redirecting from another page besides the login page

Discussion in 'ASP .Net Security' started by WhiskyRomeo, Jan 18, 2005.

  1. WhiskyRomeo

    WhiskyRomeo Guest

    We have forms authentication working on a website. A user is presented the
    login page where he can login or press a button to go to the Registration
    page.

    In the Registration page, he puts in his data and submits it. If
    successful, he is taken to the login page to reenter is his username,
    password. Can we elminate this second step without compromising security?
    That is have the system login a user?

    I attempted to redirect him from the Registration page, but forms
    authentication will not allow that.

    The code to do the redirections is very simple:

    Private Sub RedirectUser(ByVal strUserName As String)

    Dim strReturnURL As String = Request.QueryString.Item("ReturnUrl")
    'create authentication ticket
    Dim authTicket As New FormsAuthenticationTicket(1, strUserName,
    DateTime.Now, DateTime.Now.AddMinutes(20), False, Session("WebRoles"))

    'Create encrypted string representation of ticket
    Dim strEncryptedTicket As String
    Try
    strEncryptedTicket = FormsAuthentication.Encrypt(authTicket)
    Catch ex As Exception
    Session("StringEncrptFailed") = ex.Message
    End Try

    'Store it within a HttpCookie Object
    Dim authCookie As New
    HttpCookie(FormsAuthentication.FormsCookieName, strEncryptedTicket)
    Dim strCookiePath As String = authCookie.Path
    'Add it the cookie to the outgoing cookie collection
    Try
    Response.Cookies.Add(authCookie)
    Catch ex As Exception
    Session("CookieAddFailed") = ex.Message
    End Try

    'Redirect the request
    Response.Redirect(FormsAuthentication.GetRedirectUrl(strUserName,
    True))


    End Sub
    --
    wr
     
    WhiskyRomeo, Jan 18, 2005
    #1
    1. Advertising

  2. WhiskyRomeo

    WhiskyRomeo Guest

    I think the answer to this problem is when the user sucessfully add himself
    the following lines of code are executed:

    FormsAuthentication.SetAuthCookie(tbEmail.Text, False)
    Response.Redirect("Public/Appt.aspx")

    I just want to make sure no compromise is made in security. Is there?

    "WhiskyRomeo" wrote:

    > We have forms authentication working on a website. A user is presented the
    > login page where he can login or press a button to go to the Registration
    > page.
    >
    > In the Registration page, he puts in his data and submits it. If
    > successful, he is taken to the login page to reenter is his username,
    > password. Can we elminate this second step without compromising security?
    > That is have the system login a user?
    >
    > I attempted to redirect him from the Registration page, but forms
    > authentication will not allow that.
    >
    > The code to do the redirections is very simple:
    >
    > Private Sub RedirectUser(ByVal strUserName As String)
    >
    > Dim strReturnURL As String = Request.QueryString.Item("ReturnUrl")
    > 'create authentication ticket
    > Dim authTicket As New FormsAuthenticationTicket(1, strUserName,
    > DateTime.Now, DateTime.Now.AddMinutes(20), False, Session("WebRoles"))
    >
    > 'Create encrypted string representation of ticket
    > Dim strEncryptedTicket As String
    > Try
    > strEncryptedTicket = FormsAuthentication.Encrypt(authTicket)
    > Catch ex As Exception
    > Session("StringEncrptFailed") = ex.Message
    > End Try
    >
    > 'Store it within a HttpCookie Object
    > Dim authCookie As New
    > HttpCookie(FormsAuthentication.FormsCookieName, strEncryptedTicket)
    > Dim strCookiePath As String = authCookie.Path
    > 'Add it the cookie to the outgoing cookie collection
    > Try
    > Response.Cookies.Add(authCookie)
    > Catch ex As Exception
    > Session("CookieAddFailed") = ex.Message
    > End Try
    >
    > 'Redirect the request
    > Response.Redirect(FormsAuthentication.GetRedirectUrl(strUserName,
    > True))
    >
    >
    > End Sub
    > --
    > wr
     
    WhiskyRomeo, Jan 18, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bennett Haselton
    Replies:
    3
    Views:
    501
    Didier Kuttel
    Aug 19, 2003
  2. Jim Bancroft
    Replies:
    5
    Views:
    575
    =?Utf-8?B?QnJhZCBRdWlubg==?=
    Aug 13, 2004
  3. Li Ma
    Replies:
    0
    Views:
    495
    Li Ma
    Dec 28, 2004
  4. Vanessa
    Replies:
    5
    Views:
    284
    Vanessa
    Sep 22, 2005
  5. Replies:
    1
    Views:
    142
    ccc31807
    Mar 24, 2008
Loading...

Share This Page