Re: Forms Authentication - Confused!

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Simon Harris (too-much-spam_at_makes-you-fat.com)
Date: 01/25/05 

Date: Tue, 25 Jan 2005 22:08:17 -0000

The cookie is:
simon@localhost/contenteditor/

My IIS logs say:
21:41:13 127.0.0.1 - GET /contenteditor/index.aspx 302
21:41:13 127.0.0.1 - GET /adocommon/authenticate.aspx 401
21:41:13 127.0.0.1 MACHINENAME\Simon GET /adocommon/authenticate.aspx 200
21:41:13 127.0.0.1 MACHINENAME\Simon GET /adocommon/assets/main.css 200
21:41:24 127.0.0.1 MACHINENAME\Simon POST /adocommon/authenticate.aspx 302
21:41:24 127.0.0.1 - GET /contenteditor/index.aspx 302
21:41:24 127.0.0.1 MACHINENAME\Simon GET /adocommon/authenticate.aspx 200

So, it looks like its reaching the page that requires authenitcation,
bouncing the user to authenticate.aspx, which later bounces the user back to
the page requiring authentication...which AGAIN sens us off to
authenticate...

Just a thought...My IIS is not configured for anonymous access, but from
what I read this shouldnt make a difference - The IIS level of authenication
is handled, then a token passed to the ASP.Net engine (Which should accept
any token from IIS)

I dont geddit....yet.

"William F. Robertson, Jr." <theman@nameht.org> wrote in message
news:uH8o68xAFHA.3504@TK2MSFTNGP12.phx.gbl...
>I am purely speculating here, but perhaps the redirect is working, but the
> path/cookie name isn't working properly. So when it tries to open the
> page
> again, it doesn't see the correct authentication cookie. Try going
> directly
> to your login page and login. It should redirect you to default.aspx
> since
> there is no ReturnUrl defined in the querystring.
>
> Are the text boxes clearing out after the RedirectFromReturnUrl? I mean
> is
> the page just sitting there, or does it re-request the page.
>
> bill
>
>
> "Simon Harris" <too-much-spam@makes-you-fat.com> wrote in message
> news:O6F4IewAFHA.4028@TK2MSFTNGP15.phx.gbl...
>> Hi William,
>>
>> Thanks for your reply - I am getting:
>> "Unrecognized configuration section 'location'"
>>
>> When I add this to my root web.config:
>>
>> <location path="/contenteditor">
>> <authentication mode="Forms">
>> <forms name="AdoContentEditor" path="/contenteditor"
>> loginUrl="/adocommon/authenticate.aspx" protection="All"
>>
>> timeout="30">
>> <credentials passwordFormat="Clear">
>> <user name="admin" password="password" />
>> </credentials>
>> </forms>
>> </authentication>
>> <authorization>
>> <deny users="?" />
>> </authorization>
>> </location>
>>
>> I have also tried putting the above into /web.config without the location
>> tag, and had a little more success...
>> FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text) now
> returns
>> true when expected (e.g. correct user/pass) however, the following line
> does
>> not seem to do anything:
>>
>> FormsAuthentication.RedirectFromLoginPage(txtUser.Text,
>> chkPersistLogin.Checked)
>>
>> Not that I know I am reaching this part of the code, as I set a labels
> value
>> within the same if statement - The redirect simply doesnt occur for some
>> reason!
>>
>> Cheers again,
>>
>> Simon.
>>
>>
>> "William F. Robertson, Jr." <theman@nameht.org> wrote in message
>> news:OuSdxRvAFHA.2156@TK2MSFTNGP10.phx.gbl...
>> >I will try to help you with this one.
>> >
>> > \ (root directory)
>> > \Admin
>> > \Common
>> >
>> > You try to access \admin which has forms authentication defined in
> there.
>> > You are redirected to \Common\Login. When you call the Authenticate
>> > method,
>> > it is looking in the \Common\web.config for the user/pass. It can't
> find
>> > it, so it goes to the \(root) to look for user/pass. And can't find
>> > anything there so it returns false.
>> >
>> > You should place the forms authentication stuff in the root directory.
>> > Then
>> > use the location web.config attribute to control access to certain
> folders
>> > and such.
>> >
>> > This is the \(root)web.config
>> > <system.web>
>> > <!-- all your authentication/credentials are in here. -->
>> > <authorization>
>> > <allow users="*" /> <!-- Allows all unauthenticated users -->
>> > </authorization>
>> > </system.web>
>> >
>> > <location path="Admin/">
>> > <system.web>
>> > <authorization>
>> > <deny users="?" /> <!-- Denies unauthenticated users -->
>> > <allow users="*" /> <!-- Allows all users -->
>> > </authorization>
>> > </system.web>
>> > </location>
>> >
>> > You probably will have to tweak my syntax (went by memory), but I
> believe
>> > this should work, or atleast this is the directory I believe you should
>> > head
>> > in.
>> >
>> > HTH,
>> >
>> > bill
>> >
>> >
>> > "Simon Harris" <too-much-spam@makes-you-fat.com> wrote in message
>> > news:egvXa4sAFHA.1396@tk2msftngp13.phx.gbl...
>> >> Sorry - Slight mistake, my web.config file with the auth
>> > mode/authroization
>> >> sections actually resides in /admin
>> >>
>> >> With it in here, I am correctly redirected to my login page, but as
>> >> mentioned, the user is not authenticated.
>> >>
>> >> Cheers,
>> >> Simon.
>> >>
>> >> "Simon Harris" <too-much-spam@makes-you-fat.com> wrote in message
>> >> news:...
>> >> > Hi All,
>> >> >
>> >> > I'm trying to setup forms based authentication, so that the user
>> >> > gets
>> >> > prompted for a password when they try to access /admin (I wont
> actually
>> >> > call it that in production of course!)
>> >> >
>> >> > I want the user/pass to be stored in web.config.
>> >> >
>> >> > This will be for a website that is otherwise open to anonymous
> access.
>> >> >
>> >> > At the moment, I have:
>> >> >
>> >> > /common/authenticate.aspx - My login page, with the following
> code,
>> >> > onclick of the login button:
>> >> > If FormsAuthentication.Authenticate(txtUser.Text,
>> > txtPassword.Text)
>> >> > Then
>> >> >
> FormsAuthentication.RedirectFromLoginPage(txtUser.Text,
>> >> > chkPersistLogin.Checked)
>> >> > Else
>> >> > Me.lblErrorMsg.Text = "Result of authentication
> attempt:
>> > "
>> >> > & FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text)
>> >> > End If
>> >> >
>> >> > /admin/web.config, which contains:
>> >> > <authentication mode="Forms">
>> >> > <forms name="AdoContentEditor" path="/contenteditor"
>> >> > loginUrl="/common/authenticate.aspx" protection="All" timeout="30">
>> >> > <credentials passwordFormat="Clear">
>> >> > <user name="admin" password="password" />
>> >> > </credentials>
>> >> > </forms>
>> >> > </authentication>
>> >> > <authorization>
>> >> > <deny users="?" />
>> >> > </authorization>
>> >> >
>> >> > When I try to access an aspx page in /admin, as expected I am
>> >> > redirected
>> >> > to /common/authenticate.aspx, how ever,
>> >> > FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text)
> always
>> >> > returns 'false'.
>> >> >
>> >> > I suspect I have got my web.config locations wrong, but have tried a
>> >> > few
>> >> > combinations...any help/advice will be much appreciated!
>> >> >
>> >> > Thanks,
>> >> > Simon.
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>

Quantcast