Re: FormsAuthentication Fails
From: Caroline Bogart (ctbogart_at_yahoo.com)
Date: 06/22/03
- Previous message: Matjaz Ladava: "Re: FormsAuthentication Fails"
- In reply to: Matjaz Ladava: "Re: FormsAuthentication Fails"
- Next in thread: Caroline Bogart: "Re: FormsAuthentication Fails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 22 Jun 2003 06:12:41 -0700
Matjaz, I don't disagree with you. My app actually does everything in
that article, though not the same way. I use the following for hasing:
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
System.Text.UnicodeEncoding ue = new System.Text.UnicodeEncoding();
byte[] buff= ue.GetBytes(clearText);
byte[] bytehash = hashmd5.ComputeHash(buff);
return ue.GetString(bytehash);
The passwords are stored in SQL via stored procedure, and compared to
a hash version of user input via stored procedure.
Now, Web.Config was different in the article. I added:
<allow users="*">
but to no avail. I get the same results.
There should be no relationship between the authentication of the user
and the ability to to the Response.Redirect. The syntax:
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text,chkRemember.Checked);
does not rely on the password.
I could understand if I had to set the authorization cookie, perhaps,
and the CustomerID doesn't match the txtEmail.Text, above. That would
be a problem:
FormsAuthentication.SetAuthCookie(customerInfo.CustomerID.ToString(),true);
But as far as I can tell, RedirectFromLoginPage simply relies on the
URL-embedded "original page" and assumes the coder has performed
authentication.
My user authenticates against the password and the debugger simply
falls through this line:
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text,chkRemember.Checked);
Or, depending on the setup, never even goes the the loginUrl page at
all.
The code in the original post was a flat test bed example of the bare
essence of the forms redirect paradigm. But I still must have
something wrong and I can't see it.
Thanks for any help!
"Matjaz Ladava" <matjaz@_nospam_ladava.com> wrote in message news:<eq3UvkDODHA.1608@TK2MSFTNGP11.phx.gbl>...
> Hmm, but you have to obey the rules for forms authentication. See
> http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetHT03.asp?frame=true
> on how to propery use forms authentication using external database.
>
>
- Previous message: Matjaz Ladava: "Re: FormsAuthentication Fails"
- In reply to: Matjaz Ladava: "Re: FormsAuthentication Fails"
- Next in thread: Caroline Bogart: "Re: FormsAuthentication Fails"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
