Hi Guys,

I am trying to implement FormsAuthentication in my asp.net website.
I am using VS-2005. The login page in my application is "Default.aspx" from this page I want to redirect the user to "FirstForm.aspx". However, if I type the address of the target page when in login page I am able to request this page without logging in.

I have added the following lines to my web.config

<authentication mode="Forms">
      <forms name=".ASPXFORMSDEMO" loginUrl="Default.aspx" 
      protection="All" path="~/" timeout="30" />
 </authentication>

<authorization>
        <deny users="?"/>
	<!--<allow users="*" />-->
</authorization>

The code inside the login button eventhandler is as follows:-

ad = New Aranya_Data
        Dim code As Integer = ad.validateuser(txtuserid.Text, txtpwd.Text)

        'need to implement forms authentication here
        If code = 0 Then
            FormsAuthentication.RedirectFromLoginPage(txtuserid.Text, False)
        Else
            Response.Redirect("~/Default.aspx")
        End If

Here the validateuser method is declared in class module Aranya_Data which is used to lookup the database and validate the userid and password and return 0 on successful validation.

When I request a page without logging the browser displays the pg and at the bottom it displays script error. On checking details says "Sys not defined at few places and syntax error at one place"

I have used an access database and put it inside 'App_Data' folder and the connection string is declared in web.config. Will using an access db make a diff?

Please let me know your valuable suggestion to resolve this issue as soon as possible

Thanks in adv,
Sujit

Hi,
I forgot to mention. Our requirement is use an access db as this is a simple project and we want to avoid the cost of hosting an SQL Server database so kindly suggest what kind of authentication and authorization can be used here.

Hi,

I was able to fix this issue after generating an authentication ticket.

Inside the login button click eventhandler I have added the code to create 'Authentication Ticket'. After that on the target page I am checking the value of the Cookie Request.Cookies(FormsAuthentication.FormsCookieName).Value. For invalid username & password combination and also when the user simply request any page without logging in the expression 'Request.Cookies(FormsAuthentication.FormsCookieName).Value' throws an object reference exception and hence in the Catch part of Try block I am redirecting such users to login page. In addition to all these inside the 'Page_Load' event of the target page I have added the following line to prevent users from using back button after logging out:-

Page.Response.AppendHeader("Cache-Control", "no-store, no-cache, must-revalidate, post-check=0, pre-check=0");

I have referred the article at http://support.microsoft.com/kb/301240 for code to generate authentication ticket

Protected Sub btnsubmit_click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnsubmit.Click
        'here first validate if the user is valid user
        ad = New Aranya_Data
        Dim code As Integer = ad.validateuser(txtuserid.Text, txtpwd.Text)

        'need to implement forms authentication here
        If code = 0 Then
            'creating the authentication ticket

            Dim tkt As FormsAuthenticationTicket
            Dim cookiestr As String = ""
            Dim ck As HttpCookie
            tkt = New FormsAuthenticationTicket(1, txtuserid.Text, DateTime.Now, DateTime.Now.AddMinutes(30), chkRemember.Checked, "14062010")
            cookiestr = FormsAuthentication.Encrypt(tkt)
            ck = New HttpCookie(FormsAuthentication.FormsCookieName, cookiestr)
            If chkRemember.Checked Then
                ck.Expires = tkt.Expiration
            End If
            ck.Path = FormsAuthentication.FormsCookiePath
            Response.Cookies.Add(ck)
            Dim strRedirect As String = ""
            strRedirect = Request("ReturnUrl")
            If strRedirect Is Nothing Then
                strRedirect = "~/FirstForm.aspx"
            End If
            Response.Redirect(strRedirect)
        Else
            MsgBox("Invalid Login credentials! Please try again.")
            Response.Redirect("~/Default.aspx")
        End If

    End Sub

 Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Page.Response.AppendHeader("Cache-Control", "no-store, no-cache, must-revalidate, post-check=0, pre-check=0")
        Dim str As String = ""
        Try
            str = Request.Cookies(FormsAuthentication.FormsCookieName).Value
        Catch ex As Exception
            Response.Redirect("~/Default.aspx")
        End Try
    End Sub

    Protected Sub lnklogout_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles lnklogout.Click
        FormsAuthentication.SignOut()
        Response.Redirect(FormsAuthentication.DefaultUrl)
    End Sub
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.