Unable to get Forms-based Authentication to work

Discussion in 'ASP .Net Security' started by Attila, Jul 10, 2003.

  1. Attila

    Attila Guest

    Hello,

    I'm new to ASP.NET, and I'm trying to learn how to implement forms
    based authentication. However, I don't know what I'm doing wrong.
    While the FormsAuthentication.Authenticate method returns true, after
    I call FormsAuthentication.RedirectFromLoginPage I am redirected back
    to the login page. I would expect that once the Authenticate method is
    run, the user should be authenticated, and the user should be able to
    view any page on the site.
    Any ideas of what I'm doing wrong? Do I need to set a session
    variable? Is there something wrong/missing from my web.config file?

    Thanks,
    Attila

    web.config:

    <configuration>
    <system.web>
    <authentication mode="Forms">
    <forms name=".helpdesk_admin_dev"
    path="/"
    loginUrl="LogIn.aspx"
    protection="Encryption"
    timeout="300">
    <credentials passwordFormat="Clear">
    <user name="test" password="1234" />
    </credentials>
    </forms>
    </authentication>

    <authorization>
    <allow users="test" />
    <deny users="?" />
    </authorization>
    </system.web>
    </configuration>

    LogIn.aspx code:
    protected void Login_Click(Object sender, EventArgs E)
    {
    string strUsername = Username.Value;
    string strPassword = Password.Value;

    //Validate the username against the web.config file
    if(FormsAuthentication.Authenticate(strUsername, strPassword))
    {
    FormsAuthentication.RedirectFromLoginPage(strUsername, false);
    }
    else
    {
    Message.Text = "You did not enter a valid username and password.";
    }
    }
    Attila, Jul 10, 2003
    #1
    1. Advertising

  2. Hi Attila,

    Please refer to the following MSDN articles for how to implement form based
    authentication in asp.net:

    HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
    Using C# .NET
    http://support.microsoft.com/?id=301240

    HOW TO: Implement Role-Based Security with Forms-Based Authentication in
    Your ASP.NET Application by Using Visual C# .NET
    http://support.microsoft.com/?id=311495

    Hope this helps.

    Regards,
    HuangTM
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Tian Min Huang, Jul 11, 2003
    #2
    1. Advertising

  3. Attila

    Attila Guest

    Thank you, but I have already seen those links. From what I can tell
    my settings are setup correctly, yet it still doesn't appear to be
    working. I had thought that my problem was related to my browser,
    although it's currently set to accept all cookies.

    Attila

    (Tian Min Huang) wrote in message news:<mk$>...
    > Hi Attila,
    >
    > Please refer to the following MSDN articles for how to implement form based
    > authentication in asp.net:
    >
    > HOW TO: Implement Forms-Based Authentication in Your ASP.NET Application by
    > Using C# .NET
    > http://support.microsoft.com/?id=301240
    >
    > HOW TO: Implement Role-Based Security with Forms-Based Authentication in
    > Your ASP.NET Application by Using Visual C# .NET
    > http://support.microsoft.com/?id=311495
    >
    > Hope this helps.
    >
    > Regards,
    > HuangTM
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    Attila, Jul 14, 2003
    #3
  4. Attila

    JD Bee Guest

    Hi Buddy!

    I had the exact same problem as you did. here is how i solved it:

    First, i want you to know i dont fully understand why it works, but it
    does. :)

    to redirect after login i was using:

    Response.Redirect(
    FormsAuthentication.GetRedirectUrl(this.Username.Text,false));

    i replaced it with:
    FormsAuthentication.RedirectFromLoginPage(this.Username.Text,true);

    and it now works fine. is it the state cookie param from false to true
    or the change of the method, im not sure.



    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    JD Bee, Jul 14, 2003
    #4
  5. Attila

    JD Bee Guest

    Hi Buddy!

    I had the exact same problem as you did. here is how i solved it:

    First, i want you to know i dont fully understand why it works, but it
    does. :)

    to redirect after login i was using:

    Response.Redirect(
    FormsAuthentication.GetRedirectUrl(this.Username.Text,false));

    i replaced it with:
    FormsAuthentication.RedirectFromLoginPage(this.Username.Text,true);

    and it now works fine. is it the state cookie param from false to true
    or the change of the method, im not sure.



    *** Sent via Developersdex http://www.developersdex.com ***
    Don't just participate in USENET...get rewarded for it!
    JD Bee, Jul 14, 2003
    #5
  6. Hi Attila,

    Thanks for your update.

    Please check whether your server name contains other characters, say,
    underscore character ("_"). Based on my research, Internet Explorer blocks
    cookies from a server if the its name contains such characters. Please
    refer to the following article for detailed information:

    PRB: Session Variables Do Not Persist Between Requests After You Install
    Internet Explorer Security Patch MS01-055
    http://support.microsoft.com/?id=316112

    I look forward to hearing from you.

    Have a nice day!

    Regards,

    HuangTM
    Microsoft Online Partner Support
    MCSE/MCSD

    Get Secure! ¨C www.microsoft.com/security
    This posting is provided ¡°as is¡± with no warranties and confers no rights.
    Tian Min Huang, Jul 16, 2003
    #6
  7. Attila

    Attila Guest

    The problem was that my server name contained uderscores. I removed
    the underscores from the server name, and it now works. Thanks.

    Attila

    (Tian Min Huang) wrote in message news:<>...
    > Hi Attila,
    >
    > Thanks for your update.
    >
    > Please check whether your server name contains other characters, say,
    > underscore character ("_"). Based on my research, Internet Explorer blocks
    > cookies from a server if the its name contains such characters. Please
    > refer to the following article for detailed information:
    >
    > PRB: Session Variables Do Not Persist Between Requests After You Install
    > Internet Explorer Security Patch MS01-055
    > http://support.microsoft.com/?id=316112
    >
    > I look forward to hearing from you.
    >
    > Have a nice day!
    >
    > Regards,
    >
    > HuangTM
    > Microsoft Online Partner Support
    > MCSE/MCSD
    >
    > Get Secure! ¨C www.microsoft.com/security
    > This posting is provided ¡°as is¡± with no warranties and confers no rights.
    Attila, Jul 16, 2003
    #7
  8. Attila

    John Kievlan Guest

    I will be forever in your debt, friend Tian. I've been
    beating my head into the wall over this problem for the
    past two weeks... and if I hadn't come across this
    thread, I'd *still* be beating my head into the wall. My
    server name contained an underscore, and when I started
    using ASP.NET, I couldn't store cookies or session
    variables... which was EXTREMELY frustrating. Thanks
    again.
    John Kievlan, Jul 24, 2003
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Vic

    forms-based authentication

    Vic, Oct 29, 2003, in forum: ASP .Net
    Replies:
    9
    Views:
    654
  2. Rob
    Replies:
    4
    Views:
    1,029
  3. Eric
    Replies:
    2
    Views:
    1,462
    Tommy
    Feb 13, 2004
  4. Keltex
    Replies:
    1
    Views:
    396
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
  5. Eric
    Replies:
    2
    Views:
    504
Loading...

Share This Page