VB Login page problem?

Discussion in 'ASP .Net Security' started by Dam6, Jun 24, 2005.

  1. Dam6

    Dam6 Guest

    Okay...
    Using vb .net within DW MX2004, connecting to an access database:

    Background: I have created a simple login.aspx page that is supposed to
    re-direct to default.aspx using FormsAuthentication.RedirectFromLoginPage.
    The data is correct from testing the dataset etc and the page also informs
    me that I have entered an incorrect user / password.

    Problem:
    When I go to http://localhost/Modify/Login.aspx and enter the username and
    password the url returns
    http://localhost/Modify/login.aspx?ReturnUrl=/Modify/default.aspx and
    does not take me to any other page???

    Code:
    WEB.CONFIG:

    <system.web>
    <customErrors mode="Off" />
    <authentication mode = "Forms">
    <forms name = " .SECAUTH " loginUrl="login.aspx">
    <credentials />
    </forms>
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>





    LOGIN PAGE:

    <%@ Page Language="VB" ContentType="text/html" ResponseEncoding="iso-8859-1"
    %>
    <%@ Register TagPrefix="MM" Namespace="DreamweaverCtrls"
    Assembly="DreamweaverCtrls,version=1.0.0.0,publicKeyToken=836f606ede05d46a,culture=neutral"
    %>
    <MM:DataSet
    id="dsLogin"
    runat="Server"
    IsStoredProcedure="false"
    ConnectionString='<%#
    System.Configuration.ConfigurationSettings.AppSettings("MM_CONNECTION_STRING_connITNoticeboardASP")
    %>'
    DatabaseType='<%#
    System.Configuration.ConfigurationSettings.AppSettings("MM_CONNECTION_DATABASETYPE_connITNoticeboardASP")
    %>'
    CommandText='<%# "SELECT EmployeeID, LastLogin, User_name, Pass_wrd FROM
    tbl_users WHERE User_name = ? AND Pass_wrd = ?" %>'
    Debug="true"
    ><Parameters>

    <Parameter Name="@User_name" Value='<%# IIf((Request.Form("tfUsername")
    <> Nothing), Request.Form("tfUsername"), "") %>' Type="WChar" />
    <Parameter Name="@Pass_wrd" Value='<%# IIf((Request.Form("tfPasswrd") <>
    Nothing), Request.Form("tfPasswrd"), "") %>' Type="WChar" />
    </Parameters></MM:DataSet>
    <MM:pageBind runat="server" PostBackBind="true" />
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <title>Login Page</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <style type="text/css">
    <!--
    ..style1 {
    font-size: 18px;
    font-weight: bold;
    }
    -->
    </style>
    </head>
    <body>
    <p align="center" class="style1">Login Page</p>
    <p>&nbsp;</p>
    <table width="300" border="0" align="center" cellpadding="0"
    cellspacing="0">
    <tr>
    <td><form runat="server">
    <table width="300" border="0" cellspacing="0" cellpadding="0">
    <tr>
    <td width="98">Username:</td>
    <td width="202"><asp:TextBox ID="tfUsername" runat="server"
    /></td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><asp:TextBox ID="tfPasswrd" runat="server" TextMode="Password"
    /></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td><asp:Button ID="Button" Text="Login" runat="server" /></td>
    </tr>
    </table>
    </form></td>
    <%
    if dsLogin.RecordCount > 0 then
    Session("sessUsername") = Request.Form("tfUsername")
    FormsAuthentication.RedirectFromLoginPage("tfUsername.value", true )
    else if ((Request.Form("tfUsername"))) <> Nothing OR
    ((Request.Form("tfPassword"))) <> Nothing
    response.Write("Login Failed. Please Try Again.")
    end if
    %>


    </tr>
    </table>
    <table width="300" border="0" align="center" cellpadding="0"
    cellspacing="0">
    <tr>
    <td><p align="center"><a href="http://www.yahoo.com"
    target="_parent">www.yahoo.com</a></p>
    <p align="center"><a href="../search_it.aspx" target="_parent">Start
    Page</a> </p></td>
    </tr>
    </table>
    <p>&nbsp; </p>
    </body>
    </html>
    Dam6, Jun 24, 2005
    #1
    1. Advertising

  2. Dam6

    Dave F. Guest

    Hi

    You should never use your login page as your entry url.
    http://localhost/Modify/Default.aspx. The forms authentication will redirect
    the user to Login.aspx. Then once the user is authenicated they will be
    returned to Default.aspx once you issue the
    "FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false)"
    request.
    Hope this helps.

    Dave

    "Dam6" <8.net> wrote in message
    news:...
    > Okay...
    > Using vb .net within DW MX2004, connecting to an access database:
    >
    > Background: I have created a simple login.aspx page that is supposed to
    > re-direct to default.aspx using FormsAuthentication.RedirectFromLoginPage.
    > The data is correct from testing the dataset etc and the page also informs
    > me that I have entered an incorrect user / password.
    >
    > Problem:
    > When I go to http://localhost/Modify/Login.aspx and enter the username and
    > password the url returns
    > http://localhost/Modify/login.aspx?ReturnUrl=/Modify/default.aspx and
    > does not take me to any other page???
    >
    > Code:
    > WEB.CONFIG:
    >
    > <system.web>
    > <customErrors mode="Off" />
    > <authentication mode = "Forms">
    > <forms name = " .SECAUTH " loginUrl="login.aspx">
    > <credentials />
    > </forms>
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    > </system.web>
    >
    >
    >
    >
    >
    > LOGIN PAGE:
    >
    > <%@ Page Language="VB" ContentType="text/html"
    > ResponseEncoding="iso-8859-1" %>
    > <%@ Register TagPrefix="MM" Namespace="DreamweaverCtrls"
    > Assembly="DreamweaverCtrls,version=1.0.0.0,publicKeyToken=836f606ede05d46a,culture=neutral"
    > %>
    > <MM:DataSet
    > id="dsLogin"
    > runat="Server"
    > IsStoredProcedure="false"
    > ConnectionString='<%#
    > System.Configuration.ConfigurationSettings.AppSettings("MM_CONNECTION_STRING_connITNoticeboardASP")
    > %>'
    > DatabaseType='<%#
    > System.Configuration.ConfigurationSettings.AppSettings("MM_CONNECTION_DATABASETYPE_connITNoticeboardASP")
    > %>'
    > CommandText='<%# "SELECT EmployeeID, LastLogin, User_name, Pass_wrd FROM
    > tbl_users WHERE User_name = ? AND Pass_wrd = ?" %>'
    > Debug="true"
    >><Parameters>

    > <Parameter Name="@User_name" Value='<%# IIf((Request.Form("tfUsername")
    > <> Nothing), Request.Form("tfUsername"), "") %>' Type="WChar" />
    > <Parameter Name="@Pass_wrd" Value='<%# IIf((Request.Form("tfPasswrd")
    > <> Nothing), Request.Form("tfPasswrd"), "") %>' Type="WChar" />
    > </Parameters></MM:DataSet>
    > <MM:pageBind runat="server" PostBackBind="true" />
    > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    > "http://www.w3.org/TR/html4/loose.dtd">
    > <html>
    > <head>
    > <title>Login Page</title>
    > <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    > <style type="text/css">
    > <!--
    > .style1 {
    > font-size: 18px;
    > font-weight: bold;
    > }
    > -->
    > </style>
    > </head>
    > <body>
    > <p align="center" class="style1">Login Page</p>
    > <p>&nbsp;</p>
    > <table width="300" border="0" align="center" cellpadding="0"
    > cellspacing="0">
    > <tr>
    > <td><form runat="server">
    > <table width="300" border="0" cellspacing="0" cellpadding="0">
    > <tr>
    > <td width="98">Username:</td>
    > <td width="202"><asp:TextBox ID="tfUsername" runat="server"
    > /></td>
    > </tr>
    > <tr>
    > <td>Password:</td>
    > <td><asp:TextBox ID="tfPasswrd" runat="server"
    > TextMode="Password" /></td>
    > </tr>
    > <tr>
    > <td>&nbsp;</td>
    > <td><asp:Button ID="Button" Text="Login" runat="server" /></td>
    > </tr>
    > </table>
    > </form></td>
    > <%
    > if dsLogin.RecordCount > 0 then
    > Session("sessUsername") = Request.Form("tfUsername")
    > FormsAuthentication.RedirectFromLoginPage("tfUsername.value", true )
    > else if ((Request.Form("tfUsername"))) <> Nothing OR
    > ((Request.Form("tfPassword"))) <> Nothing
    > response.Write("Login Failed. Please Try Again.")
    > end if
    > %>
    >
    >
    > </tr>
    > </table>
    > <table width="300" border="0" align="center" cellpadding="0"
    > cellspacing="0">
    > <tr>
    > <td><p align="center"><a href="http://www.yahoo.com"
    > target="_parent">www.yahoo.com</a></p>
    > <p align="center"><a href="../search_it.aspx" target="_parent">Start
    > Page</a> </p></td>
    > </tr>
    > </table>
    > <p>&nbsp; </p>
    > </body>
    > </html>
    >
    >
    Dave F., Jun 26, 2005
    #2
    1. Advertising

  3. Dam6

    Dam6 Guest

    I did think of that... But the default.aspx page is inside the directory
    that has been locked by the config file? Will look at what you've said
    (Which makes sense!) and try differing things...


    "Dave F." <> wrote in message
    news:%23yXF%...
    > Hi
    >
    > You should never use your login page as your entry url.
    > http://localhost/Modify/Default.aspx. The forms authentication will
    > redirect the user to Login.aspx. Then once the user is authenicated they
    > will be returned to Default.aspx once you issue the
    > "FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false)"
    > request.
    > Hope this helps.
    >
    > Dave
    >
    > "Dam6" <8.net> wrote in message
    > news:...
    >> Okay...
    >> Using vb .net within DW MX2004, connecting to an access database:
    >>
    >> Background: I have created a simple login.aspx page that is supposed to
    >> re-direct to default.aspx using
    >> FormsAuthentication.RedirectFromLoginPage. The data is correct from
    >> testing the dataset etc and the page also informs me that I have entered
    >> an incorrect user / password.
    >>
    >> Problem:
    >> When I go to http://localhost/Modify/Login.aspx and enter the username
    >> and password the url returns
    >> http://localhost/Modify/login.aspx?ReturnUrl=/Modify/default.aspx and
    >> does not take me to any other page???
    >>
    >> Code:
    >> WEB.CONFIG:
    >>
    >> <system.web>
    >> <customErrors mode="Off" />
    >> <authentication mode = "Forms">
    >> <forms name = " .SECAUTH " loginUrl="login.aspx">
    >> <credentials />
    >> </forms>
    >> </authentication>
    >> <authorization>
    >> <deny users="?" />
    >> </authorization>
    >> </system.web>
    >>
    >>
    >>
    >>
    >>
    >> LOGIN PAGE:
    >>
    >> <%@ Page Language="VB" ContentType="text/html"
    >> ResponseEncoding="iso-8859-1" %>
    >> <%@ Register TagPrefix="MM" Namespace="DreamweaverCtrls"
    >> Assembly="DreamweaverCtrls,version=1.0.0.0,publicKeyToken=836f606ede05d46a,culture=neutral"
    >> %>
    >> <MM:DataSet
    >> id="dsLogin"
    >> runat="Server"
    >> IsStoredProcedure="false"
    >> ConnectionString='<%#
    >> System.Configuration.ConfigurationSettings.AppSettings("MM_CONNECTION_STRING_connITNoticeboardASP")
    >> %>'
    >> DatabaseType='<%#
    >> System.Configuration.ConfigurationSettings.AppSettings("MM_CONNECTION_DATABASETYPE_connITNoticeboardASP")
    >> %>'
    >> CommandText='<%# "SELECT EmployeeID, LastLogin, User_name, Pass_wrd FROM
    >> tbl_users WHERE User_name = ? AND Pass_wrd = ?" %>'
    >> Debug="true"
    >>><Parameters>

    >> <Parameter Name="@User_name" Value='<%#
    >> IIf((Request.Form("tfUsername") <> Nothing), Request.Form("tfUsername"),
    >> "") %>' Type="WChar" />
    >> <Parameter Name="@Pass_wrd" Value='<%# IIf((Request.Form("tfPasswrd")
    >> <> Nothing), Request.Form("tfPasswrd"), "") %>' Type="WChar" />
    >> </Parameters></MM:DataSet>
    >> <MM:pageBind runat="server" PostBackBind="true" />
    >> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    >> "http://www.w3.org/TR/html4/loose.dtd">
    >> <html>
    >> <head>
    >> <title>Login Page</title>
    >> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    >> <style type="text/css">
    >> <!--
    >> .style1 {
    >> font-size: 18px;
    >> font-weight: bold;
    >> }
    >> -->
    >> </style>
    >> </head>
    >> <body>
    >> <p align="center" class="style1">Login Page</p>
    >> <p>&nbsp;</p>
    >> <table width="300" border="0" align="center" cellpadding="0"
    >> cellspacing="0">
    >> <tr>
    >> <td><form runat="server">
    >> <table width="300" border="0" cellspacing="0" cellpadding="0">
    >> <tr>
    >> <td width="98">Username:</td>
    >> <td width="202"><asp:TextBox ID="tfUsername" runat="server"
    >> /></td>
    >> </tr>
    >> <tr>
    >> <td>Password:</td>
    >> <td><asp:TextBox ID="tfPasswrd" runat="server"
    >> TextMode="Password" /></td>
    >> </tr>
    >> <tr>
    >> <td>&nbsp;</td>
    >> <td><asp:Button ID="Button" Text="Login" runat="server" /></td>
    >> </tr>
    >> </table>
    >> </form></td>
    >> <%
    >> if dsLogin.RecordCount > 0 then
    >> Session("sessUsername") = Request.Form("tfUsername")
    >> FormsAuthentication.RedirectFromLoginPage("tfUsername.value", true )
    >> else if ((Request.Form("tfUsername"))) <> Nothing OR
    >> ((Request.Form("tfPassword"))) <> Nothing
    >> response.Write("Login Failed. Please Try Again.")
    >> end if
    >> %>
    >>
    >>
    >> </tr>
    >> </table>
    >> <table width="300" border="0" align="center" cellpadding="0"
    >> cellspacing="0">
    >> <tr>
    >> <td><p align="center"><a href="http://www.yahoo.com"
    >> target="_parent">www.yahoo.com</a></p>
    >> <p align="center"><a href="../search_it.aspx" target="_parent">Start
    >> Page</a> </p></td>
    >> </tr>
    >> </table>
    >> <p>&nbsp; </p>
    >> </body>
    >> </html>
    >>
    >>

    >
    >
    Dam6, Jun 26, 2005
    #3
  4. Dam6

    Dam6 Guest

    Dave,

    Today I opened the default.aspx page that resides outside of the folder
    where login.aspx resides. Created a link to login.aspx and the index.aspx
    page etc.
    Clicking on either brings forth the login page. Once I enter the user/pass
    and press enter nothing happens apart from the top url changing

    http://localhost/Modify/login.aspx?ReturnUrl=/Modify/default.aspx

    still no re-direction.


    "Dave F." <> wrote in message
    news:%23yXF%...
    > Hi
    >
    > You should never use your login page as your entry url.
    > http://localhost/Modify/Default.aspx. The forms authentication will
    > redirect the user to Login.aspx. Then once the user is authenicated they
    > will be returned to Default.aspx once you issue the
    > "FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false)"
    > request.
    > Hope this helps.
    >
    > Dave
    >
    > "Dam6" <8.net> wrote in message
    > news:...
    >> Okay...
    >> Using vb .net within DW MX2004, connecting to an access database:
    >>
    >> Background: I have created a simple login.aspx page that is supposed to
    >> re-direct to default.aspx using
    >> FormsAuthentication.RedirectFromLoginPage. The data is correct from
    >> testing the dataset etc and the page also informs me that I have entered
    >> an incorrect user / password.
    >>
    >> Problem:
    >> When I go to http://localhost/Modify/Login.aspx and enter the username
    >> and password the url returns
    >> http://localhost/Modify/login.aspx?ReturnUrl=/Modify/default.aspx and
    >> does not take me to any other page???
    >>
    >> Code:
    >> WEB.CONFIG:
    >>
    >> <system.web>
    >> <customErrors mode="Off" />
    >> <authentication mode = "Forms">
    >> <forms name = " .SECAUTH " loginUrl="login.aspx">
    >> <credentials />
    >> </forms>
    >> </authentication>
    >> <authorization>
    >> <deny users="?" />
    >> </authorization>
    >> </system.web>
    >>
    >>
    >>
    >>
    >>
    >> LOGIN PAGE:
    >>
    >> <%@ Page Language="VB" ContentType="text/html"
    >> ResponseEncoding="iso-8859-1" %>
    >> <%@ Register TagPrefix="MM" Namespace="DreamweaverCtrls"
    >> Assembly="DreamweaverCtrls,version=1.0.0.0,publicKeyToken=836f606ede05d46a,culture=neutral"
    >> %>
    >> <MM:DataSet
    >> id="dsLogin"
    >> runat="Server"
    >> IsStoredProcedure="false"
    >> ConnectionString='<%#
    >> System.Configuration.ConfigurationSettings.AppSettings("MM_CONNECTION_STRING_connITNoticeboardASP")
    >> %>'
    >> DatabaseType='<%#
    >> System.Configuration.ConfigurationSettings.AppSettings("MM_CONNECTION_DATABASETYPE_connITNoticeboardASP")
    >> %>'
    >> CommandText='<%# "SELECT EmployeeID, LastLogin, User_name, Pass_wrd FROM
    >> tbl_users WHERE User_name = ? AND Pass_wrd = ?" %>'
    >> Debug="true"
    >>><Parameters>

    >> <Parameter Name="@User_name" Value='<%#
    >> IIf((Request.Form("tfUsername") <> Nothing), Request.Form("tfUsername"),
    >> "") %>' Type="WChar" />
    >> <Parameter Name="@Pass_wrd" Value='<%# IIf((Request.Form("tfPasswrd")
    >> <> Nothing), Request.Form("tfPasswrd"), "") %>' Type="WChar" />
    >> </Parameters></MM:DataSet>
    >> <MM:pageBind runat="server" PostBackBind="true" />
    >> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    >> "http://www.w3.org/TR/html4/loose.dtd">
    >> <html>
    >> <head>
    >> <title>Login Page</title>
    >> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    >> <style type="text/css">
    >> <!--
    >> .style1 {
    >> font-size: 18px;
    >> font-weight: bold;
    >> }
    >> -->
    >> </style>
    >> </head>
    >> <body>
    >> <p align="center" class="style1">Login Page</p>
    >> <p>&nbsp;</p>
    >> <table width="300" border="0" align="center" cellpadding="0"
    >> cellspacing="0">
    >> <tr>
    >> <td><form runat="server">
    >> <table width="300" border="0" cellspacing="0" cellpadding="0">
    >> <tr>
    >> <td width="98">Username:</td>
    >> <td width="202"><asp:TextBox ID="tfUsername" runat="server"
    >> /></td>
    >> </tr>
    >> <tr>
    >> <td>Password:</td>
    >> <td><asp:TextBox ID="tfPasswrd" runat="server"
    >> TextMode="Password" /></td>
    >> </tr>
    >> <tr>
    >> <td>&nbsp;</td>
    >> <td><asp:Button ID="Button" Text="Login" runat="server" /></td>
    >> </tr>
    >> </table>
    >> </form></td>
    >> <%
    >> if dsLogin.RecordCount > 0 then
    >> Session("sessUsername") = Request.Form("tfUsername")
    >> FormsAuthentication.RedirectFromLoginPage("tfUsername.value", true )
    >> else if ((Request.Form("tfUsername"))) <> Nothing OR
    >> ((Request.Form("tfPassword"))) <> Nothing
    >> response.Write("Login Failed. Please Try Again.")
    >> end if
    >> %>
    >>
    >>
    >> </tr>
    >> </table>
    >> <table width="300" border="0" align="center" cellpadding="0"
    >> cellspacing="0">
    >> <tr>
    >> <td><p align="center"><a href="http://www.yahoo.com"
    >> target="_parent">www.yahoo.com</a></p>
    >> <p align="center"><a href="../search_it.aspx" target="_parent">Start
    >> Page</a> </p></td>
    >> </tr>
    >> </table>
    >> <p>&nbsp; </p>
    >> </body>
    >> </html>
    >>
    >>

    >
    >
    Dam6, Jun 27, 2005
    #4
  5. Dam6

    Dam6 Guest

    Found what was wrong from the books appended mistakes page while looking on
    the web:

    forms name = " SECAUTH " loginUrl="login.aspx">
    not
    forms name = " .SECAUTH " loginUrl="login.aspx">

    take out the full stop and it all works.
    Dam6, Jun 30, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hermit Dave

    Forms Login Page Not Login Out

    Hermit Dave, Jan 12, 2004, in forum: ASP .Net
    Replies:
    5
    Views:
    454
    Hermit Dave
    Jan 13, 2004
  2. Sasquatch
    Replies:
    2
    Views:
    1,280
    Sasquatch
    Oct 3, 2006
  3. Shannon

    login page stays on login page

    Shannon, Jan 9, 2008, in forum: ASP .Net
    Replies:
    2
    Views:
    519
    Shannon
    Jan 9, 2008
  4. Pascal Blanchard
    Replies:
    0
    Views:
    235
    Pascal Blanchard
    Aug 17, 2004
  5. Pascal Blanchard
    Replies:
    1
    Views:
    270
    Pascal Blanchard
    Aug 18, 2004
Loading...

Share This Page