S
Sergio E.
Hello,
I have a problem with masterpages and forms security.
I made a new Web site, in which I have my page login.aspx as the homepage ,
a master page with only a sitemappath object in it, the file of map of the
site,
the web.config and another page to do tests.
In the page redirected from login there are a label and a combo (dropdown)
object and the only thing this page do is to modify label with the text that
this
one has The problem is that it again redirects me to the login page, i singn
in
again an then the page redirects me to the initial state of the second page,
but i nees
that this redirect to the login page only happens when the 5 minutes timeout
is reached.
I put my code down to them, hopefully you see something that is I making
wrong
Thanking for beforehand your time and help.
Sergio E.
---------code: login.aspx
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Login.aspx.vb"
Inherits="Login" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Login</title>
<link href="Styles/MiStyleSheet.css" rel="stylesheet" type="text/css" />
</head>
<body>
<form id="Form1" runat="server" method="post">
<div style="text-align: center">
<asp:Label ID="Label1" runat="server" Text="Reporteador"></asp:Label><br />
<br />
Acceso al Sistema<br />
<table style="width: 395px">
<tr>
<td style="width: 188px">
Usuario:
</td>
<td style="width: 199px">
<asp:TextBox ID="TxtUsuario" runat="server"
Width="150px"></asp:TextBox></td>
</tr>
<tr>
<td style="width: 188px">
Clave:</td>
<td style="width: 199px">
<asp:TextBox ID="TxtPwd" runat="server" TextMode="Password"
Width="150px"></asp:TextBox></td>
</tr>
</table>
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server"
ControlToValidate="TxtUsuario"
Display="None" ErrorMessage="El campo Usuario no debe estar
vacío."></asp:RequiredFieldValidator>
<asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server"
ControlToValidate="TxtPwd"
Display="None" ErrorMessage="El campo Clave no debe estar
vacío."></asp:RequiredFieldValidator><br />
<asp:ValidationSummary ID="ResumenValidacion" runat="server" Height="85px"
ShowMessageBox="True"
ShowSummary="False" Width="153px" />
<br />
<asp:Button ID="BtnLogin" runat="server" Text="Ingresar" /><br />
<br />
<br />
<asp:Label ID="LblError" runat="server" ForeColor="Red" Text="¡¡¡Error:
Usuario o Clave incorrectos!!!"
Visible="False"></asp:Label> </div>
</form>
</body>
</html>
--- code: login.aspx.vb (cookie definition only)
Protected Sub BtnLogin_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles BtnLogin.Click
dim bUsuarioValido as boolean = ValidaUsuarioEnBDD() 'Este metodo es el que
se conecta a la base de datos y valida realmente al usuario
dim NomPaginaOk as string = "~/Reporte.aspx"
If Not (bUsuarioValido) Then
Me.LblError.Visible = True
Me.TxtUsuario.Text = ""
Me.TxtPwd.Text = ""
Else
FormsAuthentication.SetAuthCookie(Me.TxtUsuario.Text, True)
Session.Add(VariablesGlobales.NombreVarSesionEstadoAutorizado,
VariablesGlobales.ValorEsperadoSesionEstadoAutorizado)
Server.Transfer(NomPaginaOk,True)
End If
-------------- code: header.master
<%@ Master Language="VB" CodeFile="Header.master.vb" Inherits="Header" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Reporte</title>
</head>
<body>
<form id="form1" runat="server">
<div style="text-align: left">
<center > <strong>REPORTEADOR</strong></center> <br />
<asp:SiteMapPath ID="smpMiSitio" runat="server" Font-Names="Verdana"
Font-Size="0.8em"
PathSeparator=" : ">
<PathSeparatorStyle Font-Bold="True" ForeColor="#990000" />
<CurrentNodeStyle ForeColor="#333333" />
<NodeStyle Font-Bold="True" ForeColor="#990000" />
<RootNodeStyle Font-Bold="True" ForeColor="#FF8000" />
</asp:SiteMapPath>
<br />
<br />
<asp:contentplaceholder id="phContenido" runat="server">
</asp:contentplaceholder>
</div>
<br />
<strong><em><span style="text-decoration: underline">(C) Todos los derechos
reservados...</span></em></strong>
</form>
</body>
</html>
---------- code: reporte.aspx
<%@ Page Language="VB" MasterPageFile="~/Header.master"
AutoEventWireup="false" CodeFile="Reporte.aspx.vb" Inherits="Reporte"
title="Reporte" %>
<asp:Content ID="Content1" ContentPlaceHolderID="phContenido"
Runat="Server">
<asp:Label ID="lblEtiqueta" runat="server" Text="Label"></asp:Label>
<asp
ropDownList ID="DropDownList1" runat="server" AutoPostBack="True">
<asp:ListItem>hola</asp:ListItem>
<asp:ListItem>compa</asp:ListItem>
</aspropDownList>
</asp:Content>
--------- code: reporte.aspx.vb
Partial Class Reporte
Inherits System.Web.UI.Page
Protected Sub DropDownList1_SelectedIndexChanged(ByVal sender As Object,
ByVal e As System.EventArgs) Handles DropDownList1.SelectedIndexChanged
Me.lblEtiqueta.Text = Me.DropDownList1.SelectedItem.Text
End Sub
End Class
------------ code: web.sitemap
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="Login.aspx" title="" description="Acceso al Sistema">
<siteMapNode url="Reporte.aspx" title="Inicio" description="Reporte">
</siteMapNode>
</siteMapNode>
</siteMap>
--------code: web.config
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings>
<add name="AConnectionString" connectionString="Data
Source=DBServer001;Initial Catalog=DBVentas;Persist Security Info=True;User
ID=sa;Password=sa;Connect Timeout=60" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" strict="true" explicit="true"/>
<pages>
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".rptcookie" timeout="5" >
<!--protection="All" timeout="1">-->
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<customErrors mode="Off"/>
</system.web>
</configuration>
I have a problem with masterpages and forms security.
I made a new Web site, in which I have my page login.aspx as the homepage ,
a master page with only a sitemappath object in it, the file of map of the
site,
the web.config and another page to do tests.
In the page redirected from login there are a label and a combo (dropdown)
object and the only thing this page do is to modify label with the text that
this
one has The problem is that it again redirects me to the login page, i singn
in
again an then the page redirects me to the initial state of the second page,
but i nees
that this redirect to the login page only happens when the 5 minutes timeout
is reached.
I put my code down to them, hopefully you see something that is I making
wrong
Thanking for beforehand your time and help.
Sergio E.
---------code: login.aspx
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Login.aspx.vb"
Inherits="Login" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Login</title>
<link href="Styles/MiStyleSheet.css" rel="stylesheet" type="text/css" />
</head>
<body>
<form id="Form1" runat="server" method="post">
<div style="text-align: center">
<asp:Label ID="Label1" runat="server" Text="Reporteador"></asp:Label><br />
<br />
Acceso al Sistema<br />
<table style="width: 395px">
<tr>
<td style="width: 188px">
Usuario:
</td>
<td style="width: 199px">
<asp:TextBox ID="TxtUsuario" runat="server"
Width="150px"></asp:TextBox></td>
</tr>
<tr>
<td style="width: 188px">
Clave:</td>
<td style="width: 199px">
<asp:TextBox ID="TxtPwd" runat="server" TextMode="Password"
Width="150px"></asp:TextBox></td>
</tr>
</table>
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server"
ControlToValidate="TxtUsuario"
Display="None" ErrorMessage="El campo Usuario no debe estar
vacío."></asp:RequiredFieldValidator>
<asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server"
ControlToValidate="TxtPwd"
Display="None" ErrorMessage="El campo Clave no debe estar
vacío."></asp:RequiredFieldValidator><br />
<asp:ValidationSummary ID="ResumenValidacion" runat="server" Height="85px"
ShowMessageBox="True"
ShowSummary="False" Width="153px" />
<br />
<asp:Button ID="BtnLogin" runat="server" Text="Ingresar" /><br />
<br />
<br />
<asp:Label ID="LblError" runat="server" ForeColor="Red" Text="¡¡¡Error:
Usuario o Clave incorrectos!!!"
Visible="False"></asp:Label> </div>
</form>
</body>
</html>
--- code: login.aspx.vb (cookie definition only)
Protected Sub BtnLogin_Click(ByVal sender As Object, ByVal e As
System.EventArgs) Handles BtnLogin.Click
dim bUsuarioValido as boolean = ValidaUsuarioEnBDD() 'Este metodo es el que
se conecta a la base de datos y valida realmente al usuario
dim NomPaginaOk as string = "~/Reporte.aspx"
If Not (bUsuarioValido) Then
Me.LblError.Visible = True
Me.TxtUsuario.Text = ""
Me.TxtPwd.Text = ""
Else
FormsAuthentication.SetAuthCookie(Me.TxtUsuario.Text, True)
Session.Add(VariablesGlobales.NombreVarSesionEstadoAutorizado,
VariablesGlobales.ValorEsperadoSesionEstadoAutorizado)
Server.Transfer(NomPaginaOk,True)
End If
-------------- code: header.master
<%@ Master Language="VB" CodeFile="Header.master.vb" Inherits="Header" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Reporte</title>
</head>
<body>
<form id="form1" runat="server">
<div style="text-align: left">
<center > <strong>REPORTEADOR</strong></center> <br />
<asp:SiteMapPath ID="smpMiSitio" runat="server" Font-Names="Verdana"
Font-Size="0.8em"
PathSeparator=" : ">
<PathSeparatorStyle Font-Bold="True" ForeColor="#990000" />
<CurrentNodeStyle ForeColor="#333333" />
<NodeStyle Font-Bold="True" ForeColor="#990000" />
<RootNodeStyle Font-Bold="True" ForeColor="#FF8000" />
</asp:SiteMapPath>
<br />
<br />
<asp:contentplaceholder id="phContenido" runat="server">
</asp:contentplaceholder>
</div>
<br />
<strong><em><span style="text-decoration: underline">(C) Todos los derechos
reservados...</span></em></strong>
</form>
</body>
</html>
---------- code: reporte.aspx
<%@ Page Language="VB" MasterPageFile="~/Header.master"
AutoEventWireup="false" CodeFile="Reporte.aspx.vb" Inherits="Reporte"
title="Reporte" %>
<asp:Content ID="Content1" ContentPlaceHolderID="phContenido"
Runat="Server">
<asp:Label ID="lblEtiqueta" runat="server" Text="Label"></asp:Label>
<asp
ropDownList ID="DropDownList1" runat="server" AutoPostBack="True"><asp:ListItem>hola</asp:ListItem>
<asp:ListItem>compa</asp:ListItem>
</asp
ropDownList></asp:Content>
--------- code: reporte.aspx.vb
Partial Class Reporte
Inherits System.Web.UI.Page
Protected Sub DropDownList1_SelectedIndexChanged(ByVal sender As Object,
ByVal e As System.EventArgs) Handles DropDownList1.SelectedIndexChanged
Me.lblEtiqueta.Text = Me.DropDownList1.SelectedItem.Text
End Sub
End Class
------------ code: web.sitemap
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="Login.aspx" title="" description="Acceso al Sistema">
<siteMapNode url="Reporte.aspx" title="Inicio" description="Reporte">
</siteMapNode>
</siteMapNode>
</siteMap>
--------code: web.config
<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings>
<add name="AConnectionString" connectionString="Data
Source=DBServer001;Initial Catalog=DBVentas;Persist Security Info=True;User
ID=sa;Password=sa;Connect Timeout=60" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" strict="true" explicit="true"/>
<pages>
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".rptcookie" timeout="5" >
<!--protection="All" timeout="1">-->
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
<customErrors mode="Off"/>
</system.web>
</configuration>