150px"></asp:TextBox></td>

</tr>

<tr>

<td style="width: 188px">

Clave:</td>

<td style="width: 199px">

<asp:TextBox ID="TxtPwd" runat="server" TextMode="Password"
Width="150px"></asp:TextBox></td>

</tr>

</table>

<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server"
ControlToValidate="TxtUsuario"

Display="None" ErrorMessage="El campo Usuario no debe estar
vacío."></asp:RequiredFieldValidator>

<asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server"
ControlToValidate="TxtPwd"

Display="None" ErrorMessage="El campo Clave no debe estar
vacío."></asp:RequiredFieldValidator><br />

<asp:ValidationSummary ID="ResumenValidacion" runat="server" Height="85px"
ShowMessageBox="True"

ShowSummary="False" Width="153px" />

<br />

<asp:Button ID="BtnLogin" runat="server" Text="Ingresar" /><br />

<br />

<br />

<asp:Label ID="LblError" runat="server" ForeColor="Red" Text="¡¡¡Error:
Usuario o Clave incorrectos!!!"

Visible="False"></asp:Label> </div>

</form>

</body>

</html>

--- code: login.aspx.vb (cookie definition only)

Protected Sub BtnLogin_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles BtnLogin.Click

dim bUsuarioValido as boolean = ValidaUsuarioEnBDD() 'Este metodo es el que
se conecta a la base de datos y valida realmente al usuario
dim NomPaginaOk as string = "~/Reporte.aspx"

If Not (bUsuarioValido) Then

Me.LblError.Visible = True

Me.TxtUsuario.Text = ""

Me.TxtPwd.Text = ""

Else

FormsAuthentication.SetAuthCookie(Me.TxtUsuario.Te xt, True)

Session.Add(VariablesGlobales.NombreVarSesionEstad oAutorizado,
VariablesGlobales.ValorEsperadoSesionEstadoAutoriz ado)

Server.Transfer(NomPaginaOk,True)

End If

-------------- code: header.master

<%@ Master Language="VB" CodeFile="Header.master.vb" Inherits="Header" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >

<head runat="server">

<title>Reporte</title>

</head>

<body>

<form id="form1" runat="server">

<div style="text-align: left">

<center <strong>REPORTEADOR</strong></center<br />

<asp:SiteMapPath ID="smpMiSitio" runat="server" Font-Names="Verdana"
Font-Size="0.8em"

PathSeparator=" : ">

<PathSeparatorStyle Font-Bold="True" ForeColor="#990000" />

<CurrentNodeStyle ForeColor="#333333" />

<NodeStyle Font-Bold="True" ForeColor="#990000" />

<RootNodeStyle Font-Bold="True" ForeColor="#FF8000" />

</asp:SiteMapPath>

<br />

<br />

<asp:contentplaceholder id="phContenido" runat="server">

</asp:contentplaceholder>

</div>

<br />

<strong><em><span style="text-decoration: underline">(C) Todos los derechos
reservados...</span></em></strong>

</form>

</body>

</html>

---------- code: reporte.aspx

<%@ Page Language="VB" MasterPageFile="~/Header.master"
AutoEventWireup="false" CodeFile="Reporte.aspx.vb" Inherits="Reporte"
title="Reporte" %>

<asp:Content ID="Content1" ContentPlaceHolderID="phContenido"
Runat="Server">

<asp:Label ID="lblEtiqueta" runat="server" Text="Label"></asp:Label>

<asp:DropDownList ID="DropDownList1" runat="server" AutoPostBack="True">

<asp:ListItem>hola</asp:ListItem>

<asp:ListItem>compa</asp:ListItem>

</asp:DropDownList>

</asp:Content>

--------- code: reporte.aspx.vb

Partial Class Reporte

Inherits System.Web.UI.Page

Protected Sub DropDownList1_SelectedIndexChanged(ByVal sender As Object,
ByVal e As System.EventArgs) Handles DropDownList1.SelectedIndexChanged

Me.lblEtiqueta.Text = Me.DropDownList1.SelectedItem.Text

End Sub

End Class

------------ code: web.sitemap

<?xml version="1.0" encoding="utf-8" ?>

<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >

<siteMapNode url="Login.aspx" title="" description="Acceso al Sistema">

<siteMapNode url="Reporte.aspx" title="Inicio" description="Reporte">

</siteMapNode>

</siteMapNode>

</siteMap>

--------code: web.config

<?xml version="1.0"?>

<configuration>

<appSettings/>

<connectionStrings>

<add name="AConnectionString" connectionString="Data
Source=DBServer001;Initial Catalog=DBVentas;Persist Security Info=True;User
ID=sa;Password=sa;Connect Timeout=60" providerName="System.Data.SqlClient"/>

</connectionStrings>

<system.web>

<compilation debug="true" strict="true" explicit="true"/>

<pages>

<namespaces>

<clear/>

<add namespace="System"/>

<add namespace="System.Collections"/>

<add namespace="System.Collections.Specialized"/>

<add namespace="System.Configuration"/>

<add namespace="System.Text"/>

<add namespace="System.Text.RegularExpressions"/>

<add namespace="System.Web"/>

<add namespace="System.Web.Caching"/>

<add namespace="System.Web.SessionState"/>

<add namespace="System.Web.Security"/>

<add namespace="System.Web.Profile"/>

<add namespace="System.Web.UI"/>

<add namespace="System.Web.UI.WebControls"/>

<add namespace="System.Web.UI.WebControls.WebParts"/>

<add namespace="System.Web.UI.HtmlControls"/>

</namespaces>

</pages>

<authentication mode="Forms">

<forms loginUrl="Login.aspx" name=".rptcookie" timeout="5" >



</forms>

</authentication>
<authorization>

<deny users="?"/>

</authorization>

<customErrors mode="Off"/>

</system.web>

</configuration>

Dec 22 '06 #1

Subscribe Post Reply

1220

by: Billy Jacobs | last post by:

I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...

.NET Framework

Conversion from 2.0 to 2000: Admin has no Administer rights on forms

by: Stephan Neuhaus | last post by:

Hi all. I'm having a problem that's driving me nuts. I am not familiar with Access, but I have read the FAQ, searched google, read the Access Security FAQ, and looked at the Access Web, to no...

Microsoft Access / VBA

Forms authentication in a subfolder problem, please help

by: Kris van der Mast | last post by:

Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...

ASP.NET

Forms authentication - credential store

by: Martin | last post by:

Dear fellow ASP.NET programmer, I stared using forms authentication and temporarily used a <credentials> tag in web.config. After I got it working I realized this wasn't really practical. I...

ASP.NET

Forms Authentication

by: Manny Chohan | last post by:

I am using forms authetication in the web config. i can validate a user against a database and click on images which makes hidden panels visible.However when i click on the link inside a panel...

ASP.NET

Forms Authentication with Active Directory LDAP Problem

by: Tdar | last post by:

Sorry for the dup post but looking for a response and this is being posted under my MSDN managed newsgroups handle and in a different newsgroup Hi, As I said in the past post I am using this...

ASP.NET

Windows Forms No-Touch Deployment problems using DAO on User-Level Secured Access DB to access groups

by: James | last post by:

I have a VB windows forms application that accesses a Microsoft Access database that has been secured using user-level security. The application is being deployed using No-Touch deployment. The...

Visual Basic .NET

Embedded .net Windows Forms Control Security Issue

by: gxl034000 | last post by:

Hi, I have been trying to use a .net Forms control in my webpage to open up an application(notepad) on the client. The control works fine when embedded in a windows form, but I keep getting a...

ASP.NET

Forms

by: Bouzy | last post by:

Hello I am having a problem with forms. I know they are easy for some people, but I am new. I am trying to make a simple feedback form. Hear is what I have so far... <?php //process the email...

PHP

Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"

by: taylorcarr | last post by:

A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...

General

Basic Javascript concepts

by: aa123db | last post by:

Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...

Javascript

Merging data from multiple Excel files

by: ryjfgjl | last post by:

In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...

Data Management

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...

Windows Server

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

forms security problem

Similar topics