I have a simple web application with a login page. I am now adding authentication to code that already checks username and password in a database; I use Forms Authentication to write a cookie with an authentication ticket (if that's the right term) to enable a user to access pages other than Login.
It's almost working.
I've added this configuration info to web config
<authentication mode="Forms"> <forms name=".ASPXFORMSAUTH" loginUrl="/Login.aspx" protection="All" path="/" timeout="30" slidingExpiration="true"/> </authentication> <authorization> <deny users="?"/> <allow users="*"/> </authorization>
And I put the following into the button click event for the login page:
' generate authentication ticket, create cookie, store it Dim tkt As FormsAuthenticationTicket Dim ckestr As String Dim htpcke As HttpCookie tkt = New FormsAuthenticationTicket(1, officerNumber, DateTime.Now, _ DateTime.Now.AddMinutes(30), True, "") ckestr = FormsAuthentication.Encrypt(tkt) htpcke = New HttpCookie(FormsAuthentication.FormsCookieName, ckestr) htpcke.Expires = tkt.Expiration htpcke.Path = FormsAuthentication.FormsCookiePath Response.Cookies.Add(htpcke)
After I did this, a user could no longer access the 2nd page (/localhost:4199/bb.aspx) just by typing it into the browser without going through login. Doing so would redirect to login.aspx. So far, so good.
But Login.aspx has a couple of small images at the top. When authentication is being done, those images disappear. It looks, in fact, like first a page shows up WITH the images (or at least spaces for the images), and then the page on my browser appears to be redirected to the same login page without the images.
I don't think this page is automatically generated; it includes a drop-down list and a background color that are part of my code. Before I put the above info into web.config, this did not happen, and the images always appeared. I tried using "/Login.aspx" and "Login.aspx" in the web.config as the login URL, but got the same results.
I do have the login.aspx page as the default page for the application; is that still right, if I'm using forms authentication?
Also, after login, I make no attempt to redirect to the page the user might have typed in; I use his login information to determine what parameters to add to the URL for the next page in the app and send him there regardless. I don't know if that interacts with this behavior somehow.
Has anyone got any ideas why my images are disappearing, and/or why my login page seems to appear twice?