FormsAuthentication Cookie
- From: rn5a@xxxxxxxxxxxxxx
- Date: 26 Sep 2006 21:05:07 -0700
A web.config file has the following code:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="NETConnectCookie" loginUrl="Login.aspx">
<credentials passwordFormat="SHA1"/>
</forms>
</authentication>
</system.web>
<location path=".">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Assuming that the local m/c does not have the cookie named
NETConnectCookie, the above code ensures that if a user tries to
navigate to any ASPX files in the directory that the above web.config
file exists in, then the user will be first redirected to Login.aspx.
Assume that the directory in which the above web.config file exists has
a ASPX file named Products.aspx.
When a user tries to navigate to Products.aspx without logging in,
web.config directs him to Login.aspx. Assume that a user with the
username bobby is a valid user (which I am validating against a SQL
Server 2005 DB table). This is how I tried it (this is the code in
Login.aspx which communicates with web.config when the user directly
tries to navigate to Products.aspx without logging in):
<script runat="server">
Sub LoginUser(ByVal obj As Object, ByVal ea As EventArgs)
..........
..........
'user has been validated; so take him to Products.aspx
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text,
True)
Response.Cookies("NETConnectCookie")("UserName") =
txtUserName.Text
End Sub
</script>
This does create the persistent cookie named NETConnectCookie which
when opened, also shows the text 'UserName=bobby' but the user doesn't
get redirected to Products.aspx though he has been logged in
successfully. In fact, the user remains at Login.aspx with the URL
getting appended by the querystring 'ReturnUrl=Products.aspx'. Why
isn't the user getting redirected to Products.aspx after successfully
logging in? Note that if I remove the Response.Cookies line in
Login.aspx, then the user gets redirected to Products.aspx after
logging in.
There's another problem. Next suppose the user closes the browser
window which he had used to log in. He opens a new browser window &
navigates to Products.aspx. Under such circumstances, I want to show
him a welcome message with his username in Products.aspx without taking
him to Login.aspx since the cookie NETConnectCookie is a persistent
cookie but the user still gets redirected to Login.aspx. Why? This is
the code in Products.aspx:
<script runat="server">
Sub Page_Load(ByVal obj As Object, ByVal ea As EventArgs)
Response.Write("Welcome " &
Request.Cookies("NETConnectCookie")("UserName"))
End Sub
</script>
If I change the name of the cookie to, say, 'Details', in Login.aspx
i.e.
Response.Cookies("Details")("UserName") = txtUserName.Text
& make the corresponding change in Products.aspx, then after
successfully logging in Login.aspx, the user is taken to Products.aspx
which shows the message
Welcome bobby
But when the user closes this window, opens a new browser window &
navigates to Products.aspx, then, as expected, the user is not taken to
Login.aspx but Products.aspx generates this error:
Object reference not set to an instance of an object.
pointing to the Response.Write line in Products.aspx! When I open the
cookie from the Temporary Internet Files folder, this time the cookie
doesn't show the text 'UserName=bobby'! Why?
What's the difference between a normal cookie & a cookie created by the
FormsAuthentication object?
.
- Follow-Ups:
- RE: FormsAuthentication Cookie
- From: Y2KPRABU
- RE: FormsAuthentication Cookie
- Prev by Date: Re: CSS not working
- Next by Date: Display username from AD in ASP/.NET page
- Previous by thread: CSS not working
- Next by thread: RE: FormsAuthentication Cookie
- Index(es):
Relevant Pages
|
