Problem with FormsAuthentication and SetAuthCookie

Discussion in 'ASP .Net Security' started by David Colliver, Jun 9, 2005.

  1. Hi all,

    I am having a slight problem with my app and authentication.

    My system uses Microsoft CMS 2002, so what I have needs to fit around that.
    In this case, I am not using CMS to manage the authentication. I am using SQL
    Server.

    Here is what I want to achieve...

    Because I am using CMS, I don't want to have to create hundreds of different
    pages to manage different parts of one application as this would require that
    I create hundreds of templates. I need it to be as simple as possible, so I
    build up the page in panels, switching off and on when needed.

    My page has:
    [PANEL] UserName/Password boxes and a Login Button.

    [PANEL] Tabstrip

    [PANEL] application contents.

    Naturally, first entry to the page should only show the login panel. This it
    does admirably.

    I enter my details and it shows the tabstrip panel. I click on an item in
    the tabstrip to view the app content. However, the Login Panel now shows up
    as well as the app content. (This is a logic problem that I can fix later...)

    The issue is that after I setauthcookie, I am still not authenticated.

    I am trying to avoid having seperate login pages and redirectors to another
    page, so my login code and app code are all in the same page.

    In my page load, I have...

    if (User.Identity.IsAuthenticated)
    {
    TabListPanel.Visible = true;
    Trace.Warn("Auth", DateTime.Now.ToString());
    }
    else
    {
    LoginPanel.Visible = true;
    }

    In my button click event, I have:

    CheckLogin();

    CkeckLogin is:

    try
    {
    sqlConn.Open();

    SqlDataAdapter cmd;

    if (User.Identity.IsAuthenticated)
    {
    cmd = new SqlDataAdapter("select * from myuser where username = '" +
    User.Identity.Name + "'", sqlConn);
    }
    else
    {
    cmd = new SqlDataAdapter("select * from myuser where username = '" +
    LoginBox.Text.Replace("'", "''") + "' and password = '" +
    PasswordBox.Text.Replace("'", "''") + "'", sqlConn);
    }

    DataSet Login = new DataSet();
    cmd.Fill(Login, "UserDetails");

    if (Login.Tables["UserDetails"].Rows.Count > 0)
    {
    // Write the authentication cookie.
    FormsAuthentication.SetAuthCookie(LogintBox.Text, true);
    // Remove login panel, show links (TAB) panel.
    LoginPanel.Visible = false;
    TabListPanel.Visible = true;
    }
    }
    finally
    {
    sqlConn.Close();
    }


    To me, everything is as it should be, but after I login, the
    User.Identity.IsAuthenticated in PageLoad returns false.

    How can I get around this?

    Thanks.

    Regards,
    Dave Colliver.
    http://www.AshfieldFOCUS.com
    ~~
    http://www.FOCUSPortals.com - Portal franchises available
    David Colliver, Jun 9, 2005
    #1
    1. Advertising

  2. Anybody???


    Regards,
    Dave Colliver.
    http://www.SheffieldFOCUS.com
    ~~
    http://www.FOCUSPortals.com - Portal franchises available


    "David Colliver" wrote:

    > Hi all,
    >
    > I am having a slight problem with my app and authentication.
    >
    > My system uses Microsoft CMS 2002, so what I have needs to fit around that.
    > In this case, I am not using CMS to manage the authentication. I am using SQL
    > Server.
    >
    > Here is what I want to achieve...
    >
    > Because I am using CMS, I don't want to have to create hundreds of different
    > pages to manage different parts of one application as this would require that
    > I create hundreds of templates. I need it to be as simple as possible, so I
    > build up the page in panels, switching off and on when needed.
    >
    > My page has:
    > [PANEL] UserName/Password boxes and a Login Button.
    >
    > [PANEL] Tabstrip
    >
    > [PANEL] application contents.
    >
    > Naturally, first entry to the page should only show the login panel. This it
    > does admirably.
    >
    > I enter my details and it shows the tabstrip panel. I click on an item in
    > the tabstrip to view the app content. However, the Login Panel now shows up
    > as well as the app content. (This is a logic problem that I can fix later...)
    >
    > The issue is that after I setauthcookie, I am still not authenticated.
    >
    > I am trying to avoid having seperate login pages and redirectors to another
    > page, so my login code and app code are all in the same page.
    >
    > In my page load, I have...
    >
    > if (User.Identity.IsAuthenticated)
    > {
    > TabListPanel.Visible = true;
    > Trace.Warn("Auth", DateTime.Now.ToString());
    > }
    > else
    > {
    > LoginPanel.Visible = true;
    > }
    >
    > In my button click event, I have:
    >
    > CheckLogin();
    >
    > CkeckLogin is:
    >
    > try
    > {
    > sqlConn.Open();
    >
    > SqlDataAdapter cmd;
    >
    > if (User.Identity.IsAuthenticated)
    > {
    > cmd = new SqlDataAdapter("select * from myuser where username = '" +
    > User.Identity.Name + "'", sqlConn);
    > }
    > else
    > {
    > cmd = new SqlDataAdapter("select * from myuser where username = '" +
    > LoginBox.Text.Replace("'", "''") + "' and password = '" +
    > PasswordBox.Text.Replace("'", "''") + "'", sqlConn);
    > }
    >
    > DataSet Login = new DataSet();
    > cmd.Fill(Login, "UserDetails");
    >
    > if (Login.Tables["UserDetails"].Rows.Count > 0)
    > {
    > // Write the authentication cookie.
    > FormsAuthentication.SetAuthCookie(LogintBox.Text, true);
    > // Remove login panel, show links (TAB) panel.
    > LoginPanel.Visible = false;
    > TabListPanel.Visible = true;
    > }
    > }
    > finally
    > {
    > sqlConn.Close();
    > }
    >
    >
    > To me, everything is as it should be, but after I login, the
    > User.Identity.IsAuthenticated in PageLoad returns false.
    >
    > How can I get around this?
    >
    > Thanks.
    >
    > Regards,
    > Dave Colliver.
    > http://www.AshfieldFOCUS.com
    > ~~
    > http://www.FOCUSPortals.com - Portal franchises available
    >
    David Colliver, Jun 16, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. fadi
    Replies:
    0
    Views:
    780
  2. Bill Henning
    Replies:
    8
    Views:
    9,517
    King Adrock
    Nov 9, 2005
  3. Cirene
    Replies:
    2
    Views:
    551
    Cirene
    Jun 25, 2008
  4. Cheung Wang Tin

    SetAuthCookie problem

    Cheung Wang Tin, Jul 5, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    191
    Cheung Wang Tin
    Jul 5, 2004
  5. Pascal.Landry

    problem with SetAuthCookie

    Pascal.Landry, Mar 3, 2005, in forum: ASP .Net Security
    Replies:
    0
    Views:
    128
    Pascal.Landry
    Mar 3, 2005
Loading...

Share This Page