FormsAuthentication.RedirectFromLoginPage

Discussion in 'ASP .Net' started by Andy Sutorius, Feb 16, 2005.

  1. Hi,

    For some reason the login.aspx webpage redirects to itself after a
    successful login and not to the url in the address bar. I have stepped
    through this with debug and it behaves as it is supposed to. What am I
    overlooking? Try it.

    http://www.sutorius.com/psyche
    click the Administration link
    username = user1
    password = user1


    private void cmdLogin_ServerClick(object sender, System.EventArgs e)
    {
    if (ValidateUser(txtUserName.Value,txtUserPass.Value) )


    FormsAuthentication.RedirectFromLoginPage(txtUserName.Value,chkPersistCookie
    ..Checked);

    else

    lblMsg.Text = "Invalid Log in";
    Andy Sutorius, Feb 16, 2005
    #1
    1. Advertising

  2. It looks like you've forgotten to call SetAuthCookie.
    Here's more info:
    http://authors.aspalliance.com/aspxtreme/sys/Web/Security/FormsAuthenticationClassSetAuthCookie.aspx

    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://SteveOrr.net


    "Andy Sutorius" <> wrote in message
    news:%sLQd.69593$...
    > Hi,
    >
    > For some reason the login.aspx webpage redirects to itself after a
    > successful login and not to the url in the address bar. I have stepped
    > through this with debug and it behaves as it is supposed to. What am I
    > overlooking? Try it.
    >
    > http://www.sutorius.com/psyche
    > click the Administration link
    > username = user1
    > password = user1
    >
    >
    > private void cmdLogin_ServerClick(object sender, System.EventArgs e)
    > {
    > if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
    >
    >
    > FormsAuthentication.RedirectFromLoginPage(txtUserName.Value,chkPersistCookie
    > .Checked);
    >
    > else
    >
    > lblMsg.Text = "Invalid Log in";
    >
    >
    >
    >
    >
    Steve C. Orr [MVP, MCSD], Feb 16, 2005
    #2
    1. Advertising

  3. Steve, doesn't the redirectfromloginpage call create the cookie for you?

    Andy, I've also had this when my web.config is not set up correctly to deny
    anonymous users and *allow* authenticated users.

    Bill

    "Steve C. Orr [MVP, MCSD]" wrote:

    > It looks like you've forgotten to call SetAuthCookie.
    > Here's more info:
    > http://authors.aspalliance.com/aspxtreme/sys/Web/Security/FormsAuthenticationClassSetAuthCookie.aspx
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD, MVP
    > http://SteveOrr.net
    >
    >
    > "Andy Sutorius" <> wrote in message
    > news:%sLQd.69593$...
    > > Hi,
    > >
    > > For some reason the login.aspx webpage redirects to itself after a
    > > successful login and not to the url in the address bar. I have stepped
    > > through this with debug and it behaves as it is supposed to. What am I
    > > overlooking? Try it.
    > >
    > > http://www.sutorius.com/psyche
    > > click the Administration link
    > > username = user1
    > > password = user1
    > >
    > >
    > > private void cmdLogin_ServerClick(object sender, System.EventArgs e)
    > > {
    > > if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
    > >
    > >
    > > FormsAuthentication.RedirectFromLoginPage(txtUserName.Value,chkPersistCookie
    > > .Checked);
    > >
    > > else
    > >
    > > lblMsg.Text = "Invalid Log in";
    > >
    > >
    > >
    > >
    > >

    >
    >
    >
    =?Utf-8?B?QmlsbCBCb3Jn?=, Feb 16, 2005
    #3
  4. Andy Sutorius, Feb 16, 2005
    #4
  5. Bill,

    Thanks for that. I forgot to put in an allow. This is what my web.config
    looks like now. And I am still getting the same response. I am attempting to
    control access into a subdirectory from the web.config in the root folder.
    Any other ideas?

    <location path="admin" allowOverride="false">
    <!-- <location path="admin" allowOverride="true"> -->
    <system.web>
    <authorization>
    <deny users="?" />
    <allow users="*" />
    </authorization>
    </system.web>
    </location>


    "Bill Borg" <> wrote in message
    news:...
    > Steve, doesn't the redirectfromloginpage call create the cookie for you?
    >
    > Andy, I've also had this when my web.config is not set up correctly to

    deny
    > anonymous users and *allow* authenticated users.
    >
    > Bill
    >
    > "Steve C. Orr [MVP, MCSD]" wrote:
    >
    > > It looks like you've forgotten to call SetAuthCookie.
    > > Here's more info:
    > >

    http://authors.aspalliance.com/aspxtreme/sys/Web/Security/FormsAuthenticationClassSetAuthCookie.aspx
    > >
    > > --
    > > I hope this helps,
    > > Steve C. Orr, MCSD, MVP
    > > http://SteveOrr.net
    > >
    > >
    > > "Andy Sutorius" <> wrote in message
    > > news:%sLQd.69593$...
    > > > Hi,
    > > >
    > > > For some reason the login.aspx webpage redirects to itself after a
    > > > successful login and not to the url in the address bar. I have stepped
    > > > through this with debug and it behaves as it is supposed to. What am I
    > > > overlooking? Try it.
    > > >
    > > > http://www.sutorius.com/psyche
    > > > click the Administration link
    > > > username = user1
    > > > password = user1
    > > >
    > > >
    > > > private void cmdLogin_ServerClick(object sender, System.EventArgs e)
    > > > {
    > > > if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
    > > >
    > > >
    > > >

    FormsAuthentication.RedirectFromLoginPage(txtUserName.Value,chkPersistCookie
    > > > .Checked);
    > > >
    > > > else
    > > >
    > > > lblMsg.Text = "Invalid Log in";
    > > >
    > > >
    > > >
    > > >
    > > >

    > >
    > >
    > >
    Andy Sutorius, Feb 16, 2005
    #5
  6. Looks pretty good at first blush. Any chance there's a web.config in the
    subfolder too (that would override the root)?

    Also, per your comment above, I'll be anxious to read Steve's response. I've
    been working through all this same stuff lately. To me, redirectfromloginpage
    is one of those times where asp.net does *too* much to make it easy, so you
    don't really understand what's happening underneath. Afaik, it combines
    creating the cookie, creating the authentication ticket stored in the cookie,
    persisting them or not, and redirecting to the requested page. You can do all
    these yourself if you understand what's happening, and you're forced to do
    that in cases I run into all the time, such as wanting to name the cookie
    myself, keeping multiple cookies, playing with timeout values per user, etc.
    Best discussion I've seen of all this is in Esposito's Programming ASP.NET
    (best discussion of most *anything* is in that book). There's also a ton of
    great stuff in this forum.

    Bill

    "Andy Sutorius" wrote:

    > Bill,
    >
    > Thanks for that. I forgot to put in an allow. This is what my web.config
    > looks like now. And I am still getting the same response. I am attempting to
    > control access into a subdirectory from the web.config in the root folder.
    > Any other ideas?
    >
    > <location path="admin" allowOverride="false">
    > <!-- <location path="admin" allowOverride="true"> -->
    > <system.web>
    > <authorization>
    > <deny users="?" />
    > <allow users="*" />
    > </authorization>
    > </system.web>
    > </location>
    >
    >
    > "Bill Borg" <> wrote in message
    > news:...
    > > Steve, doesn't the redirectfromloginpage call create the cookie for you?
    > >
    > > Andy, I've also had this when my web.config is not set up correctly to

    > deny
    > > anonymous users and *allow* authenticated users.
    > >
    > > Bill
    > >
    > > "Steve C. Orr [MVP, MCSD]" wrote:
    > >
    > > > It looks like you've forgotten to call SetAuthCookie.
    > > > Here's more info:
    > > >

    > http://authors.aspalliance.com/aspxtreme/sys/Web/Security/FormsAuthenticationClassSetAuthCookie.aspx
    > > >
    > > > --
    > > > I hope this helps,
    > > > Steve C. Orr, MCSD, MVP
    > > > http://SteveOrr.net
    > > >
    > > >
    > > > "Andy Sutorius" <> wrote in message
    > > > news:%sLQd.69593$...
    > > > > Hi,
    > > > >
    > > > > For some reason the login.aspx webpage redirects to itself after a
    > > > > successful login and not to the url in the address bar. I have stepped
    > > > > through this with debug and it behaves as it is supposed to. What am I
    > > > > overlooking? Try it.
    > > > >
    > > > > http://www.sutorius.com/psyche
    > > > > click the Administration link
    > > > > username = user1
    > > > > password = user1
    > > > >
    > > > >
    > > > > private void cmdLogin_ServerClick(object sender, System.EventArgs e)
    > > > > {
    > > > > if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
    > > > >
    > > > >
    > > > >

    > FormsAuthentication.RedirectFromLoginPage(txtUserName.Value,chkPersistCookie
    > > > > .Checked);
    > > > >
    > > > > else
    > > > >
    > > > > lblMsg.Text = "Invalid Log in";
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > >
    > > >
    > > >

    >
    >
    >
    =?Utf-8?B?QmlsbCBCb3Jn?=, Feb 16, 2005
    #6
  7. *This might be a double-post (having system trouble), but here goes (again):*

    Looks pretty good at first blush. Any chance there's a web.config in the
    subfolder too (that would override the root)?

    Also, per your comment above, I'll be anxious to read Steve's response. I've
    been working through all this same stuff lately. To me, redirectfromloginpage
    is one of those times where asp.net does *too* much to make it easy, so you
    don't really understand what's happening underneath. Afaik, it combines
    creating the cookie, creating the authentication ticket stored in the cookie,
    persisting them or not, and redirecting to the requested page. You can do all
    these yourself if you understand what's happening, and you're forced to do
    that in cases I run into all the time, such as wanting to name the cookie
    myself, keeping multiple cookies, playing with timeout values per user, etc.
    Best discussion I've seen of all this is in Esposito's Programming ASP.NET
    (best discussion of most *anything* is in that book). There's also a ton of
    great stuff in this forum.

    Bill

    "Andy Sutorius" wrote:

    > Bill,
    >
    > Thanks for that. I forgot to put in an allow. This is what my web.config
    > looks like now. And I am still getting the same response. I am attempting to
    > control access into a subdirectory from the web.config in the root folder.
    > Any other ideas?
    >
    > <location path="admin" allowOverride="false">
    > <!-- <location path="admin" allowOverride="true"> -->
    > <system.web>
    > <authorization>
    > <deny users="?" />
    > <allow users="*" />
    > </authorization>
    > </system.web>
    > </location>
    >
    >
    > "Bill Borg" <> wrote in message
    > news:...
    > > Steve, doesn't the redirectfromloginpage call create the cookie for you?
    > >
    > > Andy, I've also had this when my web.config is not set up correctly to

    > deny
    > > anonymous users and *allow* authenticated users.
    > >
    > > Bill
    > >
    > > "Steve C. Orr [MVP, MCSD]" wrote:
    > >
    > > > It looks like you've forgotten to call SetAuthCookie.
    > > > Here's more info:
    > > >

    > http://authors.aspalliance.com/aspxtreme/sys/Web/Security/FormsAuthenticationClassSetAuthCookie.aspx
    > > >
    > > > --
    > > > I hope this helps,
    > > > Steve C. Orr, MCSD, MVP
    > > > http://SteveOrr.net
    > > >
    > > >
    > > > "Andy Sutorius" <> wrote in message
    > > > news:%sLQd.69593$...
    > > > > Hi,
    > > > >
    > > > > For some reason the login.aspx webpage redirects to itself after a
    > > > > successful login and not to the url in the address bar. I have stepped
    > > > > through this with debug and it behaves as it is supposed to. What am I
    > > > > overlooking? Try it.
    > > > >
    > > > > http://www.sutorius.com/psyche
    > > > > click the Administration link
    > > > > username = user1
    > > > > password = user1
    > > > >
    > > > >
    > > > > private void cmdLogin_ServerClick(object sender, System.EventArgs e)
    > > > > {
    > > > > if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
    > > > >
    > > > >
    > > > >

    > FormsAuthentication.RedirectFromLoginPage(txtUserName.Value,chkPersistCookie
    > > > > .Checked);
    > > > >
    > > > > else
    > > > >
    > > > > lblMsg.Text = "Invalid Log in";
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > >
    > > >
    > > >

    >
    >
    >
    =?Utf-8?B?QmlsbCBCb3Jn?=, Feb 16, 2005
    #7
  8. Bill,

    Thanks for the extra eyes. In fact there is a web.config in the subfolder
    with the same deny/allow so I took it out. Getting the same action though.
    I've got something silly turned on/off, I just know it.

    I like this article and related code:
    http://www.theserverside.net/articles/article.tss?l=FormAuthentication

    Andy


    "Bill Borg" <> wrote in message
    news:D...
    > Looks pretty good at first blush. Any chance there's a web.config in the
    > subfolder too (that would override the root)?
    >
    > Also, per your comment above, I'll be anxious to read Steve's response.

    I've
    > been working through all this same stuff lately. To me,

    redirectfromloginpage
    > is one of those times where asp.net does *too* much to make it easy, so

    you
    > don't really understand what's happening underneath. Afaik, it combines
    > creating the cookie, creating the authentication ticket stored in the

    cookie,
    > persisting them or not, and redirecting to the requested page. You can do

    all
    > these yourself if you understand what's happening, and you're forced to do
    > that in cases I run into all the time, such as wanting to name the cookie
    > myself, keeping multiple cookies, playing with timeout values per user,

    etc.
    > Best discussion I've seen of all this is in Esposito's Programming ASP.NET
    > (best discussion of most *anything* is in that book). There's also a ton

    of
    > great stuff in this forum.
    >
    > Bill
    >
    Andy Sutorius, Feb 16, 2005
    #8
  9. It's behaving like the cookie isn't being set.
    This is a way to explicitly set the cookie, so I thought it would be worth a
    try. Then you can do a standard redirect and see if it works.

    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://SteveOrr.net



    "Andy Sutorius" <> wrote in message
    news:c_LQd.4$...
    > Steve,
    >
    > I don't understand how adding setauthcookie has an effect on the redirect.
    >
    > Andy
    >
    >
    > "Steve C. Orr [MVP, MCSD]" <> wrote in message
    > news:...
    >> It looks like you've forgotten to call SetAuthCookie.
    >> Here's more info:
    >>

    > http://authors.aspalliance.com/aspxtreme/sys/Web/Security/FormsAuthenticationClassSetAuthCookie.aspx
    >>
    >> --
    >> I hope this helps,
    >> Steve C. Orr, MCSD, MVP
    >> http://SteveOrr.net
    >>

    >
    >
    Steve C. Orr [MVP, MCSD], Feb 16, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TaeHo Yoo
    Replies:
    1
    Views:
    515
    Teemu Keiski
    Jul 9, 2003
  2. Lauchlan M
    Replies:
    2
    Views:
    488
    John Saunders
    Aug 17, 2003
  3. Eric Broers
    Replies:
    1
    Views:
    800
    Steve C. Orr [MVP, MCSD]
    Nov 27, 2003
  4. Jacob Crossley
    Replies:
    0
    Views:
    391
    Jacob Crossley
    Apr 2, 2004
  5. Jacob Crossley
    Replies:
    0
    Views:
    333
    Jacob Crossley
    Apr 6, 2004
Loading...

Share This Page