Q: form authentication complete?

Discussion in 'ASP .Net' started by =?Utf-8?B?SklNLkgu?=, Jun 24, 2005.

  1. Hello,
    I used this site to do form authentication
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod17.asp

    My code successfully comes to the point:
    if (passwordVerified == true )
    {
    // The user is authenticated
    // At this point, an authentication ticket is normally created
    // This can subsequently be used to generate a GenericPrincipal
    // object for .NET authorization purposes
    // For details, see "How To: Use Forms authentication with GenericPrincipal
    // objects
    lmsg.Text = "Logon successful: User is authenticated";
    Server.Transfer("MyMainPage.aspx", true);.
    }

    As you see, I do not do anything after that and switch to my main page by
    using Server.Transfer("MyMainPage.aspx", true);. My problem is, even if I
    have anonymous access and integrated windows checked, I get prompt to login
    when I go to my main page. Maybe I should cerate ticket here to complete
    authentication. If that is the case, how can I do that?
     
    =?Utf-8?B?SklNLkgu?=, Jun 24, 2005
    #1
    1. Advertising

  2. If you use Windows security to secure files, you will have to log in to
    access the files. The same is true if you set the config file up to check
    whether the user is valid for certain pages. Even with anon access on, you
    will end up with a security check if the app is configured to check.

    If you would like to have an app on a domain that automatically logs people
    in, that is a setting in Internet Explorer. The best way to facilitate is to
    talk to the network admins and have them push it.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    ***************************
    Think Outside the Box!
    ***************************


    "JIM.H." wrote:

    > Hello,
    > I used this site to do form authentication
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod17.asp
    >
    > My code successfully comes to the point:
    > if (passwordVerified == true )
    > {
    > // The user is authenticated
    > // At this point, an authentication ticket is normally created
    > // This can subsequently be used to generate a GenericPrincipal
    > // object for .NET authorization purposes
    > // For details, see "How To: Use Forms authentication with GenericPrincipal
    > // objects
    > lmsg.Text = "Logon successful: User is authenticated";
    > Server.Transfer("MyMainPage.aspx", true);.
    > }
    >
    > As you see, I do not do anything after that and switch to my main page by
    > using Server.Transfer("MyMainPage.aspx", true);. My problem is, even if I
    > have anonymous access and integrated windows checked, I get prompt to login
    > when I go to my main page. Maybe I should cerate ticket here to complete
    > authentication. If that is the case, how can I do that?
    >
     
    =?Utf-8?B?Q293Ym95IChHcmVnb3J5IEEuIEJlYW1lcikgLSBN, Jun 24, 2005
    #2
    1. Advertising

  3. I could not believe that nobody is able to answer this question. This whole
    concept of authorization, authentication, IIS are complex. Microsoft should
    come up with better simple way of handling these issues. High level security
    is important but if you have to know all details to have it, then you are
    actually missing the whole point of security. It should be implement-able
    easily.

    Anyway, I put this line
    FormsAuthentication.SetAuthCookie(txtUserName.Text,false);
    before server transfer, it works fine.

    "JIM.H." wrote:

    > Hello,
    > I used this site to do form authentication
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod17.asp
    >
    > My code successfully comes to the point:
    > if (passwordVerified == true )
    > {
    > // The user is authenticated
    > // At this point, an authentication ticket is normally created
    > // This can subsequently be used to generate a GenericPrincipal
    > // object for .NET authorization purposes
    > // For details, see "How To: Use Forms authentication with GenericPrincipal
    > // objects
    > lmsg.Text = "Logon successful: User is authenticated";
    > Server.Transfer("MyMainPage.aspx", true);.
    > }
    >
    > As you see, I do not do anything after that and switch to my main page by
    > using Server.Transfer("MyMainPage.aspx", true);. My problem is, even if I
    > have anonymous access and integrated windows checked, I get prompt to login
    > when I go to my main page. Maybe I should cerate ticket here to complete
    > authentication. If that is the case, how can I do that?
    >
     
    =?Utf-8?B?SklNLkgu?=, Jun 24, 2005
    #3
  4. =?Utf-8?B?SklNLkgu?=

    Guest

    from... "System.Web.Security" namespace

    FormsAuthentication.RedirectFromLoginPage("SomePage.aspx")

    This will work by parsing a querystring in Login page's URL. There are
    also some entries in web.config that have to be set.

    Let the forms security do the redirect/transfer. Do not do it
    explicitly. Examples on gotdotnet.com.
     
    , Jun 25, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Arjen
    Replies:
    3
    Views:
    347
    Curt_C [MVP]
    Aug 30, 2004
  2. =?Utf-8?B?R2VvcmdlQXRraW5z?=

    Re: How do you e-mail a complete form not just the data

    =?Utf-8?B?R2VvcmdlQXRraW5z?=, Mar 16, 2006, in forum: ASP .Net
    Replies:
    5
    Views:
    443
    =?Utf-8?B?R2VvcmdlQXRraW5z?=
    Mar 29, 2006
  3. Dom
    Replies:
    0
    Views:
    468
  4. Dom
    Replies:
    0
    Views:
    510
  5. Max
    Replies:
    2
    Views:
    1,109
Loading...

Share This Page