N
nicholas
I'm using role based forms authetication with user-info in a database.
I used this with a SQL database (sql 2000 server) and it worked 100%.
Now, I want to use the same code, but with a database in MS Access Xp.
If I insert a wrong login or pass on the login page, the error message
appears.
But when I insert the right login and pass, I'm not redirected to the index
page, it just reloads the login-page.
It works partially, because when I set ALLOW USERS="?" (so, everyone) in the
config.web, I can login, ofcourse, but I can see I am logged in as
MyUserName.
And the cookie is written.
Hope someone can help me out of this.
THX
Here is my login-page code:
(I just replaced all "Sql" with "Ole" as it is an Access Dbase)
######### code start #########
Sub btnLogin_Click(sender as Object, e as EventArgs)
'Initialize FormsAuthentication, for what it's worth
FormsAuthentication.Initialize()
'Create our connection and command objects
Dim Conn as OleDbConnection
Dim Cmd as OleDBCommand
Dim Reader as OleDbDataReader
Dim ConnString as String
'Create connection with connectionstring and open the connection
ConnString = ConfigurationSettings.AppSettings("ConnectionString")
Conn = new OleDbConnection(ConnString)
conn.Open()
' Create SqlCommand to select pwd field from the users table
given a supplied userName.
Cmd = New OleDbCommand("Select userrole from tbl_users where
userlogin=@username AND userpass=@password", Conn)
'Fill our parameters
cmd.Parameters.Add("@username", OleDbType.VarWChar, 64)
cmd.Parameters.Add("@password", OleDbType.VarWChar, 128)
cmd.Parameters("@userName").Value = username.text
cmd.Parameters("@password").Value =
FormsAuthentication.HashPasswordForStoringInConfigFile( Password.text,
"md5") ' Or "sha1"
'Execute the command
reader = Cmd.ExecuteReader()
if (reader.Read()) then
'Create a new ticket used for authentication
Dim ticket As FormsAuthenticationTicket
ticket = new FormsAuthenticationTicket( 1, Username.text,
DateTime.Now, DateTime.Now.AddMinutes(500), true, reader.GetString(0),
FormsAuthentication.FormsCookiePath)
'( Ticket version, Username associated with ticket,
Date/time issued, "true" for a persistent user cookie, User-data, in this
case the roles, Path cookie valid for )
' Encrypt the cookie using the machine key for secure
transport
Dim hash as String
Dim cookie as HttpCookie
hash = FormsAuthentication.Encrypt(ticket)
cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
hash)
'( Name of auth cookie, Hashed ticket)
' Set the cookie's expiration time to the tickets expiration
time
if (ticket.IsPersistent) then cookie.Expires =
ticket.Expiration
' Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie)
' Redirect to requested URL, or homepage if no previous page
' requested
Dim returnUrl as String
ErrorLabel.Visible = true
returnUrl = Request.form("ReturnUrl")
if (returnUrl Is Nothing) then
ErrorLabel.Visible = true
returnUrl = "/admin/index.aspx" 'or "menu.aspx" for ex.
' Don't call FormsAuthentication.RedirectFromLoginPage
since it
' could
' replace the authentication ticket (cookie) we just
added
End if
Response.Redirect(returnUrl, false)
else
' Never tell the user if just the username or password is
incorrect.
' That just gives them a place to start, once they've found
one or
' the other is correct!
ErrorLabel.text = "Username / password incorrect. Please try
again."
ErrorLabel.Visible = true
End if
Reader.Close()
Conn.Close()
End Sub
######## end of code ##############
I used this with a SQL database (sql 2000 server) and it worked 100%.
Now, I want to use the same code, but with a database in MS Access Xp.
If I insert a wrong login or pass on the login page, the error message
appears.
But when I insert the right login and pass, I'm not redirected to the index
page, it just reloads the login-page.
It works partially, because when I set ALLOW USERS="?" (so, everyone) in the
config.web, I can login, ofcourse, but I can see I am logged in as
MyUserName.
And the cookie is written.
Hope someone can help me out of this.
THX
Here is my login-page code:
(I just replaced all "Sql" with "Ole" as it is an Access Dbase)
######### code start #########
Sub btnLogin_Click(sender as Object, e as EventArgs)
'Initialize FormsAuthentication, for what it's worth
FormsAuthentication.Initialize()
'Create our connection and command objects
Dim Conn as OleDbConnection
Dim Cmd as OleDBCommand
Dim Reader as OleDbDataReader
Dim ConnString as String
'Create connection with connectionstring and open the connection
ConnString = ConfigurationSettings.AppSettings("ConnectionString")
Conn = new OleDbConnection(ConnString)
conn.Open()
' Create SqlCommand to select pwd field from the users table
given a supplied userName.
Cmd = New OleDbCommand("Select userrole from tbl_users where
userlogin=@username AND userpass=@password", Conn)
'Fill our parameters
cmd.Parameters.Add("@username", OleDbType.VarWChar, 64)
cmd.Parameters.Add("@password", OleDbType.VarWChar, 128)
cmd.Parameters("@userName").Value = username.text
cmd.Parameters("@password").Value =
FormsAuthentication.HashPasswordForStoringInConfigFile( Password.text,
"md5") ' Or "sha1"
'Execute the command
reader = Cmd.ExecuteReader()
if (reader.Read()) then
'Create a new ticket used for authentication
Dim ticket As FormsAuthenticationTicket
ticket = new FormsAuthenticationTicket( 1, Username.text,
DateTime.Now, DateTime.Now.AddMinutes(500), true, reader.GetString(0),
FormsAuthentication.FormsCookiePath)
'( Ticket version, Username associated with ticket,
Date/time issued, "true" for a persistent user cookie, User-data, in this
case the roles, Path cookie valid for )
' Encrypt the cookie using the machine key for secure
transport
Dim hash as String
Dim cookie as HttpCookie
hash = FormsAuthentication.Encrypt(ticket)
cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
hash)
'( Name of auth cookie, Hashed ticket)
' Set the cookie's expiration time to the tickets expiration
time
if (ticket.IsPersistent) then cookie.Expires =
ticket.Expiration
' Add the cookie to the list for outgoing response
Response.Cookies.Add(cookie)
' Redirect to requested URL, or homepage if no previous page
' requested
Dim returnUrl as String
ErrorLabel.Visible = true
returnUrl = Request.form("ReturnUrl")
if (returnUrl Is Nothing) then
ErrorLabel.Visible = true
returnUrl = "/admin/index.aspx" 'or "menu.aspx" for ex.
' Don't call FormsAuthentication.RedirectFromLoginPage
since it
' could
' replace the authentication ticket (cookie) we just
added
End if
Response.Redirect(returnUrl, false)
else
' Never tell the user if just the username or password is
incorrect.
' That just gives them a place to start, once they've found
one or
' the other is correct!
ErrorLabel.text = "Username / password incorrect. Please try
again."
ErrorLabel.Visible = true
End if
Reader.Close()
Conn.Close()
End Sub
######## end of code ##############