Re: Login security for a form

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: David W. Simmonds (david_at_simmonds.ca)
Date: 02/19/04 

Date: Thu, 19 Feb 2004 20:00:28 GMT

Even more info:

It seems that the Redirect is working fine, but it is redirecting back to
the login page even though the url does not contain LoginPage.aspx. It
contains the url to the aspx page that is in the protected folder. Now I
really don't know what is happening now. It's as if the authentication
succeeds, but it redirects me back to the same login page anyway.

"David W. Simmonds" <david@simmonds.ca> wrote in message
news:lo8Zb.564544$X%5.156411@pd7tw2no...
> More info:
>
> It appears the the url obtained from FormsAuthentication.GetRedirectUrl is
> not a fully qualified url. It is a relative url. Is there a way for fully
> qualify it? If I put http://www.microsoft.com in the Response.Redirect
> method, the redirect occurs.
>
> "David W. Simmonds" <david@simmonds.ca> wrote in message
> news:v38Zb.564404$X%5.377677@pd7tw2no...
> > I have a form that will prompt for a user name/password. In VS.NET, I
have
> > the protected form in a folder named Admin. I have a Web.config file in
> that
> > folder as well. It contains the following section:
> >
> > <authorization>
> > <deny users="?" />
> > <allow users="*" />
> > </authorization>
> >
> > In the root folder where the other forms are located I have a Web.config
> > file with the following section:
> >
> > <authentication mode="Forms">
> > <forms loginUrl="LoginPage.aspx?DB=Photos" timeout="10080" />
> > </authentication>
> >
> > In LoginPage.aspx, I have a user name and password edit box and a Login
> > button. When clicked it executes the following code:
> >
> > private void Login_Click(object sender, System.EventArgs e)
> > {
> > if (Authenticated (UserName.Text, Password.Text))
> > {
> > string userData = "";
> > FormsAuthenticationTicket ticket = new
FormsAuthenticationTicket(
> > 1,
> > UserName.Text,
> > System.DateTime.Now,
> > System.DateTime.Now.AddMinutes(30),
> > Persistent.Checked,
> > userData,
> > FormsAuthentication.FormsCookiePath);
> >
> > // Encrypt the ticket.
> > string encTicket = FormsAuthentication.Encrypt(ticket);
> >
> > // Create the cookie.
> > Response.Cookies.Add(new
> > HttpCookie(FormsAuthentication.FormsCookieName, encTicket));
> > Response.Redirect
> (FormsAuthentication.GetRedirectUrl(UserName.Text,
> > Persistent.Checked));
> > }
> > else
> > Message("Invalid login");
> > }
> >
> > If I specify an invalid login combination, the Message statement
executes.
> > This is good. If I specify a good combination, the form never moves from
> the
> > login page. The forms are running in a frame on the page that presents
> them.
> > Why would the page not be redirected when authentication is valid?
> >
> >
>
>

Quantcast