Form-based Authentication

[Guest]

I am trying to use Forms-based authentication. I followed MS Support Q301240
article. I want to control access to a folder (swhouse) and its contents.
Below is the sample of actual web.config.

<configuration>
<location path="swhouse" >
<system.web>
<authentication mode="Forms">
<forms name=".partnerslogin"
loginUrl="/CompanyWebsite/partnerlogin.aspx" protection="All"
timeout="30" path="\"></forms>
</authentication>
<authorization>
<allow users = "asim" />
<deny users="?"/>
</authorization>
</system.web>
</location>
<location>
<system.web>
<compilation defaultLanguage="c#" debug="false" />
<authentication mode="None"/>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</location>
</configuration>

Next I created a webform and named it partnerlogin.aspx. This page contains
2 textboxes, for user name and password, and a submit button, when the user
clicks the submit button the following code is executed (at this time it does
not include any kind of user name validation as I wanted to get this working
first)

private void btnLogin_Click(object sender, System.EventArgs e)
{
try
{
// authenticate user...


// after authentication send to appropriate page or presentation
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
"asim",
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
true,
"",
FormsAuthentication.FormsCookiePath);

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));

// Redirect back to original URL.
string strRedirect =Request["ReturnUrl"];
if (strRedirect==null)
strRedirect = "partnerlogin.aspx";
Response.Redirect(strRedirect, true);
Response.Redirect(FormsAuthentication.GetRedirectUrl("asim", false));
}
catch (SystemException SysExp)
{
lblErrorMessage.Visible = true;
lblErrorMessage.Text = SysExp.Message;
}

}


Now the problem I am seeing is that the page I am trying to access never
gets rendered. But if I remove <deny users="?"/> from web.config the page
gets rendered. So it seems that I am doing something wrong but I can't
figure what. Any help will be greatly appreciated.


Thanks

Asim

 

[Guest]

Asim what do u really want to do?
Do u want to allow only "ASIM" as a user or allow authnticated Users?

I am trying to use Forms-based authentication. I followed MS Support Q301240
article. I want to control access to a folder (swhouse) and its contents.
Below is the sample of actual web.config.

<configuration>
<location path="swhouse" >
<system.web>
<authentication mode="Forms">
<forms name=".partnerslogin"
loginUrl="/CompanyWebsite/partnerlogin.aspx" protection="All"
timeout="30" path="\"></forms>
</authentication>
<authorization>
<allow users = "asim" />
<deny users="?"/>
</authorization>
</system.web>
</location>
<location>
<system.web>
<compilation defaultLanguage="c#" debug="false" />
<authentication mode="None"/>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</location>
</configuration>

Next I created a webform and named it partnerlogin.aspx. This page contains
2 textboxes, for user name and password, and a submit button, when the user
clicks the submit button the following code is executed (at this time it does
not include any kind of user name validation as I wanted to get this working
first)

private void btnLogin_Click(object sender, System.EventArgs e)
{
try
{
// authenticate user...


// after authentication send to appropriate page or presentation
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
"asim",
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
true,
"",
FormsAuthentication.FormsCookiePath);

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));

// Redirect back to original URL.
string strRedirect =Request["ReturnUrl"];
if (strRedirect==null)
strRedirect = "partnerlogin.aspx";
Response.Redirect(strRedirect, true);
Response.Redirect(FormsAuthentication.GetRedirectUrl("asim", false));
}
catch (SystemException SysExp)
{
lblErrorMessage.Visible = true;
lblErrorMessage.Text = SysExp.Message;
}

}


Now the problem I am seeing is that the page I am trying to access never
gets rendered. But if I remove <deny users="?"/> from web.config the page
gets rendered. So it seems that I am doing something wrong but I can't
figure what. Any help will be greatly appreciated.


Thanks

Asim

 

[Guest]

Patrick

We have some presentations which we want to put on the webserver, but not
all the authenticated users should have access to it. So what I am trying to
do is create separate directories and then give certain users access to those
directories and their contents. Basically user 'A' should have access to
presentation 'A' in directory 'A' but he should not have access to
presentation 'B' in directory 'B'. I want to put the users in the database
and authenticate them once they enter their user name and password. That's
the easy part.

So in the sample code which I added to my post, I want only user "asim" to
have access to the directory "swhouse" and it's contents. But so far what
code is doing is bringing me back to the login page.

Thanks

Asim