Re: Forms Authentication - Confused!

From: William F. Robertson, Jr. (theman_at_nameht.org)
Date: 01/25/05 

Date: Tue, 25 Jan 2005 14:48:27 -0600

I am purely speculating here, but perhaps the redirect is working, but the
path/cookie name isn't working properly. So when it tries to open the page
again, it doesn't see the correct authentication cookie. Try going directly
to your login page and login. It should redirect you to default.aspx since
there is no ReturnUrl defined in the querystring.

Are the text boxes clearing out after the RedirectFromReturnUrl? I mean is
the page just sitting there, or does it re-request the page.

bill

"Simon Harris" <too-much-spam@makes-you-fat.com> wrote in message
news:O6F4IewAFHA.4028@TK2MSFTNGP15.phx.gbl...
> Hi William,
>
> Thanks for your reply - I am getting:
> "Unrecognized configuration section 'location'"
>
> When I add this to my root web.config:
>
> <location path="/contenteditor">
> <authentication mode="Forms">
> <forms name="AdoContentEditor" path="/contenteditor"
> loginUrl="/adocommon/authenticate.aspx" protection="All"
>
> timeout="30">
> <credentials passwordFormat="Clear">
> <user name="admin" password="password" />
> </credentials>
> </forms>
> </authentication>
> <authorization>
> <deny users="?" />
> </authorization>
> </location>
>
> I have also tried putting the above into /web.config without the location
> tag, and had a little more success...
> FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text) now
returns
> true when expected (e.g. correct user/pass) however, the following line
does
> not seem to do anything:
>
> FormsAuthentication.RedirectFromLoginPage(txtUser.Text,
> chkPersistLogin.Checked)
>
> Not that I know I am reaching this part of the code, as I set a labels
value
> within the same if statement - The redirect simply doesnt occur for some
> reason!
>
> Cheers again,
>
> Simon.
>
>
> "William F. Robertson, Jr." <theman@nameht.org> wrote in message
> news:OuSdxRvAFHA.2156@TK2MSFTNGP10.phx.gbl...
> >I will try to help you with this one.
> >
> > \ (root directory)
> > \Admin
> > \Common
> >
> > You try to access \admin which has forms authentication defined in
there.
> > You are redirected to \Common\Login. When you call the Authenticate
> > method,
> > it is looking in the \Common\web.config for the user/pass. It can't
find
> > it, so it goes to the \(root) to look for user/pass. And can't find
> > anything there so it returns false.
> >
> > You should place the forms authentication stuff in the root directory.
> > Then
> > use the location web.config attribute to control access to certain
folders
> > and such.
> >
> > This is the \(root)web.config
> > <system.web>
> > <!-- all your authentication/credentials are in here. -->
> > <authorization>
> > <allow users="*" /> <!-- Allows all unauthenticated users -->
> > </authorization>
> > </system.web>
> >
> > <location path="Admin/">
> > <system.web>
> > <authorization>
> > <deny users="?" /> <!-- Denies unauthenticated users -->
> > <allow users="*" /> <!-- Allows all users -->
> > </authorization>
> > </system.web>
> > </location>
> >
> > You probably will have to tweak my syntax (went by memory), but I
believe
> > this should work, or atleast this is the directory I believe you should
> > head
> > in.
> >
> > HTH,
> >
> > bill
> >
> >
> > "Simon Harris" <too-much-spam@makes-you-fat.com> wrote in message
> > news:egvXa4sAFHA.1396@tk2msftngp13.phx.gbl...
> >> Sorry - Slight mistake, my web.config file with the auth
> > mode/authroization
> >> sections actually resides in /admin
> >>
> >> With it in here, I am correctly redirected to my login page, but as
> >> mentioned, the user is not authenticated.
> >>
> >> Cheers,
> >> Simon.
> >>
> >> "Simon Harris" <too-much-spam@makes-you-fat.com> wrote in message
> >> news:...
> >> > Hi All,
> >> >
> >> > I'm trying to setup forms based authentication, so that the user gets
> >> > prompted for a password when they try to access /admin (I wont
actually
> >> > call it that in production of course!)
> >> >
> >> > I want the user/pass to be stored in web.config.
> >> >
> >> > This will be for a website that is otherwise open to anonymous
access.
> >> >
> >> > At the moment, I have:
> >> >
> >> > /common/authenticate.aspx - My login page, with the following
code,
> >> > onclick of the login button:
> >> > If FormsAuthentication.Authenticate(txtUser.Text,
> > txtPassword.Text)
> >> > Then
> >> >
FormsAuthentication.RedirectFromLoginPage(txtUser.Text,
> >> > chkPersistLogin.Checked)
> >> > Else
> >> > Me.lblErrorMsg.Text = "Result of authentication
attempt:
> > "
> >> > & FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text)
> >> > End If
> >> >
> >> > /admin/web.config, which contains:
> >> > <authentication mode="Forms">
> >> > <forms name="AdoContentEditor" path="/contenteditor"
> >> > loginUrl="/common/authenticate.aspx" protection="All" timeout="30">
> >> > <credentials passwordFormat="Clear">
> >> > <user name="admin" password="password" />
> >> > </credentials>
> >> > </forms>
> >> > </authentication>
> >> > <authorization>
> >> > <deny users="?" />
> >> > </authorization>
> >> >
> >> > When I try to access an aspx page in /admin, as expected I am
> >> > redirected
> >> > to /common/authenticate.aspx, how ever,
> >> > FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text)
always
> >> > returns 'false'.
> >> >
> >> > I suspect I have got my web.config locations wrong, but have tried a
> >> > few
> >> > combinations...any help/advice will be much appreciated!
> >> >
> >> > Thanks,
> >> > Simon.
> >> >
> >> >
> >> >
> >>
> >>
> >
> >
>
>

Quantcast