| Author |
Topic |
|
jhermiz
3564 Posts |
 Posted - 2004-09-20 : 11:34:03
|
Using forms authentication...simple login form...after user authenticates him / her self I want to take the user to another page...But I noticed in ASP.net when one authenticates him / her self the login page just gets posted back when using:FormsAuthentication.RedirectFromLoginPage(UserName, chkPersistant)So what do I need to do here?The app currently posts back to itself...I read something that said"We are calling the FormsAuthentications.RedirectFromLoginPage method, which takes care of granting ther authentication cookie to the client and then redirecting the client to the page she originally requested..."Umm OK...but my app just posts back to the login.aspx page.For instance, lets say a user tries to access a page without being authenticated, I use the loginURL attribute to set the login page for unauthenticated users in my web.config file. This works fine by redirecting the end user to that page. But once the user DOES authenticate themselves it simply reposts that login.aspx page, it does not take them to the page they were trying to go to.I have 2 web.config files. One sits on the root directory because this allows ANY user to access login.aspx, and registration.aspx.Inside of this web.config file: <authentication mode="Forms"> <forms name=".IMSCookie" loginUrl = "/login.aspx" protection = "All" path="/" /> </authentication> Notice there is no authorization attribute...In a path within the root called /sites I have another web.config file. This web config file has <authorization> <deny users="?" /> </authorization> This means ONLY authenticated users can access these pages...So my problem still exists....When I go to the page /sites/default.aspx as an unauthenticated user it does what I expect, it goes directly to the login.aspx page. Which gives me the following link:http://ims.jakah.com/login.aspx?ReturnUrl=%2fsites%2fdefault.aspx(intranet mind u)Ok so at the login page I simply enter my user name and password and click the login button. It authenticates but it just posts back to login.aspx it goes no where else. I have read and seen numerous examples all using the same type of code I have. Here is the code for login.aspx:<script runat="server"> Sub Page_Load End Sub Sub Button_Click( s As Object, e As EventArgs ) lblMessage.Text = "" If IsValid Then If DBAuthenticate( txtUsername.Text, txtPassword.Text ) > 0 Then FormsAuthentication.RedirectFromLoginPage( txtUsername.Text, chkRemember.Checked ) End If End If End Sub Function DBAuthenticate( strUsername As String, strPassword As String ) As Integer Dim conMyData As SqlConnection Dim cmdSelect As SqlCommand Dim parmReturnValue As SqlParameter Dim intResult As Integer 'try and make a connection Try conMyData = New SqlConnection( ConfigurationSettings.AppSettings("strConn") ) cmdSelect = New SqlCommand( "DBAuthenticate", conMyData ) cmdSelect.CommandType = CommandType.StoredProcedure parmReturnValue = cmdSelect.Parameters.Add( "RETURN_VALUE", SqlDbType.Int ) parmReturnValue.Direction = ParameterDirection.ReturnValue cmdSelect.Parameters.Add( "@username", strUsername ) cmdSelect.Parameters.Add( "@password", strPassword ) conMyData.Open() cmdSelect.ExecuteNonQuery() intResult = cmdSelect.Parameters( "RETURN_VALUE" ).Value 'catch any exceptions that might be thrown Catch e as Exception Response.Write("An Error Occurred: " & e.toString()) 'clean up and close resources Finally conMyData.Close() End Try If intResult < 0 Then If intResult = -1 Then lblMessage.Text = "Username Not Registered!" Else lblMessage.Text = "Invalid Password!" End If End If Return intResult End Function</script>Can anyone please take a look at my problem and help me out. I've exhausted myself in this small / minor situation.Thanks so much.Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2004-09-20 : 11:51:16
|
| Do you have Default.aspx setup as the "default" page for your site?In VS.Net, right click the Default.aspx page and select "Set as start page" and that should fix it methinks.Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
 |
|
|
jhermiz
3564 Posts |
Posted - 2004-09-20 : 11:53:42
|
quote:
Originally posted by MichaelP
Do you have Default.aspx setup as the "default" page for your site?In VS.Net, right click the Default.aspx page and select "Set as start page" and that should fix it methinks.Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda>
Hmm that doesnt seem to make much sense :(. What if I was not using vs.net...ALl Im trying to do is get out of the login page after I am authenticated. Why does it post back to the login page ?Errr.........so many books show this example and I am doing exactly what they are doing and using the FormsAuthentication.RedirectFromLoginPage and all I get back is the post back of the login page.???Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2004-09-20 : 11:54:32
|
Actually, I think I know what the problem is. I think you need to put everything in one directory and have only 1 web.config.You'll need to do this in your web.config <authorization> <deny users="?"/> </authorization></system.web> <!-- Allow all users to see Login.aspx --> <location path="Login.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> HTH!Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
jhermiz
3564 Posts |
Posted - 2004-09-20 : 12:00:00
|
| Hmm...IM confused now...Should I place all .aspx files of my application in the root '/' directory? But I dont want any user to go to some of the pages if they are no authenticated ????Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2004-09-20 : 12:04:26
|
| What you need to do is put all of the ASPX files in one directory (probably root).The code I posted above basically says "Deny all non-authenticated users all pages, EXCEPT for the login page. The login page can be seen by non-authenticated users."I ran into problems in the past with forms authentication and subdirectories. Basically, once you get into a sub directory, you've "lost" your authentication, so you are getting kicked back to the login page again. I have made it work by having the "secured" pages in root, and unsecured login pages in a subdir from root.Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
jhermiz
3564 Posts |
Posted - 2004-09-20 : 12:25:39
|
| You're on to something because I know it wasnt a code problem.Can you have <authorization> <deny users="?"/> </authorization></system.web> <!-- Allow all users to see Login.aspx --> <location path="Login.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location>system.web more than once in the web.config file ?hmm...Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2004-09-20 : 12:28:12
|
| What I posted was a cut and paste from a known working web.config file.The </system.web> after the authorization was to show you that the next part went OUTSIDE of the system.web node.Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
jhermiz
3564 Posts |
Posted - 2004-09-20 : 12:31:02
|
quote:
Originally posted by MichaelP
What I posted was a cut and paste from a known working web.config file.The </system.web> after the authorization was to show you that the next part went OUTSIDE of the system.web node.Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda>
Hi Mike,Ok so this goes outside of system.web in its own system.web.But I need three files here login.aspx, forgotpwd.aspx and registr.aspx to be allowed to non authenticated users.How would I do that for all three ??If possible maybe you can post for at least 2 ?Thanks o much , you dont know how much this means :)Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
jhermiz
3564 Posts |
Posted - 2004-09-20 : 12:39:37
|
While I wait for your response mike, I tried it with just the login file...Here is my web.config:<?xml version="1.0" encoding="utf-8" ?><configuration> <!-- Custom Settings tailored for the IMS application strConn = The Connection string --> <appSettings> <add key="strConn" value="User ID=IMS;Password=ibm123;Initial Catalog=IMS;Data Source=HERCULES;" /> </appSettings> <system.web> <!-- DYNAMIC DEBUG COMPILATION Set compilation debug="true" to insert debugging symbols (.pdb information) into the compiled page. Because this creates a larger file that executes more slowly, you should set this value to true only when debugging and to false at all other times. For more information, refer to the documentation about debugging ASP.NET files. --> <compilation defaultLanguage="vb" debug="true" /> <!-- CUSTOM ERROR MESSAGES Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. Add <error> tags for each of the errors you want to handle. "On" Always display custom (friendly) messages. "Off" Always display detailed ASP.NET error information. "RemoteOnly" Display custom (friendly) messages only to users not running on the local Web server. This setting is recommended for security purposes, so that you do not display application detail information to remote clients. --> <customErrors mode="Off" /> <!-- AUTHENTICATION This section sets the authentication policies of the application. Possible modes are "Windows", "Forms", "Passport" and "None" "None" No authentication is performed. "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to its settings for the application. Anonymous access must be disabled in IIS. "Forms" You provide a custom form (Web page) for users to enter their credentials, and then you authenticate them in your application. A user credential token is stored in a cookie. "Passport" Authentication is performed via a centralized authentication service provided by Microsoft that offers a single logon and core profile services for member sites. --> <!-- We use Forms authentication to deny anonymous users only authenticated users allowed to use the application. If the user is not authenticated he / she is directed to the 'login.aspx' page by using the loginUrl property of the forms tag. --> <authentication mode="Forms"> <forms name=".IMSCookie" loginUrl = "login.aspx" protection = "All" path="/" /> </authentication> <!-- AUTHORIZATION This section sets the authorization policies of the application. You can allow or deny access to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous (unauthenticated) users. We DO NOT place an authorization tag in the web.config file on the root directory (this file) since we do not require end users to authenticate themselves to the files residing in this directory. --> <authorization> <deny users="?" /> </authorization> <!-- APPLICATION-LEVEL TRACE LOGGING Application-level tracing enables trace log output for every page within an application. Set trace enabled="true" to enable application trace logging. If pageOutput="true", the trace information will be displayed at the bottom of each page. Otherwise, you can view the application trace log by browsing the "trace.axd" page from your web application root. --> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <!-- SESSION STATE SETTINGS By default ASP.NET uses cookies to identify which requests belong to a particular session. If cookies are not available, a session can be tracked by adding a session identifier to the URL. To disable cookies, set sessionState cookieless="true". --> <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" /> <!-- GLOBALIZATION This section sets the globalization settings of the application. --> <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> </system.web><!-- Allow all users to see Login.aspx --> <location path="login.aspx"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location></configuration> But no luck, I still have the same problem, when I authenticate myself it posts back to login.aspx.I initally tried to go to default.aspx...which correctly redirected me to:http://ims.jakah.com/login.aspx?ReturnUrl=%2fdefault.aspxSo then I provided my user name and password and all it did was post back to login.aspx....:(Jonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
jhermiz
3564 Posts |
Posted - 2004-09-20 : 13:13:12
|
| Something berry fishy is going on around here...I deleted my user name from the db and recreated it and now it works!!Strange, people were telling me it worked fine on their machines...so I tried another user name and password and it worked fine...The unexplainable (then again I did notice my LoginID was 0 for some odd reason) I think it was because most recently I changed it to an identity :)Ok im fine now...thanks michael.JonJonwww.web-impulse.comCan you dig it: http://www.thecenturoncompany.com/jhermiz/blog/ |
|
|
|
MichaelP
Jedi Yak
2489 Posts |
Posted - 2004-09-20 : 13:38:41
|
| I'm glad you were able to get it to work!Michael<Yoda>Use the Search page you must. Find the answer you will.</Yoda> |
|
|
|
|
Redirecting not working ?? (Authentication)