Forms autentication and registration page - some advices

Discussion in 'ASP .Net Security' started by NWx, Feb 13, 2004.

  1. NWx

    NWx Guest

    Hi,

    I implement forms authentication in my application.
    So I have a login form.
    Actually I have two custom Web controls, one to login and one to redirect
    user to Register page

    Login custom control perform some client-side validation if username or
    password are empty

    I have two problems:

    1. Even if user click on register button (which is on Register user
    control), my page performs client side validation for username and password
    from Login user control. How can I prevent this? I can disable client-side
    validation, but I don't want this.

    2. Usually I shouldn't be able to access register page, since I'm not
    authenticated.
    So I "trick" the application, and I authenticate with a "dummy" user name,
    with a code as below, in cmdRegister_click:
    FormsAuthentication.SetAuthCookie("guest", False)

    Response.Redirect("register.aspx")

    Also, I created a custom header control I place on every page, which check
    in page_load if current user is guest and page is <> register.aspx, and in
    this case calls signoff, to avoid user to access a protected page by typing
    its name in address bar after loading Register.aspx.

    Is this solution safe enough? Can anyone suggest any better approach?

    Thank you.
    NWx, Feb 13, 2004
    #1
    1. Advertising

  2. > 1. Even if user click on register button (which is on Register user
    > control), my page performs client side validation for username and

    password
    > from Login user control. How can I prevent this? I can disable client-side
    > validation, but I don't want this.


    You can set "CausesValidation" for register button to false,so it wont do
    validation.

    > 2. Usually I shouldn't be able to access register page, since I'm not
    > authenticated.
    > So I "trick" the application, and I authenticate with a "dummy" user name,
    > with a code as below, in cmdRegister_click:
    > FormsAuthentication.SetAuthCookie("guest", False)


    You can set authorization setting for particular file using location tag,
    for this file alone give
    access to all the user for all other file deny access to unauthenticated
    user. For example to set
    authorization permission for particular page,
    <location path="<filename>">
    <system.web>
    <autorization>
    <allow users="*">
    </autorization>
    </system.web>
    </location>

    --
    Saravana
    Microsoft MVP - ASP.NET
    www.extremeexperts.com



    "NWx" <> wrote in message
    news:...
    > Hi,
    >
    > I implement forms authentication in my application.
    > So I have a login form.
    > Actually I have two custom Web controls, one to login and one to redirect
    > user to Register page
    >
    > Login custom control perform some client-side validation if username or
    > password are empty
    >
    > I have two problems:
    >
    > 1. Even if user click on register button (which is on Register user
    > control), my page performs client side validation for username and

    password
    > from Login user control. How can I prevent this? I can disable client-side
    > validation, but I don't want this.
    >
    > 2. Usually I shouldn't be able to access register page, since I'm not
    > authenticated.
    > So I "trick" the application, and I authenticate with a "dummy" user name,
    > with a code as below, in cmdRegister_click:
    > FormsAuthentication.SetAuthCookie("guest", False)
    >
    > Response.Redirect("register.aspx")
    >
    > Also, I created a custom header control I place on every page, which check
    > in page_load if current user is guest and page is <> register.aspx, and in
    > this case calls signoff, to avoid user to access a protected page by

    typing
    > its name in address bar after loading Register.aspx.
    >
    > Is this solution safe enough? Can anyone suggest any better approach?
    >
    > Thank you.
    >
    >
    Saravana [MVP], Feb 13, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. NWx
    Replies:
    1
    Views:
    533
    Saravana [MVP]
    Feb 13, 2004
  2. Eric
    Replies:
    2
    Views:
    1,402
    Tommy
    Feb 13, 2004
  3. Jeff Dillon

    Autentication dialog

    Jeff Dillon, Nov 4, 2004, in forum: ASP .Net
    Replies:
    14
    Views:
    494
    Bliss
    Nov 20, 2004
  4. Joh
    Replies:
    2
    Views:
    315
    Lonnie Princehouse
    Jul 15, 2004
  5. JPractitioner

    Need some advices regarding JNI

    JPractitioner, Jul 24, 2006, in forum: Java
    Replies:
    6
    Views:
    675
    JPractitioner
    Jul 25, 2006
Loading...

Share This Page