Redirect not working

Discussion in 'ASP .Net Security' started by Ldraw, Dec 29, 2004.

  1. Ldraw

    Ldraw Guest

    I have looked at all the Redirect questions on this site without finding a
    resoultion
    to my redirect problem. I am using sample code to verify a user and
    password from a login page but although the verification is successful and I
    can see that the return url is where I need to go I am continously looped
    back to the login page.
    Cookies are enabled. See code example below.

    --WebConfig--
    <authentication mode="Forms">
    <forms name="TestLoginAthu" path="/" loginUrl="WebForm1.aspx"
    protection="All" timeout="30">
    <credentials passwordFormat="Clear">
    <user name="jeff" password="test" />
    <user name="mike" password="test" />
    </credentials>
    </forms>
    </authentication>

    --Code Behind

    HttpCookie cookie = FormsAuthentication.GetAuthCookie ( TextBox1.Text,
    CheckBox1.Checked );
    // Expires in 30 days, 12 hours and 30 minutes from today.
    cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 12, 30, 0));
    Response.Cookies.Add (cookie);
    string strUrl = FormsAuthentication.GetRedirectUrl ( TextBox1.Text,
    CheckBox1.Checked );
    Response.Redirect( strUrl );
    Ldraw, Dec 29, 2004
    #1
    1. Advertising

  2. Ldraw

    Mark Miller Guest

    As far as I can tell you have protection set to "All" which uses encryption
    for the cookie. But you are not ecrypting the cookie before you write it to
    the Response stream. I'm not sure how to encrypt a cookie after calling
    GetAuthCookie() but an alternative is to create a FormsAuthentication ticket
    and then use the FormsAuthentication.Encrypt() method passing in the ticket.
    Your sample it should give you the exact same functionality you need. Here's
    a sample:

    //create ticket
    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1,
    txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(30), true,
    string.Empty);
    //encrypt ticket and capture string result
    string sEncryptedTicket = FormsAuthentication.Encrypt( ticket );
    //create a new cookie and add it to the Response stream
    Response.Cookies.Add( new System.Web.HttpCookie(
    FormsAuthentication.FormsCookieName, sEncryptedTicket ) );

    I hope that helps.

    Regards,
    Mark

    "Ldraw" <> wrote in message
    news:...
    >I have looked at all the Redirect questions on this site without finding a
    > resoultion
    > to my redirect problem. I am using sample code to verify a user and
    > password from a login page but although the verification is successful and
    > I
    > can see that the return url is where I need to go I am continously looped
    > back to the login page.
    > Cookies are enabled. See code example below.
    >
    > --WebConfig--
    > <authentication mode="Forms">
    > <forms name="TestLoginAthu" path="/" loginUrl="WebForm1.aspx"
    > protection="All" timeout="30">
    > <credentials passwordFormat="Clear">
    > <user name="jeff" password="test" />
    > <user name="mike" password="test" />
    > </credentials>
    > </forms>
    > </authentication>
    >
    > --Code Behind
    >
    > HttpCookie cookie = FormsAuthentication.GetAuthCookie ( TextBox1.Text,
    > CheckBox1.Checked );
    > // Expires in 30 days, 12 hours and 30 minutes from today.
    > cookie.Expires = DateTime.Now.Add(new TimeSpan(30, 12, 30, 0));
    > Response.Cookies.Add (cookie);
    > string strUrl = FormsAuthentication.GetRedirectUrl ( TextBox1.Text,
    > CheckBox1.Checked );
    > Response.Redirect( strUrl );
    Mark Miller, Dec 30, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paul
    Replies:
    0
    Views:
    594
  2. Poppy

    Response.redirect not working

    Poppy, Nov 3, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    4,507
    Peter O'Reilly
    Nov 3, 2003
  3. =?Utf-8?B?VHJveQ==?=

    Response.redirect does not redirect from .aspx page

    =?Utf-8?B?VHJveQ==?=, Oct 18, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    5,206
    Srowe1975
    Oct 15, 2008
  4. gaurav tyagi
    Replies:
    14
    Views:
    1,301
    gaurav tyagi
    Jan 20, 2006
  5. Sal
    Replies:
    1
    Views:
    362
Loading...

Share This Page