0

Hi,
I am using Forms Authentication in my VS-2005 website.

In case of wrong credentials or while explicitly requesting protected pages the website is able to redirect user to login page. However, when correct login credentials are provided the application is not able to redirect the user to the desired page.

While debugging I found that 'Request.IsAuthenticated=False' just before I redirect the user to the desired page. While coding I thought that this property will be set to true automatically after I generate the Authentication ticket. So do I need to set it explicitly inside the submit button click on Login page after validation?

BTW I have not used the 'GetAuthcookie', 'SetAuthCookie' or 'RedirectFromLoginPage' methods.
I am posting the code inside the submit button click on the Login page as well as the Authentication and Authorization tags in web.config.

<authentication mode="Forms">
      <forms name=".ASPXFORMSDEMO" loginUrl="~/Login.aspx" cookieless="UseCookies" path="~/"/>
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
Protected Sub btnsubmit_click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnsubmit.Click
        'here first validate if the user is valid user
        ad = New Aranya_Data
        Dim code As Integer = ad.validateuser(txtuserid.Text, txtpwd.Text)

        'need to implement forms authentication here
        If code = 0 Then
            'creating the authentication ticket

            Dim tkt As FormsAuthenticationTicket
            Dim cookiestr As String = ""
            Dim ck As HttpCookie
            tkt = New FormsAuthenticationTicket(1, txtuserid.Text, DateTime.Now, DateTime.Now.AddMinutes(30), chkRemember.Checked, "14062010")
            cookiestr = FormsAuthentication.Encrypt(tkt)
            ck = New HttpCookie(FormsAuthentication.FormsCookieName, cookiestr)
            If chkRemember.Checked Then
                ck.Expires = tkt.Expiration
            End If
            ck.Path = FormsAuthentication.FormsCookiePath
            Response.Cookies.Add(ck)
            Dim strRedirect As String = ""
            strRedirect = Request("ReturnUrl")
            If strRedirect Is Nothing Then
                strRedirect = "~/Second.aspx"
            End If
            Response.Redirect(strRedirect & "?usr=" & tkt.Name, True)
        Else
            MsgBox("Invalid Login credentials! Please try again.", MsgBoxStyle.OkOnly, "Please Note")
        End If

    End Sub

Please let me know if you want me to post more code or information.

2
Contributors
3
Replies
5
Views
7 Years
Discussion Span
Last Post by dnanetwork
0

http://www.asp.net/security/tutorials/user-based-authorization-cs

http://www.asp.net/security/tutorials/validating-user-credentials-against-the-membership-user-store-cs

try these two links and let me know the output.

and please use GETAUTHCOOKIE, SETAUTHCOOKIE, FormsAuthenticationRedirectFromLogin Page, they are very powerful feature of FormsAuthentication..

very easy and handy..

Hi Ashish,
Thanks for sharing these useful links.
I have bookmarked it as well as saved the html pages and will look into it for sure.

For the time being I was able to resolve the issue.
Inside the <authentication></authentication> tags removed the path attribute for the <forms> tag in web.config this fixed the issue. Now my authentication tag looks as follows :-

<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="~/Login.aspx" cookieless="UseCookies" />
</authentication>
bye

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.