Hello everyone...

Discussion in 'ASP .Net' started by Nugs, Apr 15, 2004.

  1. Nugs

    Nugs Guest

    Hi there everyone, I'm new to this newsgroup so I hope you don't mind me just asking a question, but it has been working me for way to long now and I need some help. I'm fairly new to ASP.NET and VB.NET but have been cramming for weeks now and hit a snag.It has to do with forms authentication in ASP.NET. My problem is that when good credentials are sent from the login.aspx page it doesn't seem to be generating a cookie for the user and sends the user back to the login page because they are still unauthenticated. I have been researching this allot and have been buried in books for way to long now. Creating the login system seems so easy to do that there are little troubleshooting pages to be found. I did find one that described my problem in one short paragraph:

    [http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch13.asp]
    Using Forms Authentication
    Make sure that the cookie name specified in the <forms> element is being retrieved in the global.asax event handler correctly (Application_AuthenticateRequest). Also, make sure the cookie is being created. If the client is continuously sent back to the login page (specified by the loginUrl attribute on the <forms> element) this indicates that the cookie is not being created for some reason, or an authenticated identity is not being placed into the context (HttpContext.User)


    The structure I have is fairly simple. I have the root of my main application open to anonymous users. I then have a secured directory called 'ClientCenter'. Both have there own web.config files specifying there separate authorization.

    At the root of my site I have my the main sites web.config file which looks like so:

    Code:
    <configuration>
    <appSettings>
    <add key="MM_CONNECTION_HANDLER_eOnConn" value="default_oledb.htm" />
    <add key="MM_CONNECTION_STRING_eOnConn" value="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Inetpub\wwwroot\eOn\Database\eOn.mdb;Persist Security Info=False" />
    <add key="MM_CONNECTION_DATABASETYPE_eOnConn" value="OleDb" />
    <add key="MM_CONNECTION_SCHEMA_eOnConn" value="" />
    <add key="MM_CONNECTION_CATALOG_eOnConn" value="" />
    </appSettings>
     
    <system.web>
    <authentication mode="Forms">
    <forms name=".CCAUTH" loginUrl="../login.aspx" protection="All">
    <credentials passwordFormat="Clear">
    <user name="1" password="1" />
    </credentials>
    </forms>
    </authentication>
    <authorization>
    <allow users="?" />
    </authorization>
    </system.web>
    </configuration>
    
    My login page code (with some help from the MSDN) looks like so:
    
    [Code]
    <%@ Page Language="VB" AutoEventWireup="true" %>
    <html>
    <head>
    <script runat="server">
    Sub LoginBtn_Click(sender as Object, e as EventArgs) 
    '            If Page.IsValid Then
    ' Call the authentication event handler delegate (not included in this example).
    If FormsAuthentication.Authenticate(UserName.Text, UserPass.Text) Then
    ' Return to the originally requested URL.
    FormsAuthentication.RedirectFromLoginPage(UserName.Text, Remember.Checked)
    Else
    Msg.Text = "Invalid Credentials: Please try again"
    End If
    '            End If    
    End Sub
    </script>
    
    </head>
    
    <body>
    <form runat="server">
    <h2>Login Page</h2>
    <hr size="1" />
    <table>
    <tbody>
    <tr>
    <td>Username:</td>
    <td><asp:TextBox id="UserName" runat="server"></asp:TextBox></td>
    <td><asp:RequiredFieldValidator id="RequiredFieldValidator1" runat="server" ControlToValidate="UserName" 
    Display="Static" ErrorMessage="*"></asp:RequiredFieldValidator></td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><asp:TextBox id="UserPass" runat="server" TextMode="Password"></asp:TextBox></td>
    <td><asp:RequiredFieldValidator id="RequiredFieldValidator2" runat="server" ControlToValidate="UserPass" 
    Display="Static" ErrorMessage="*"></asp:RequiredFieldValidator></td>
    </tr>
    <tr>
    <td colspan="3"> <asp:CheckBox id="Remember" runat="server"></asp:CheckBox>Remember credentials?</td>
    </tr>
    </tbody>
    </table>
    <asp:button id="LoginBtn" onclick="LoginBtn_Click" runat="server" text="Login"></asp:button>
    <p><asp:Label id="Msg" runat="server" ForeColor="red"></asp:Label></p>
    </form>
    </body>
    </html>
    
    And lastly the ClientCenter/web.config file looks like this:
    
    [Code]
    <configuration>
    <system.web>
    <authorization>
    <deny users="?" />
    <allow users="*" />
    </authorization>
    </system.web>
    </configuration>
    
    Now from all the books and examples I have been through, this should be all I need to get this login system up and running, right? Well something is going on here and i have no clue what. Please could someone show me what I am doing wrong here and why it is not generating my cookie! How do i ' Call the authentication event handler delegate' and what is that exactly? Do i have to set something in IIS for this to work? Please help!
    
    Thanks
    Nugs
    Nugs, Apr 15, 2004
    #1
    1. Advertising

  2. Let's start by elminating the simple: Are you sure that the browser has
    Cookies enabled?

    --
    HTH,
    Kevin Spencer
    ..Net Developer
    Microsoft MVP
    Big things are made up
    of lots of little things.

    "Nugs" <> wrote in message
    news:...
    Hi there everyone, I'm new to this newsgroup so I hope you don't mind me
    just asking a question, but it has been working me for way to long now and I
    need some help. I'm fairly new to ASP.NET and VB.NET but have been cramming
    for weeks now and hit a snag.It has to do with forms authentication in
    ASP.NET. My problem is that when good credentials are sent from the
    login.aspx page it doesn't seem to be generating a cookie for the user and
    sends the user back to the login page because they are still
    unauthenticated. I have been researching this allot and have been buried in
    books for way to long now. Creating the login system seems so easy to do
    that there are little troubleshooting pages to be found. I did find one that
    described my problem in one short paragraph:


    [http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/h
    tml/SecNetch13.asp]
    Using Forms Authentication
    Make sure that the cookie name specified in the <forms> element is being
    retrieved in the global.asax event handler correctly
    (Application_AuthenticateRequest). Also, make sure the cookie is being
    created. If the client is continuously sent back to the login page
    (specified by the loginUrl attribute on the <forms> element) this indicates
    that the cookie is not being created for some reason, or an authenticated
    identity is not being placed into the context (HttpContext.User)


    The structure I have is fairly simple. I have the root of my main
    application open to anonymous users. I then have a secured directory called
    'ClientCenter'. Both have there own web.config files specifying there
    separate authorization.

    At the root of my site I have my the main sites web.config file which looks
    like so:

    Code:
    <configuration>
    <appSettings>
    <add key="MM_CONNECTION_HANDLER_eOnConn" value="default_oledb.htm"
    />
    <add key="MM_CONNECTION_STRING_eOnConn"
    value="Provider=Microsoft.Jet.OLEDB.4.0;Data
    Source=C:\Inetpub\wwwroot\eOn\Database\eOn.mdb;Persist Security Info=False"
    />
    <add key="MM_CONNECTION_DATABASETYPE_eOnConn" value="OleDb" />
    <add key="MM_CONNECTION_SCHEMA_eOnConn" value="" />
    <add key="MM_CONNECTION_CATALOG_eOnConn" value="" />
    </appSettings>
    
    <system.web>
    <authentication mode="Forms">
    <forms name=".CCAUTH" loginUrl="../login.aspx"
    protection="All">
    <credentials passwordFormat="Clear">
    <user name="1" password="1" />
    </credentials>
    </forms>
    </authentication>
    <authorization>
    <allow users="?" />
    </authorization>
    </system.web>
    </configuration>
    
    My login page code (with some help from the MSDN) looks like so:
    
    [Code]
    <%@ Page Language="VB" AutoEventWireup="true" %>
    <html>
    <head>
    <script runat="server">
    Sub LoginBtn_Click(sender as Object, e as EventArgs)
    '            If Page.IsValid Then
    ' Call the authentication event handler delegate (not
    included in this example).
    If FormsAuthentication.Authenticate(UserName.Text,
    UserPass.Text) Then
    ' Return to the originally requested URL.
    FormsAuthentication.RedirectFromLoginPage(UserName.Text,
    Remember.Checked)
    Else
    Msg.Text = "Invalid Credentials: Please try again"
    End If
    '            End If
    End Sub
    </script>
    
    </head>
    
    <body>
    <form runat="server">
    <h2>Login Page</h2>
    <hr size="1" />
    <table>
    <tbody>
    <tr>
    <td>Username:</td>
    <td><asp:TextBox id="UserName"
    runat="server"></asp:TextBox></td>
    <td><asp:RequiredFieldValidator id="RequiredFieldValidator1"
    runat="server" ControlToValidate="UserName"
    Display="Static"
    ErrorMessage="*"></asp:RequiredFieldValidator></td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><asp:TextBox id="UserPass" runat="server"
    TextMode="Password"></asp:TextBox></td>
    <td><asp:RequiredFieldValidator id="RequiredFieldValidator2"
    runat="server" ControlToValidate="UserPass"
    Display="Static"
    ErrorMessage="*"></asp:RequiredFieldValidator></td>
    </tr>
    <tr>
    <td colspan="3"> <asp:CheckBox id="Remember"
    runat="server"></asp:CheckBox>Remember credentials?</td>
    </tr>
    </tbody>
    </table>
    <asp:button id="LoginBtn" onclick="LoginBtn_Click" runat="server"
    text="Login"></asp:button>
    <p><asp:Label id="Msg" runat="server"
    ForeColor="red"></asp:Label></p>
    </form>
    </body>
    </html>
    
    And lastly the ClientCenter/web.config file looks like this:
    
    [Code]
    <configuration>
    <system.web>
    <authorization>
    <deny users="?" />
    <allow users="*" />
    </authorization>
    </system.web>
    </configuration>
    
    Now from all the books and examples I have been through, this should be all
    I need to get this login system up and running, right? Well something is
    going on here and i have no clue what. Please could someone show me what I
    am doing wrong here and why it is not generating my cookie! How do i ' Call
    the authentication event handler delegate' and what is that exactly? Do i
    have to set something in IIS for this to work? Please help!
    
    Thanks
    Nugs
    Kevin Spencer, Apr 15, 2004
    #2
    1. Advertising

  3. Nugs

    Nugs Guest

    Yes, the same login example works when run from other servers. When I run it
    locally nothing happens.


    "Kevin Spencer" <> wrote in message
    news:%...
    > Let's start by elminating the simple: Are you sure that the browser has
    > Cookies enabled?
    >
    > --
    > HTH,
    > Kevin Spencer
    > .Net Developer
    > Microsoft MVP
    > Big things are made up
    > of lots of little things.
    >
    > "Nugs" <> wrote in message
    > news:...
    > Hi there everyone, I'm new to this newsgroup so I hope you don't mind me
    > just asking a question, but it has been working me for way to long now and

    I
    > need some help. I'm fairly new to ASP.NET and VB.NET but have been

    cramming
    > for weeks now and hit a snag.It has to do with forms authentication in
    > ASP.NET. My problem is that when good credentials are sent from the
    > login.aspx page it doesn't seem to be generating a cookie for the user and
    > sends the user back to the login page because they are still
    > unauthenticated. I have been researching this allot and have been buried

    in
    > books for way to long now. Creating the login system seems so easy to do
    > that there are little troubleshooting pages to be found. I did find one

    that
    > described my problem in one short paragraph:
    >
    >
    >

    [http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/h
    > tml/SecNetch13.asp]
    > Using Forms Authentication
    > Make sure that the cookie name specified in the <forms> element is being
    > retrieved in the global.asax event handler correctly
    > (Application_AuthenticateRequest). Also, make sure the cookie is being
    > created. If the client is continuously sent back to the login page
    > (specified by the loginUrl attribute on the <forms> element) this

    indicates
    > that the cookie is not being created for some reason, or an authenticated
    > identity is not being placed into the context (HttpContext.User)
    >
    >
    > The structure I have is fairly simple. I have the root of my main
    > application open to anonymous users. I then have a secured directory

    called
    > 'ClientCenter'. Both have there own web.config files specifying there
    > separate authorization.
    >
    > At the root of my site I have my the main sites web.config file which

    looks
    > like so:
    >
    >
    Code:
    > <configuration>
    >      <appSettings>
    >           <add key="MM_CONNECTION_HANDLER_eOnConn"[/color]
    value="default_oledb.htm"[color=blue]
    > />
    >           <add key="MM_CONNECTION_STRING_eOnConn"
    > value="Provider=Microsoft.Jet.OLEDB.4.0;Data
    > Source=C:\Inetpub\wwwroot\eOn\Database\eOn.mdb;Persist Security[/color]
    Info=False"[color=blue]
    > />
    >           <add key="MM_CONNECTION_DATABASETYPE_eOnConn" value="OleDb" />
    >           <add key="MM_CONNECTION_SCHEMA_eOnConn" value="" />
    >           <add key="MM_CONNECTION_CATALOG_eOnConn" value="" />
    >      </appSettings>
    >
    >      <system.web>
    >           <authentication mode="Forms">
    >                <forms name=".CCAUTH" loginUrl="../login.aspx"
    > protection="All">
    >           <credentials passwordFormat="Clear">
    >             <user name="1" password="1" />
    >         </credentials>
    >                </forms>
    >           </authentication>
    >           <authorization>
    >                <allow users="?" />
    >           </authorization>
    >      </system.web>
    > </configuration>
    >
    > My login page code (with some help from the MSDN) looks like so:
    >
    > [Code]
    > <%@ Page Language="VB" AutoEventWireup="true" %>
    > <html>
    >    <head>
    >       <script runat="server">
    >          Sub LoginBtn_Click(sender as Object, e as EventArgs)
    > '            If Page.IsValid Then
    >                ' Call the authentication event handler delegate (not
    > included in this example).
    >                If FormsAuthentication.Authenticate(UserName.Text,
    > UserPass.Text) Then
    >                   ' Return to the originally requested URL.
    >                   FormsAuthentication.RedirectFromLoginPage(UserName.Text,
    > Remember.Checked)
    >                Else
    >                   Msg.Text = "Invalid Credentials: Please try again"
    >                End If
    > '            End If
    >          End Sub
    >       </script>
    >
    >     </head>
    >
    >    <body>
    >       <form runat="server">
    >          <h2>Login Page</h2>
    >          <hr size="1" />
    >          <table>
    >             <tbody>
    >             <tr>
    >                <td>Username:</td>
    >                <td><asp:TextBox id="UserName"
    > runat="server"></asp:TextBox></td>
    >                <td><asp:RequiredFieldValidator[/color]
    id="RequiredFieldValidator1"[color=blue]
    > runat="server" ControlToValidate="UserName"
    >                   Display="Static"
    > ErrorMessage="*"></asp:RequiredFieldValidator></td>
    >             </tr>
    >             <tr>
    >                <td>Password:</td>
    >                <td><asp:TextBox id="UserPass" runat="server"
    > TextMode="Password"></asp:TextBox></td>
    >                <td><asp:RequiredFieldValidator[/color]
    id="RequiredFieldValidator2"[color=blue]
    > runat="server" ControlToValidate="UserPass"
    >                   Display="Static"
    > ErrorMessage="*"></asp:RequiredFieldValidator></td>
    >             </tr>
    >             <tr>
    >                <td colspan="3"> <asp:CheckBox id="Remember"
    > runat="server"></asp:CheckBox>Remember credentials?</td>
    >             </tr>
    >          </tbody>
    >          </table>
    >          <asp:button id="LoginBtn" onclick="LoginBtn_Click" runat="server"
    > text="Login"></asp:button>
    >          <p><asp:Label id="Msg" runat="server"
    > ForeColor="red"></asp:Label></p>
    >       </form>
    >    </body>
    > </html>
    >
    > And lastly the ClientCenter/web.config file looks like this:
    >
    > [Code]
    > <configuration>
    >      <system.web>
    >           <authorization>
    >                <deny users="?" />
    >                <allow users="*" />
    >           </authorization>
    >      </system.web>
    > </configuration>
    >
    > Now from all the books and examples I have been through, this should be[/color]
    all[color=blue]
    > I need to get this login system up and running, right? Well something is
    > going on here and i have no clue what. Please could someone show me what I
    > am doing wrong here and why it is not generating my cookie! How do i '[/color]
    Call[color=blue]
    > the authentication event handler delegate' and what is that exactly? Do i
    > have to set something in IIS for this to work? Please help!
    >
    > Thanks
    > Nugs
    >
    >[/color]
    Nugs, Apr 15, 2004
    #3
  4. Nugs

    Nugs Guest

    Well the Microsoft page I mentioned previously says: "Make sure that the
    cookie name specified in the <forms> element is being retrieved in the
    global.asax event handler correctly (Application_AuthenticateRequest)"

    I don't believe I have done anything like this and in all the example I have
    read on this none have mentioned a global.asax event handler. Is this maybe
    my problem?

    Nugs

    "Kevin Spencer" <> wrote in message
    news:%...
    > Let's start by elminating the simple: Are you sure that the browser has
    > Cookies enabled?
    >
    > --
    > HTH,
    > Kevin Spencer
    > .Net Developer
    > Microsoft MVP
    > Big things are made up
    > of lots of little things.
    >
    > "Nugs" <> wrote in message
    > news:...
    > Hi there everyone, I'm new to this newsgroup so I hope you don't mind me
    > just asking a question, but it has been working me for way to long now and

    I
    > need some help. I'm fairly new to ASP.NET and VB.NET but have been

    cramming
    > for weeks now and hit a snag.It has to do with forms authentication in
    > ASP.NET. My problem is that when good credentials are sent from the
    > login.aspx page it doesn't seem to be generating a cookie for the user and
    > sends the user back to the login page because they are still
    > unauthenticated. I have been researching this allot and have been buried

    in
    > books for way to long now. Creating the login system seems so easy to do
    > that there are little troubleshooting pages to be found. I did find one

    that
    > described my problem in one short paragraph:
    >
    >
    >

    [http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/h
    > tml/SecNetch13.asp]
    > Using Forms Authentication
    > Make sure that the cookie name specified in the <forms> element is being
    > retrieved in the global.asax event handler correctly
    > (Application_AuthenticateRequest). Also, make sure the cookie is being
    > created. If the client is continuously sent back to the login page
    > (specified by the loginUrl attribute on the <forms> element) this

    indicates
    > that the cookie is not being created for some reason, or an authenticated
    > identity is not being placed into the context (HttpContext.User)
    >
    >
    > The structure I have is fairly simple. I have the root of my main
    > application open to anonymous users. I then have a secured directory

    called
    > 'ClientCenter'. Both have there own web.config files specifying there
    > separate authorization.
    >
    > At the root of my site I have my the main sites web.config file which

    looks
    > like so:
    >
    >
    Code:
    > <configuration>
    >      <appSettings>
    >           <add key="MM_CONNECTION_HANDLER_eOnConn"[/color]
    value="default_oledb.htm"[color=blue]
    > />
    >           <add key="MM_CONNECTION_STRING_eOnConn"
    > value="Provider=Microsoft.Jet.OLEDB.4.0;Data
    > Source=C:\Inetpub\wwwroot\eOn\Database\eOn.mdb;Persist Security[/color]
    Info=False"[color=blue]
    > />
    >           <add key="MM_CONNECTION_DATABASETYPE_eOnConn" value="OleDb" />
    >           <add key="MM_CONNECTION_SCHEMA_eOnConn" value="" />
    >           <add key="MM_CONNECTION_CATALOG_eOnConn" value="" />
    >      </appSettings>
    >
    >      <system.web>
    >           <authentication mode="Forms">
    >                <forms name=".CCAUTH" loginUrl="../login.aspx"
    > protection="All">
    >           <credentials passwordFormat="Clear">
    >             <user name="1" password="1" />
    >         </credentials>
    >                </forms>
    >           </authentication>
    >           <authorization>
    >                <allow users="?" />
    >           </authorization>
    >      </system.web>
    > </configuration>
    >
    > My login page code (with some help from the MSDN) looks like so:
    >
    > [Code]
    > <%@ Page Language="VB" AutoEventWireup="true" %>
    > <html>
    >    <head>
    >       <script runat="server">
    >          Sub LoginBtn_Click(sender as Object, e as EventArgs)
    > '            If Page.IsValid Then
    >                ' Call the authentication event handler delegate (not
    > included in this example).
    >                If FormsAuthentication.Authenticate(UserName.Text,
    > UserPass.Text) Then
    >                   ' Return to the originally requested URL.
    >                   FormsAuthentication.RedirectFromLoginPage(UserName.Text,
    > Remember.Checked)
    >                Else
    >                   Msg.Text = "Invalid Credentials: Please try again"
    >                End If
    > '            End If
    >          End Sub
    >       </script>
    >
    >     </head>
    >
    >    <body>
    >       <form runat="server">
    >          <h2>Login Page</h2>
    >          <hr size="1" />
    >          <table>
    >             <tbody>
    >             <tr>
    >                <td>Username:</td>
    >                <td><asp:TextBox id="UserName"
    > runat="server"></asp:TextBox></td>
    >                <td><asp:RequiredFieldValidator[/color]
    id="RequiredFieldValidator1"[color=blue]
    > runat="server" ControlToValidate="UserName"
    >                   Display="Static"
    > ErrorMessage="*"></asp:RequiredFieldValidator></td>
    >             </tr>
    >             <tr>
    >                <td>Password:</td>
    >                <td><asp:TextBox id="UserPass" runat="server"
    > TextMode="Password"></asp:TextBox></td>
    >                <td><asp:RequiredFieldValidator[/color]
    id="RequiredFieldValidator2"[color=blue]
    > runat="server" ControlToValidate="UserPass"
    >                   Display="Static"
    > ErrorMessage="*"></asp:RequiredFieldValidator></td>
    >             </tr>
    >             <tr>
    >                <td colspan="3"> <asp:CheckBox id="Remember"
    > runat="server"></asp:CheckBox>Remember credentials?</td>
    >             </tr>
    >          </tbody>
    >          </table>
    >          <asp:button id="LoginBtn" onclick="LoginBtn_Click" runat="server"
    > text="Login"></asp:button>
    >          <p><asp:Label id="Msg" runat="server"
    > ForeColor="red"></asp:Label></p>
    >       </form>
    >    </body>
    > </html>
    >
    > And lastly the ClientCenter/web.config file looks like this:
    >
    > [Code]
    > <configuration>
    >      <system.web>
    >           <authorization>
    >                <deny users="?" />
    >                <allow users="*" />
    >           </authorization>
    >      </system.web>
    > </configuration>
    >
    > Now from all the books and examples I have been through, this should be[/color]
    all[color=blue]
    > I need to get this login system up and running, right? Well something is
    > going on here and i have no clue what. Please could someone show me what I
    > am doing wrong here and why it is not generating my cookie! How do i '[/color]
    Call[color=blue]
    > the authentication event handler delegate' and what is that exactly? Do i
    > have to set something in IIS for this to work? Please help!
    >
    > Thanks
    > Nugs
    >
    >[/color]
    Nugs, Apr 17, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. eric bin
    Replies:
    1
    Views:
    276
    Morris Dovey
    Nov 5, 2003
  2. Hello everyone

    , Sep 4, 2006, in forum: Java
    Replies:
    2
    Views:
    329
    Mark Space
    Sep 4, 2006
  3. softwindow
    Replies:
    1
    Views:
    347
    softwindow
    Sep 6, 2006
  4. flyreally

    hello,everyone

    flyreally, Jan 16, 2007, in forum: C Programming
    Replies:
    1
    Views:
    284
    Richard Heathfield
    Jan 16, 2007
  5. Roy
    Replies:
    6
    Views:
    577
    Roedy Green
    Jan 7, 2008
Loading...

Share This Page