A
Alan Dean
Hi,
I am using FormsAuthentication in VS.NET 2003, but for some reason the
authentication code does not seem to be behaving as expected.
The behaviour looks like it is not redirecting from the login page, however
I suspect that the problem is that the page is redirecting but the
FormsAuthentication framework is bouncing the page straight back.
I have built a cut-down version of my full implementation and still see the
same behaviour. The cut-down version is:
Web.Config:
------------
....
<authentication mode="Forms">
<forms name=".Auth" path="/" loginUrl="Login.aspx" protection="All"
timeout="20" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
....
Login.aspx.cs
-----------
....
private void Button1_Click(object sender, System.EventArgs e)
{
WriteTicket("user name", Authenticate("user name", "password") );
}
public static string Authenticate(string EmailAddress, string Password)
{
return AuthenticationTicket(EmailAddress, Password);
}
private static string AuthenticationTicket(string EmailAddress, string
Password)
{
// we'll say that all logins are valid...
return EncryptedTicket(EmailAddress, "Guest" );
}
private static string EncryptedTicket(string emailAddress, string roles)
{
FormsAuthenticationTicket _ticket = new FormsAuthenticationTicket(1,
emailAddress, DateTime.Now, DateTime.Now.AddMinutes(20), false, roles);
return FormsAuthentication.Encrypt(_ticket);
}
protected virtual void WriteTicket(string userName, string ticket)
{
// create a new cookie and add the authentication ticket:
HttpCookie _cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
ticket);
// add this to the outgoing cookie collection:
Response.Cookies.Add(_cookie);
// redirect to the originally requested page:
Response.Redirect( FormsAuthentication.GetRedirectUrl(userName, true),
false );
}
....
I have tried to use the following instead of
FormsAuthentication.GetRedirectUrl(...):
FormsAuthentication.RedirectFromLoginPage(userName, true, "/");
Stepping through the code shows the ticket being created, encrypted and
written to the cookie collection with no problems. I have cookies enabled on
my browser.
As an observation, I have run the MBSA on my machine and I have run IIS
LockDown. Has this disabled something required by the FormsAuthentication?
Hoping someone can help,
Alan Dean
I am using FormsAuthentication in VS.NET 2003, but for some reason the
authentication code does not seem to be behaving as expected.
The behaviour looks like it is not redirecting from the login page, however
I suspect that the problem is that the page is redirecting but the
FormsAuthentication framework is bouncing the page straight back.
I have built a cut-down version of my full implementation and still see the
same behaviour. The cut-down version is:
Web.Config:
------------
....
<authentication mode="Forms">
<forms name=".Auth" path="/" loginUrl="Login.aspx" protection="All"
timeout="20" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
....
Login.aspx.cs
-----------
....
private void Button1_Click(object sender, System.EventArgs e)
{
WriteTicket("user name", Authenticate("user name", "password") );
}
public static string Authenticate(string EmailAddress, string Password)
{
return AuthenticationTicket(EmailAddress, Password);
}
private static string AuthenticationTicket(string EmailAddress, string
Password)
{
// we'll say that all logins are valid...
return EncryptedTicket(EmailAddress, "Guest" );
}
private static string EncryptedTicket(string emailAddress, string roles)
{
FormsAuthenticationTicket _ticket = new FormsAuthenticationTicket(1,
emailAddress, DateTime.Now, DateTime.Now.AddMinutes(20), false, roles);
return FormsAuthentication.Encrypt(_ticket);
}
protected virtual void WriteTicket(string userName, string ticket)
{
// create a new cookie and add the authentication ticket:
HttpCookie _cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
ticket);
// add this to the outgoing cookie collection:
Response.Cookies.Add(_cookie);
// redirect to the originally requested page:
Response.Redirect( FormsAuthentication.GetRedirectUrl(userName, true),
false );
}
....
I have tried to use the following instead of
FormsAuthentication.GetRedirectUrl(...):
FormsAuthentication.RedirectFromLoginPage(userName, true, "/");
Stepping through the code shows the ticket being created, encrypted and
written to the cookie collection with no problems. I have cookies enabled on
my browser.
As an observation, I have run the MBSA on my machine and I have run IIS
LockDown. Has this disabled something required by the FormsAuthentication?
Hoping someone can help,
Alan Dean