Forms Authentication

  • Thread starter Leonard Rutkowski
  • Start date

L

Leonard Rutkowski

Hello all,
I am trying to use Forms authentication. I have got it to work
successfully, when the login page, and the redirect page are in the same
virtual directory, however, I want to put the login page into a separate
directory. When the user logs in, they will be directed to an application,
that may be different for each user, and these applications will be in
separate virtual directories. When I try to login, the login page returns.
This seems to indicate that the authorization is not being passed on to the
application.

Here is my code:
Dim AppLogin As New AppLogin
If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
txtUsername.Text, txtPassword.Text) Then
'FormsAuthentication.RedirectFromLoginPage("lrutkowski", False)
'FormsAuthentication.SetAuthCookie("lrutkowski", False)
Dim authTicket As New FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False, "test")
'Dim authTicket As New FormsAuthenticationTicket(1,
"lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False, "test")
Dim encryptedTicket As String =
FormsAuthentication.Encrypt(authTicket)
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect("/CustomerService/default.aspx")
Else
lblErrorMsg.Text = "Login is invalid"
End If

and here is my web.config:

<authentication mode="Forms">
<forms name=".gfdASPXAUTH"
path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
protection="All" timeout="30"
requireSSL="false">
</forms>
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<!-- <allow users="*" /> --> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>


Thanks, Leonard
 
Ad

Advertisements

L

Leonard Rutkowski

Hi Hernan,
I read this article, and didn't really understand it. I will take another
look at it.

Thanks,
Leonard

Hernan de Lahitte said:
If you want to redirect your users to different virtual directories though
different applications, you have a SSO (Single Sign On) scenario with Forms
Authentication therefore I suggest you this post:

http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

Regards.

Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

Leonard Rutkowski said:
Hello all,
I am trying to use Forms authentication. I have got it to work
successfully, when the login page, and the redirect page are in the same
virtual directory, however, I want to put the login page into a separate
directory. When the user logs in, they will be directed to an
application,
that may be different for each user, and these applications will be in
separate virtual directories. When I try to login, the login page
returns.
This seems to indicate that the authorization is not being passed on to
the
application.

Here is my code:
Dim AppLogin As New AppLogin
If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
txtUsername.Text, txtPassword.Text) Then
'FormsAuthentication.RedirectFromLoginPage("lrutkowski", False)
'FormsAuthentication.SetAuthCookie("lrutkowski", False)
Dim authTicket As New FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
"test")
'Dim authTicket As New FormsAuthenticationTicket(1,
"lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False, "test")
Dim encryptedTicket As String =
FormsAuthentication.Encrypt(authTicket)
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect("/CustomerService/default.aspx")
Else
lblErrorMsg.Text = "Login is invalid"
End If

and here is my web.config:

<authentication mode="Forms">
<forms name=".gfdASPXAUTH"
path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
protection="All" timeout="30"
requireSSL="false">
</forms>
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<!-- <allow users="*" /> --> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>


Thanks, Leonard
 
H

Hernan de Lahitte

Feel free to ask me whatever thing you don't understand in that article or
if you wish to give me your feedback about what you find confusing, I'll
appreciate a great.


--
Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

Leonard Rutkowski said:
Hi Hernan,
I read this article, and didn't really understand it. I will take another
look at it.

Thanks,
Leonard

Hernan de Lahitte said:
If you want to redirect your users to different virtual directories
though
different applications, you have a SSO (Single Sign On) scenario with
Forms
Authentication therefore I suggest you this post:

http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

Regards.

Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

Leonard Rutkowski said:
Hello all,
I am trying to use Forms authentication. I have got it to work
successfully, when the login page, and the redirect page are in the
same
virtual directory, however, I want to put the login page into a
separate
directory. When the user logs in, they will be directed to an
application,
that may be different for each user, and these applications will be in
separate virtual directories. When I try to login, the login page
returns.
This seems to indicate that the authorization is not being passed on to
the
application.

Here is my code:
Dim AppLogin As New AppLogin
If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
txtUsername.Text, txtPassword.Text) Then
'FormsAuthentication.RedirectFromLoginPage("lrutkowski",
False)
'FormsAuthentication.SetAuthCookie("lrutkowski", False)
Dim authTicket As New FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
"test")
'Dim authTicket As New FormsAuthenticationTicket(1,
"lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False, "test")
Dim encryptedTicket As String =
FormsAuthentication.Encrypt(authTicket)
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect("/CustomerService/default.aspx")
Else
lblErrorMsg.Text = "Login is invalid"
End If

and here is my web.config:

<authentication mode="Forms">
<forms name=".gfdASPXAUTH"
path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
protection="All" timeout="30"
requireSSL="false">
</forms>
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the
application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<!-- <allow users="*" /> --> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>


Thanks, Leonard
 
L

Leonard Rutkowski

Hi Hernan,
I attempted to do what the article described, and I get 401 errors. I am
doing this on my pc, for now, so I tried removing the IsolateApps, in my
machine.config. I don't want to do ssl yet, so I changed the requireSSL to
false.

Hernan de Lahitte said:
Feel free to ask me whatever thing you don't understand in that article or
if you wish to give me your feedback about what you find confusing, I'll
appreciate a great.


--
Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

Leonard Rutkowski said:
Hi Hernan,
I read this article, and didn't really understand it. I will take another
look at it.

Thanks,
Leonard

Hernan de Lahitte said:
If you want to redirect your users to different virtual directories
though
different applications, you have a SSO (Single Sign On) scenario with
Forms
Authentication therefore I suggest you this post:

http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

Regards.

Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

message Hello all,
I am trying to use Forms authentication. I have got it to work
successfully, when the login page, and the redirect page are in the
same
virtual directory, however, I want to put the login page into a
separate
directory. When the user logs in, they will be directed to an
application,
that may be different for each user, and these applications will be in
separate virtual directories. When I try to login, the login page
returns.
This seems to indicate that the authorization is not being passed on to
the
application.

Here is my code:
Dim AppLogin As New AppLogin
If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
txtUsername.Text, txtPassword.Text) Then
'FormsAuthentication.RedirectFromLoginPage("lrutkowski",
False)
'FormsAuthentication.SetAuthCookie("lrutkowski", False)
Dim authTicket As New FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
"test")
'Dim authTicket As New FormsAuthenticationTicket(1,
"lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False, "test")
Dim encryptedTicket As String =
FormsAuthentication.Encrypt(authTicket)
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect("/CustomerService/default.aspx")
Else
lblErrorMsg.Text = "Login is invalid"
End If

and here is my web.config:

<authentication mode="Forms">
<forms name=".gfdASPXAUTH"
path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
protection="All" timeout="30"
requireSSL="false">
</forms>
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the
application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<!-- <allow users="*" /> --> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>


Thanks, Leonard
 
H

Hernan de Lahitte

That is an IIS error (Unauthorized -- xxx) and it may be ralated to the
authentication mode (check it out if you have annonymous enabled and may be
NTLM if you wish for debugging).

You may also verify all your web.config files on each application and the
froms section that complies with the article sample
If you wish to give me any further detail about your environment (virtual
folder hierarchy, web.config files to check, etc.) go ahead with that.

Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

Leonard Rutkowski said:
Hi Hernan,
I attempted to do what the article described, and I get 401 errors. I am
doing this on my pc, for now, so I tried removing the IsolateApps, in my
machine.config. I don't want to do ssl yet, so I changed the requireSSL
to
false.

Hernan de Lahitte said:
Feel free to ask me whatever thing you don't understand in that article
or
if you wish to give me your feedback about what you find confusing, I'll
appreciate a great.


--
Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

Leonard Rutkowski said:
Hi Hernan,
I read this article, and didn't really understand it. I will take
another
look at it.

Thanks,
Leonard

:

If you want to redirect your users to different virtual directories
though
different applications, you have a SSO (Single Sign On) scenario with
Forms
Authentication therefore I suggest you this post:

http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

Regards.

Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

in
message Hello all,
I am trying to use Forms authentication. I have got it to work
successfully, when the login page, and the redirect page are in the
same
virtual directory, however, I want to put the login page into a
separate
directory. When the user logs in, they will be directed to an
application,
that may be different for each user, and these applications will be
in
separate virtual directories. When I try to login, the login page
returns.
This seems to indicate that the authorization is not being passed on
to
the
application.

Here is my code:
Dim AppLogin As New AppLogin
If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
txtUsername.Text, txtPassword.Text) Then
'FormsAuthentication.RedirectFromLoginPage("lrutkowski",
False)
'FormsAuthentication.SetAuthCookie("lrutkowski", False)
Dim authTicket As New FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
"test")
'Dim authTicket As New FormsAuthenticationTicket(1,
"lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False,
"test")
Dim encryptedTicket As String =
FormsAuthentication.Encrypt(authTicket)
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect("/CustomerService/default.aspx")
Else
lblErrorMsg.Text = "Login is invalid"
End If

and here is my web.config:

<authentication mode="Forms">
<forms name=".gfdASPXAUTH"
path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
protection="All" timeout="30"
requireSSL="false">
</forms>
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the
application.
You can allow or deny access
to application resources by user or role. Wildcards: "*"
mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<!-- <allow users="*" /> --> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of
roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of
roles]"/>
-->
</authorization>


Thanks, Leonard
 
Ad

Advertisements

L

Leonard Rutkowski

Hi Hernan,
My problem now, if I type the URL for my application, it takes me to that
page, even if I have 'logged out', instead of the login page. How do I
prevent this? I'm not sure how I need to set my IIS. I'm using 5.0 on my
local machine, but I will be using 6.0 when I go to production.

Hernan de Lahitte said:
That is an IIS error (Unauthorized -- xxx) and it may be ralated to the
authentication mode (check it out if you have annonymous enabled and may be
NTLM if you wish for debugging).

You may also verify all your web.config files on each application and the
froms section that complies with the article sample
If you wish to give me any further detail about your environment (virtual
folder hierarchy, web.config files to check, etc.) go ahead with that.

Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

Leonard Rutkowski said:
Hi Hernan,
I attempted to do what the article described, and I get 401 errors. I am
doing this on my pc, for now, so I tried removing the IsolateApps, in my
machine.config. I don't want to do ssl yet, so I changed the requireSSL
to
false.

Hernan de Lahitte said:
Feel free to ask me whatever thing you don't understand in that article
or
if you wish to give me your feedback about what you find confusing, I'll
appreciate a great.


--
Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

message Hi Hernan,
I read this article, and didn't really understand it. I will take
another
look at it.

Thanks,
Leonard

:

If you want to redirect your users to different virtual directories
though
different applications, you have a SSO (Single Sign On) scenario with
Forms
Authentication therefore I suggest you this post:

http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

Regards.

Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

in
message Hello all,
I am trying to use Forms authentication. I have got it to work
successfully, when the login page, and the redirect page are in the
same
virtual directory, however, I want to put the login page into a
separate
directory. When the user logs in, they will be directed to an
application,
that may be different for each user, and these applications will be
in
separate virtual directories. When I try to login, the login page
returns.
This seems to indicate that the authorization is not being passed on
to
the
application.

Here is my code:
Dim AppLogin As New AppLogin
If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
txtUsername.Text, txtPassword.Text) Then
'FormsAuthentication.RedirectFromLoginPage("lrutkowski",
False)
'FormsAuthentication.SetAuthCookie("lrutkowski", False)
Dim authTicket As New FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
"test")
'Dim authTicket As New FormsAuthenticationTicket(1,
"lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False,
"test")
Dim encryptedTicket As String =
FormsAuthentication.Encrypt(authTicket)
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect("/CustomerService/default.aspx")
Else
lblErrorMsg.Text = "Login is invalid"
End If

and here is my web.config:

<authentication mode="Forms">
<forms name=".gfdASPXAUTH"
path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
protection="All" timeout="30"
requireSSL="false">
</forms>
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the
application.
You can allow or deny access
to application resources by user or role. Wildcards: "*"
mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<!-- <allow users="*" /> --> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of
roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of
roles]"/>
-->
</authorization>


Thanks, Leonard
 
L

Leonard Rutkowski

Hi Hernan,
As additional information, if I have Integrated Windows authentication and
Anonymous turned on, for my application, then my login button takes me back
to the login page, If I have integrated windows authentication turned off,
then it does not. In either case, I am still 'logged in', and can type the
application url and it will take me into the application. I guess my logout
is not working.

Sub btnLogoff_Click(ByVal sender As Object, ByVal e As EventArgs)
Handles btnLogoff.Click
FormsAuthentication.SignOut()
Response.Redirect("/PortalLogin/PortalLogin.aspx", True)
End Sub


Hernan de Lahitte said:
That is an IIS error (Unauthorized -- xxx) and it may be ralated to the
authentication mode (check it out if you have annonymous enabled and may be
NTLM if you wish for debugging).

You may also verify all your web.config files on each application and the
froms section that complies with the article sample
If you wish to give me any further detail about your environment (virtual
folder hierarchy, web.config files to check, etc.) go ahead with that.

Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

Leonard Rutkowski said:
Hi Hernan,
I attempted to do what the article described, and I get 401 errors. I am
doing this on my pc, for now, so I tried removing the IsolateApps, in my
machine.config. I don't want to do ssl yet, so I changed the requireSSL
to
false.

Hernan de Lahitte said:
Feel free to ask me whatever thing you don't understand in that article
or
if you wish to give me your feedback about what you find confusing, I'll
appreciate a great.


--
Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

message Hi Hernan,
I read this article, and didn't really understand it. I will take
another
look at it.

Thanks,
Leonard

:

If you want to redirect your users to different virtual directories
though
different applications, you have a SSO (Single Sign On) scenario with
Forms
Authentication therefore I suggest you this post:

http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

Regards.

Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

in
message Hello all,
I am trying to use Forms authentication. I have got it to work
successfully, when the login page, and the redirect page are in the
same
virtual directory, however, I want to put the login page into a
separate
directory. When the user logs in, they will be directed to an
application,
that may be different for each user, and these applications will be
in
separate virtual directories. When I try to login, the login page
returns.
This seems to indicate that the authorization is not being passed on
to
the
application.

Here is my code:
Dim AppLogin As New AppLogin
If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
txtUsername.Text, txtPassword.Text) Then
'FormsAuthentication.RedirectFromLoginPage("lrutkowski",
False)
'FormsAuthentication.SetAuthCookie("lrutkowski", False)
Dim authTicket As New FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
"test")
'Dim authTicket As New FormsAuthenticationTicket(1,
"lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False,
"test")
Dim encryptedTicket As String =
FormsAuthentication.Encrypt(authTicket)
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect("/CustomerService/default.aspx")
Else
lblErrorMsg.Text = "Login is invalid"
End If

and here is my web.config:

<authentication mode="Forms">
<forms name=".gfdASPXAUTH"
path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
protection="All" timeout="30"
requireSSL="false">
</forms>
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the
application.
You can allow or deny access
to application resources by user or role. Wildcards: "*"
mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<!-- <allow users="*" /> --> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of
roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of
roles]"/>
-->
</authorization>


Thanks, Leonard
 
Ad

Advertisements

H

Hernan de Lahitte

It seems that your Forms auth settings in your application's web.config is
not working as expected.
First of all, the IIS security setting is just for debugging purposes when
using Forms auth in ASP.NET (annon+NTLM checked for debugging in VS, and
annon only checked for your production environment).
Recall that each one of your applications should have its OWN Forms auth
setting in its OWN web.config file and the authorization section configured
to protect the folders of the Forms auth scope.
BTW, don't forget to configure your machineKey setting (per app or per
machine) without the IsolateApps attribute, just leave the AutoGenerate
value if all your apps are on the same box.

If the scope is for ALL the application, this should be your setting:

<authorization>
<deny users="?" />
</authorization>

If you want to protect just one folder of your app, follow this sample (this
should be the scenario for public and secured zones (SSL usage suggested)
in one app):

(This should go outside of your <system.web>

<location path="YourProtectedFolder" >
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

--
Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

Leonard Rutkowski said:
Hi Hernan,
As additional information, if I have Integrated Windows authentication and
Anonymous turned on, for my application, then my login button takes me
back
to the login page, If I have integrated windows authentication turned
off,
then it does not. In either case, I am still 'logged in', and can type
the
application url and it will take me into the application. I guess my
logout
is not working.

Sub btnLogoff_Click(ByVal sender As Object, ByVal e As EventArgs)
Handles btnLogoff.Click
FormsAuthentication.SignOut()
Response.Redirect("/PortalLogin/PortalLogin.aspx", True)
End Sub


Hernan de Lahitte said:
That is an IIS error (Unauthorized -- xxx) and it may be ralated to the
authentication mode (check it out if you have annonymous enabled and may
be
NTLM if you wish for debugging).

You may also verify all your web.config files on each application and the
froms section that complies with the article sample
If you wish to give me any further detail about your environment (virtual
folder hierarchy, web.config files to check, etc.) go ahead with that.

Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

Leonard Rutkowski said:
Hi Hernan,
I attempted to do what the article described, and I get 401 errors. I
am
doing this on my pc, for now, so I tried removing the IsolateApps, in
my
machine.config. I don't want to do ssl yet, so I changed the
requireSSL
to
false.

:

Feel free to ask me whatever thing you don't understand in that
article
or
if you wish to give me your feedback about what you find confusing,
I'll
appreciate a great.


--
Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

in
message Hi Hernan,
I read this article, and didn't really understand it. I will take
another
look at it.

Thanks,
Leonard

:

If you want to redirect your users to different virtual directories
though
different applications, you have a SSO (Single Sign On) scenario
with
Forms
Authentication therefore I suggest you this post:

http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

Regards.

Hernan de Lahitte
http://weblogs.asp.net/hernandl
http://www.lagash.com/english/index.html

"Leonard Rutkowski" <[email protected]>
wrote
in
message Hello all,
I am trying to use Forms authentication. I have got it to work
successfully, when the login page, and the redirect page are in
the
same
virtual directory, however, I want to put the login page into a
separate
directory. When the user logs in, they will be directed to an
application,
that may be different for each user, and these applications will
be
in
separate virtual directories. When I try to login, the login
page
returns.
This seems to indicate that the authorization is not being passed
on
to
the
application.

Here is my code:
Dim AppLogin As New AppLogin
If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
txtUsername.Text, txtPassword.Text) Then

'FormsAuthentication.RedirectFromLoginPage("lrutkowski",
False)
'FormsAuthentication.SetAuthCookie("lrutkowski",
False)
Dim authTicket As New FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60),
False,
"test")
'Dim authTicket As New FormsAuthenticationTicket(1,
"lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False,
"test")
Dim encryptedTicket As String =
FormsAuthentication.Encrypt(authTicket)
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect("/CustomerService/default.aspx")
Else
lblErrorMsg.Text = "Login is invalid"
End If

and here is my web.config:

<authentication mode="Forms">
<forms name=".gfdASPXAUTH"
path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
protection="All" timeout="30"
requireSSL="false">
</forms>
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the
application.
You can allow or deny access
to application resources by user or role. Wildcards: "*"
mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<!-- <allow users="*" /> --> <!-- Allow all users -->
<!-- <allow users="[comma separated list of
users]"
roles="[comma separated list of
roles]"/>
<deny users="[comma separated list of
users]"
roles="[comma separated list of
roles]"/>
-->
</authorization>


Thanks, Leonard
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top