A
asadikhan
Hi,
I am trying to use the login control functionality on my website. I
have created this folder called Media which will contain the secured
pages of my site. I dragged a Login control on a register.aspx and
added the following code:
protected void Login1_Authenticate(object sender,
AuthenticateEventArgs e)
{
bool Authenticated = false;
Authenticated =
SiteLevelCustomAuthenticationMethod(Login1.UserName, Login1.Password);
e.Authenticated = Authenticated;
if (Authenticated == true)
{
Response.Redirect("~//Media//Media.aspx");
}
}
private bool SiteLevelCustomAuthenticationMethod(string username,
string password)
{
bool boolReturnValue = false;
if (username.ToLower().Equals("me") &&
password.ToLower().Equals("abc123"))
boolReturnValue = true;
return boolReturnValue;
}
(Of course I will change the code in
SiteLevelCustomAuthenticationMethod to either connect to database, or
read an xml file and match username password. )
This worked but the problem I was having was that the users could still
browse to "Media/Media.aspx" manually and it would allow them. I then
added the following to my web.config:
<configuration
xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true"/>
<authorization>
<allow users="*"/>
</authorization>
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="RegisterLogin.aspx"
protection="Validation"
timeout="999999"/>
</authentication>
</system.web>
<location path="Media">
<system.web>
<compilation debug="true"/>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Now when I did this, it stopped anyone from directly browsing to the
Media.aspx, but it also stopped the authenticated user (me, abc123)
from logging in and it kept throwing him back to the register.aspx.
I figured this is happening because the user isn't really authenticated
i.e. Context.User.Identity.IsAuthenticated is false. So I don't know
what to do to actually authenticate the user? It's almost as if the
link between my authentication method above and the web.config file is
broken. What am I missing? What do I need to do more?
p.s.: I have no idea what this is "<forms name=".ASPXAUTH"". I didn't
know what else to use as I am using master pages, and really have only
one form in my master page. So I just put this name there. Didn't seem
to be doing anything drastic.
Asad
I am trying to use the login control functionality on my website. I
have created this folder called Media which will contain the secured
pages of my site. I dragged a Login control on a register.aspx and
added the following code:
protected void Login1_Authenticate(object sender,
AuthenticateEventArgs e)
{
bool Authenticated = false;
Authenticated =
SiteLevelCustomAuthenticationMethod(Login1.UserName, Login1.Password);
e.Authenticated = Authenticated;
if (Authenticated == true)
{
Response.Redirect("~//Media//Media.aspx");
}
}
private bool SiteLevelCustomAuthenticationMethod(string username,
string password)
{
bool boolReturnValue = false;
if (username.ToLower().Equals("me") &&
password.ToLower().Equals("abc123"))
boolReturnValue = true;
return boolReturnValue;
}
(Of course I will change the code in
SiteLevelCustomAuthenticationMethod to either connect to database, or
read an xml file and match username password. )
This worked but the problem I was having was that the users could still
browse to "Media/Media.aspx" manually and it would allow them. I then
added the following to my web.config:
<configuration
xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true"/>
<authorization>
<allow users="*"/>
</authorization>
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="RegisterLogin.aspx"
protection="Validation"
timeout="999999"/>
</authentication>
</system.web>
<location path="Media">
<system.web>
<compilation debug="true"/>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
Now when I did this, it stopped anyone from directly browsing to the
Media.aspx, but it also stopped the authenticated user (me, abc123)
from logging in and it kept throwing him back to the register.aspx.
I figured this is happening because the user isn't really authenticated
i.e. Context.User.Identity.IsAuthenticated is false. So I don't know
what to do to actually authenticate the user? It's almost as if the
link between my authentication method above and the web.config file is
broken. What am I missing? What do I need to do more?
p.s.: I have no idea what this is "<forms name=".ASPXAUTH"". I didn't
know what else to use as I am using master pages, and really have only
one form in my master page. So I just put this name there. Didn't seem
to be doing anything drastic.
Asad