Form-based Authentication

Discussion in 'ASP .Net' started by =?Utf-8?B?QXNpbQ==?=, Dec 16, 2004.

  1. I am trying to use Forms-based authentication. I followed MS Support Q301240
    article. I want to control access to a folder (swhouse) and its contents.
    Below is the sample of actual web.config.

    <configuration>
    <location path="swhouse" >
    <system.web>
    <authentication mode="Forms">
    <forms name=".partnerslogin"
    loginUrl="/CompanyWebsite/partnerlogin.aspx" protection="All"
    timeout="30" path="\"></forms>
    </authentication>
    <authorization>
    <allow users = "asim" />
    <deny users="?"/>
    </authorization>
    </system.web>
    </location>
    <location>
    <system.web>
    <compilation defaultLanguage="c#" debug="false" />
    <authentication mode="None"/>
    <trace enabled="false" requestLimit="10" pageOutput="false"
    traceMode="SortByTime" localOnly="true" />
    <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
    sqlConnectionString="data source=127.0.0.1;user id=sa;password="
    cookieless="false" timeout="20" />
    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
    </system.web>
    </location>
    </configuration>

    Next I created a webform and named it partnerlogin.aspx. This page contains
    2 textboxes, for user name and password, and a submit button, when the user
    clicks the submit button the following code is executed (at this time it does
    not include any kind of user name validation as I wanted to get this working
    first)

    private void btnLogin_Click(object sender, System.EventArgs e)
    {
    try
    {
    // authenticate user...


    // after authentication send to appropriate page or presentation
    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
    1,
    "asim",
    System.DateTime.Now,
    System.DateTime.Now.AddMinutes(30),
    true,
    "",
    FormsAuthentication.FormsCookiePath);

    // Encrypt the ticket.
    string encTicket = FormsAuthentication.Encrypt(ticket);

    // Create the cookie.
    Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
    encTicket));

    // Redirect back to original URL.
    string strRedirect =Request["ReturnUrl"];
    if (strRedirect==null)
    strRedirect = "partnerlogin.aspx";
    Response.Redirect(strRedirect, true);
    Response.Redirect(FormsAuthentication.GetRedirectUrl("asim", false));
    }
    catch (SystemException SysExp)
    {
    lblErrorMessage.Visible = true;
    lblErrorMessage.Text = SysExp.Message;
    }

    }


    Now the problem I am seeing is that the page I am trying to access never
    gets rendered. But if I remove <deny users="?"/> from web.config the page
    gets rendered. So it seems that I am doing something wrong but I can't
    figure what. Any help will be greatly appreciated.


    Thanks

    Asim
    =?Utf-8?B?QXNpbQ==?=, Dec 16, 2004
    #1
    1. Advertising

  2. Asim what do u really want to do?
    Do u want to allow only "ASIM" as a user or allow authnticated Users?


    "Asim" wrote:

    > I am trying to use Forms-based authentication. I followed MS Support Q301240
    > article. I want to control access to a folder (swhouse) and its contents.
    > Below is the sample of actual web.config.
    >
    > <configuration>
    > <location path="swhouse" >
    > <system.web>
    > <authentication mode="Forms">
    > <forms name=".partnerslogin"
    > loginUrl="/CompanyWebsite/partnerlogin.aspx" protection="All"
    > timeout="30" path="\"></forms>
    > </authentication>
    > <authorization>
    > <allow users = "asim" />
    > <deny users="?"/>
    > </authorization>
    > </system.web>
    > </location>
    > <location>
    > <system.web>
    > <compilation defaultLanguage="c#" debug="false" />
    > <authentication mode="None"/>
    > <trace enabled="false" requestLimit="10" pageOutput="false"
    > traceMode="SortByTime" localOnly="true" />
    > <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
    > sqlConnectionString="data source=127.0.0.1;user id=sa;password="
    > cookieless="false" timeout="20" />
    > <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
    > </system.web>
    > </location>
    > </configuration>
    >
    > Next I created a webform and named it partnerlogin.aspx. This page contains
    > 2 textboxes, for user name and password, and a submit button, when the user
    > clicks the submit button the following code is executed (at this time it does
    > not include any kind of user name validation as I wanted to get this working
    > first)
    >
    > private void btnLogin_Click(object sender, System.EventArgs e)
    > {
    > try
    > {
    > // authenticate user...
    >
    >
    > // after authentication send to appropriate page or presentation
    > FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
    > 1,
    > "asim",
    > System.DateTime.Now,
    > System.DateTime.Now.AddMinutes(30),
    > true,
    > "",
    > FormsAuthentication.FormsCookiePath);
    >
    > // Encrypt the ticket.
    > string encTicket = FormsAuthentication.Encrypt(ticket);
    >
    > // Create the cookie.
    > Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
    > encTicket));
    >
    > // Redirect back to original URL.
    > string strRedirect =Request["ReturnUrl"];
    > if (strRedirect==null)
    > strRedirect = "partnerlogin.aspx";
    > Response.Redirect(strRedirect, true);
    > Response.Redirect(FormsAuthentication.GetRedirectUrl("asim", false));
    > }
    > catch (SystemException SysExp)
    > {
    > lblErrorMessage.Visible = true;
    > lblErrorMessage.Text = SysExp.Message;
    > }
    >
    > }
    >
    >
    > Now the problem I am seeing is that the page I am trying to access never
    > gets rendered. But if I remove <deny users="?"/> from web.config the page
    > gets rendered. So it seems that I am doing something wrong but I can't
    > figure what. Any help will be greatly appreciated.
    >
    >
    > Thanks
    >
    > Asim
    >
    =?Utf-8?B?UGF0cmljay5PLklnZQ==?=, Dec 17, 2004
    #2
    1. Advertising

  3. Patrick

    We have some presentations which we want to put on the webserver, but not
    all the authenticated users should have access to it. So what I am trying to
    do is create separate directories and then give certain users access to those
    directories and their contents. Basically user 'A' should have access to
    presentation 'A' in directory 'A' but he should not have access to
    presentation 'B' in directory 'B'. I want to put the users in the database
    and authenticate them once they enter their user name and password. That's
    the easy part.

    So in the sample code which I added to my post, I want only user "asim" to
    have access to the directory "swhouse" and it's contents. But so far what
    code is doing is bringing me back to the login page.

    Thanks

    Asim
    =?Utf-8?B?QXNpbQ==?=, Dec 17, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rudy Mark

    form based authentication.

    Rudy Mark, Oct 16, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    346
    Guest
    Oct 16, 2003
  2. Dom
    Replies:
    0
    Views:
    447
  3. Dom
    Replies:
    0
    Views:
    486
  4. Max
    Replies:
    2
    Views:
    1,081
  5. kitchai yong via .NET 247

    authenticate win32 form client with form based authentication web services

    kitchai yong via .NET 247, May 13, 2004, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    216
    Jan Tielens
    May 13, 2004
Loading...

Share This Page