Re: Login security for a form

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: David W. Simmonds (david_at_simmonds.ca)
Date: 02/19/04

• Next message: Barry Forrest: "RE: neaten-ing Combo boxes question"
• Previous message: Kevin Spencer: "Re: How to use ODBC with a DB connection in ASP.NET"
• In reply to: David W. Simmonds: "Login security for a form"
• Next in thread: David W. Simmonds: "Re: Login security for a form"
• Reply: David W. Simmonds: "Re: Login security for a form"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 19 Feb 2004 19:46:25 GMT

More info:

It appears the the url obtained from FormsAuthentication.GetRedirectUrl is
not a fully qualified url. It is a relative url. Is there a way for fully
qualify it? If I put http://www.microsoft.com in the Response.Redirect
method, the redirect occurs.

"David W. Simmonds" <david@simmonds.ca> wrote in message
news:v38Zb.564404$X%5.377677@pd7tw2no...
> I have a form that will prompt for a user name/password. In VS.NET, I have
> the protected form in a folder named Admin. I have a Web.config file in
that
> folder as well. It contains the following section:
>
> <authorization>
> <deny users="?" />
> <allow users="*" />
> </authorization>
>
> In the root folder where the other forms are located I have a Web.config
> file with the following section:
>
> <authentication mode="Forms">
> <forms loginUrl="LoginPage.aspx?DB=Photos" timeout="10080" />
> </authentication>
>
> In LoginPage.aspx, I have a user name and password edit box and a Login
> button. When clicked it executes the following code:
>
> private void Login_Click(object sender, System.EventArgs e)
> {
> if (Authenticated (UserName.Text, Password.Text))
> {
> string userData = "";
> FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
> 1,
> UserName.Text,
> System.DateTime.Now,
> System.DateTime.Now.AddMinutes(30),
> Persistent.Checked,
> userData,
> FormsAuthentication.FormsCookiePath);
>
> // Encrypt the ticket.
> string encTicket = FormsAuthentication.Encrypt(ticket);
>
> // Create the cookie.
> Response.Cookies.Add(new
> HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
> Response.Redirect
(FormsAuthentication.GetRedirectUrl(UserName.Text,
> Persistent.Checked));
> }
> else
> Message("Invalid login");
> }
>
> If I specify an invalid login combination, the Message statement executes.
> This is good. If I specify a good combination, the form never moves from
the
> login page. The forms are running in a frame on the page that presents
them.
> Why would the page not be redirected when authentication is valid?
>
>

---

• Next message: Barry Forrest: "RE: neaten-ing Combo boxes question"
• Previous message: Kevin Spencer: "Re: How to use ODBC with a DB connection in ASP.NET"
• In reply to: David W. Simmonds: "Login security for a form"
• Next in thread: David W. Simmonds: "Re: Login security for a form"
• Reply: David W. Simmonds: "Re: Login security for a form"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.aspnet  > 2004-02