forms authentication



I'm using role based forms authetication with user-info in a database.
I used this with a SQL database (sql 2000 server) and it worked 100%.

Now, I want to use the same code, but with a database in MS Access Xp.

If I insert a wrong login or pass on the login page, the error message
But when I insert the right login and pass, I'm not redirected to the index
page, it just reloads the login-page.

It works partially, because when I set ALLOW USERS="?" (so, everyone) in the
config.web, I can login, ofcourse, but I can see I am logged in as
And the cookie is written.

Hope someone can help me out of this.

Here is my login-page code:
(I just replaced all "Sql" with "Ole" as it is an Access Dbase)

######### code start #########

Sub btnLogin_Click(sender as Object, e as EventArgs)

'Initialize FormsAuthentication, for what it's worth

'Create our connection and command objects
Dim Conn as OleDbConnection
Dim Cmd as OleDBCommand
Dim Reader as OleDbDataReader
Dim ConnString as String

'Create connection with connectionstring and open the connection
ConnString = ConfigurationSettings.AppSettings("ConnectionString")
Conn = new OleDbConnection(ConnString)

' Create SqlCommand to select pwd field from the users table
given a supplied userName.
Cmd = New OleDbCommand("Select userrole from tbl_users where
[email protected] AND [email protected]", Conn)

'Fill our parameters
cmd.Parameters.Add("@username", OleDbType.VarWChar, 64)
cmd.Parameters.Add("@password", OleDbType.VarWChar, 128)

cmd.Parameters("@userName").Value = username.text
cmd.Parameters("@password").Value =
FormsAuthentication.HashPasswordForStoringInConfigFile( Password.text,
"md5") ' Or "sha1"

'Execute the command
reader = Cmd.ExecuteReader()
if (reader.Read()) then

'Create a new ticket used for authentication
Dim ticket As FormsAuthenticationTicket
ticket = new FormsAuthenticationTicket( 1, Username.text,
DateTime.Now, DateTime.Now.AddMinutes(500), true, reader.GetString(0),
'( Ticket version, Username associated with ticket,
Date/time issued, "true" for a persistent user cookie, User-data, in this
case the roles, Path cookie valid for )

' Encrypt the cookie using the machine key for secure
Dim hash as String
Dim cookie as HttpCookie

hash = FormsAuthentication.Encrypt(ticket)
cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
'( Name of auth cookie, Hashed ticket)

' Set the cookie's expiration time to the tickets expiration
if (ticket.IsPersistent) then cookie.Expires =

' Add the cookie to the list for outgoing response

' Redirect to requested URL, or homepage if no previous page
' requested
Dim returnUrl as String
ErrorLabel.Visible = true
returnUrl = Request.form("ReturnUrl")
if (returnUrl Is Nothing) then
ErrorLabel.Visible = true
returnUrl = "/admin/index.aspx" 'or "menu.aspx" for ex.

' Don't call FormsAuthentication.RedirectFromLoginPage
since it
' could
' replace the authentication ticket (cookie) we just

End if
Response.Redirect(returnUrl, false)

' Never tell the user if just the username or password is
' That just gives them a place to start, once they've found
one or
' the other is correct!
ErrorLabel.text = "Username / password incorrect. Please try
ErrorLabel.Visible = true

End if


End Sub

######## end of code ##############


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question