0

I have a simple web application with a login page. I am now adding authentication to code that already checks username and password in a database; I use Forms Authentication to write a cookie with an authentication ticket (if that's the right term) to enable a user to access pages other than Login.

It's almost working.

I've added this configuration info to web config

<authentication mode="Forms">
      <forms name=".ASPXFORMSAUTH" loginUrl="/Login.aspx"
             protection="All" path="/" timeout="30" slidingExpiration="true"/>
    </authentication>
    <authorization>
      <deny users="?"/>
      <allow users="*"/>
    </authorization>

And I put the following into the button click event for the login page:

' generate authentication ticket, create cookie, store it
            Dim tkt As FormsAuthenticationTicket
            Dim ckestr As String
            Dim htpcke As HttpCookie
            tkt = New FormsAuthenticationTicket(1, officerNumber, DateTime.Now, _
                                                DateTime.Now.AddMinutes(30), True, "")
            ckestr = FormsAuthentication.Encrypt(tkt)
            htpcke = New HttpCookie(FormsAuthentication.FormsCookieName, ckestr)
            htpcke.Expires = tkt.Expiration
            htpcke.Path = FormsAuthentication.FormsCookiePath
            Response.Cookies.Add(htpcke)

After I did this, a user could no longer access the 2nd page (/localhost:4199/bb.aspx) just by typing it into the browser without going through login. Doing so would redirect to login.aspx. So far, so good.

But Login.aspx has a couple of small images at the top. When authentication is being done, those images disappear. It looks, in fact, like first a page shows up WITH the images (or at least spaces for the images), and then the page on my browser appears to be redirected to the same login page without the images.

I don't think this page is automatically generated; it includes a drop-down list and a background color that are part of my code. Before I put the above info into web.config, this did not happen, and the images always appeared. I tried using "/Login.aspx" and "Login.aspx" in the web.config as the login URL, but got the same results.

I do have the login.aspx page as the default page for the application; is that still right, if I'm using forms authentication?

Also, after login, I make no attempt to redirect to the page the user might have typed in; I use his login information to determine what parameters to add to the URL for the next page in the app and send him there regardless. I don't know if that interacts with this behavior somehow.

Has anyone got any ideas why my images are disappearing, and/or why my login page seems to appear twice?

2
Contributors
4
Replies
7
Views
7 Years
Discussion Span
Last Post by rcook
0

Ok, new information. I finally tried using View Source on the login page (duh) and discovered that it is not redirecting that page, it is removing the rectangular placeholders where the images would go. I think now it cannot find the images, rather than that it is somehow redirecting (which wasn't a very good guess in the first place.

So the question has changed -- I've tried "login.aspx" and "/login.aspx" as the "loginUrl" setting in web.config. Should I be trying something else? Does anyone know why my images might be disappearing?

0

>Does anyone know why my images might be disappearing?

Due to authorization. You have turn off resource access for anonymous user.

see,

<authorization>
      <deny users="?"/>
      <allow users="*"/>
    </authorization>

Use location markup to set access for image and other resources.

Read more about Location tag.

0

Many, many thanks! I now wish I had a better explanation of how the authentication and location tags worked, instead of only Microsoft's typical "here's an example", but you gave me what I needed for this page and application, it is working now, and I thank you.

1

for the curious, or those looking for an answer that find themselves here:

<configuration>
	<system.web>
               <!-- lots of other stuff here -->
		<authentication mode="Forms" >
			<forms loginUrl="login.aspx" name=".ASPNETAUTH" 
                               protection="None" path="/" timeout="20" >
			</forms>
		</authentication>
<!-- This section denies access to all files in this application except 
        for those that you have not explicitly specified by using 
        another setting. -->
		<authorization>
			<deny users="?" /> 
		</authorization>

                <!-- probably lots of other stuff here -->

	</system.web>

<!-- note: system.web gets closed on the previous line; tags
      below are outside it -->

<!-- This section gives the unauthenticated user access to the 
       Default1.aspx page only. It is located in the same folder 
       as this configuration file. -->
		<location path="default1.aspx">
		<system.web>
		<authorization>
			<allow users ="*" />
		</authorization>
		</system.web>
		</location>
<!-- This section gives the unauthenticated user access to all 
       of the files that are stored in the Subdir1 folder.  -->
		<location path="subdir1">
		<system.web>
		<authorization>
			<allow users ="*" />
		</authorization>
		</system.web>
		</location>
</configuration>
Votes + Comments
Thanks!
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.