Forms authentication not working right

Discussion in 'ASP .Net Security' started by Joe, Jul 29, 2005.

  1. Joe

    Joe Guest

    I have a subfolder protected with Forms Authentication. When any page in
    that folder is requested my login page comes up and the user is prompted to
    login. This works fine.
    Once the user info is validated I create a cookie and setup the
    FormsAuthentication.

    The problem I get is that the Redirect always gets kicked back to the login
    page.

    FormsAuthentication.Initialize();

    FormsAuthenticationTicket ticket;
    string cookieString;
    HttpCookie cookie;

    ticket = new FormsAuthenticationTicket(1,
    user.Text,
    DateTime.Now,
    DateTime.Now.AddMinutes(30),
    false,
    "Data",
    FormsAuthentication.FormsCookiePath);

    cookieString = FormsAuthentication.Encrypt(ticket);
    cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
    cookieString);
    Response.Cookies.Add(cookie);
    string strQuery = FormsAuthentication.GetRedirectUrl(user.Text,false);
    Response.Redirect(strQuery);

    <location path="Publisher">
    <system.web>
    <compilation defaultLanguage="c#" debug="true" />
    <customErrors mode="Off" />
    <authentication mode="Forms">
    <forms name=".ASPXAUTH" loginUrl="..\PublisherLogin.aspx" timeout="30">
    </forms>

    </authentication>
    <authorization>
    <deny users="?" />
    <allow users ="*"/>
    </authorization>
    </system.web>
    </location>

    I had this problem another time but can't remember how I fixed it...

    Thanks,
    Joe
     
    Joe, Jul 29, 2005
    #1
    1. Advertising

  2. Joe

    Stu Guest

    Couple of things to try....

    Check that the folder name is correct case. I think that the <location>
    element's path attribute is case sensitive.

    Also, i think that your <authorization> element should be like this...
    <authorization>
    <deny users="?" />
    </authorization>
    And then you would want another <location> element for "PublisherLogin.aspx"
    where the authorization section would be like this...
    <authorization>
    <allow users="*" />
    </authorization>

    See how that goes anyway.
    --
    Cheers,
    Stu


    "Joe" wrote:

    > I have a subfolder protected with Forms Authentication. When any page in
    > that folder is requested my login page comes up and the user is prompted to
    > login. This works fine.
    > Once the user info is validated I create a cookie and setup the
    > FormsAuthentication.
    >
    > The problem I get is that the Redirect always gets kicked back to the login
    > page.
    >
    > FormsAuthentication.Initialize();
    >
    > FormsAuthenticationTicket ticket;
    > string cookieString;
    > HttpCookie cookie;
    >
    > ticket = new FormsAuthenticationTicket(1,
    > user.Text,
    > DateTime.Now,
    > DateTime.Now.AddMinutes(30),
    > false,
    > "Data",
    > FormsAuthentication.FormsCookiePath);
    >
    > cookieString = FormsAuthentication.Encrypt(ticket);
    > cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
    > cookieString);
    > Response.Cookies.Add(cookie);
    > string strQuery = FormsAuthentication.GetRedirectUrl(user.Text,false);
    > Response.Redirect(strQuery);
    >
    > <location path="Publisher">
    > <system.web>
    > <compilation defaultLanguage="c#" debug="true" />
    > <customErrors mode="Off" />
    > <authentication mode="Forms">
    > <forms name=".ASPXAUTH" loginUrl="..\PublisherLogin.aspx" timeout="30">
    > </forms>
    >
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > <allow users ="*"/>
    > </authorization>
    > </system.web>
    > </location>
    >
    > I had this problem another time but can't remember how I fixed it...
    >
    > Thanks,
    > Joe
    >
    >
    >
     
    Stu, Aug 4, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,562
    Tommy
    Feb 13, 2004
  2. Russell
    Replies:
    6
    Views:
    615
    russell mccloy
    Mar 24, 2005
  3. =?Utf-8?B?S3VsZGVlcA==?=

    Logout not working - Forms Authentication domain wide cookie

    =?Utf-8?B?S3VsZGVlcA==?=, Jun 13, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    672
    =?Utf-8?B?S3VsZGVlcA==?=
    Jun 13, 2005
  4. Matt
    Replies:
    2
    Views:
    575
  5. Eric
    Replies:
    2
    Views:
    643
Loading...

Share This Page