Forms autentication and registration page - some advices

From: NWx (test_at_test.com)
Date: 02/13/04 

Date: Fri, 13 Feb 2004 04:21:39 +0200

Hi,

I implement forms authentication in my application.
So I have a login form.
Actually I have two custom Web controls, one to login and one to redirect
user to Register page

Login custom control perform some client-side validation if username or
password are empty

I have two problems:

1. Even if user click on register button (which is on Register user
control), my page performs client side validation for username and password
from Login user control. How can I prevent this? I can disable client-side
validation, but I don't want this.

2. Usually I shouldn't be able to access register page, since I'm not
authenticated.
So I "trick" the application, and I authenticate with a "dummy" user name,
with a code as below, in cmdRegister_click:
FormsAuthentication.SetAuthCookie("guest", False)

Response.Redirect("register.aspx")

Also, I created a custom header control I place on every page, which check
in page_load if current user is guest and page is <> register.aspx, and in
this case calls signoff, to avoid user to access a protected page by typing
its name in address bar after loading Register.aspx.

Is this solution safe enough? Can anyone suggest any better approach?

Thank you.

Relevant Pages

  • Re: Forms Authentication without Login Page
    ... Thanks Brad! ... the authentication seems to be delayed by one page view: ... hit Login in my login control. ... and my login control calls ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Forms autentication and registration page - some advices
    ... I implement forms authentication in my application. ... So I have a login form. ... Actually I have two custom Web controls, one to login and one to redirect ... control), my page performs client side validation for username and password ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How can the Login control stop authenticating?
    ... noting the Login.aspx control is loaded into a Panel and the Panel is ... // will login but I do not know if it is using validation to catch ... That is used for custom authentication only. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How can the Login control stop authenticating?
    ... Not even using the template but bringing it right down to the basics noting the Login.aspx control is loaded into a Panel and the Panel is in the MasterPage ... I do not know how to code this anymore because any event handler will cause the control to no longer authenticate and login a known user ... processing when unknown credentials are submitted, i.e. validation. ... authentication method. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: WebBrowser
    ... security authentication won't matter at all because I don't control the ... server & have no idea what type of security they are using.... ... employees to log into sites (that i have no idea what type of authentication ... In the case of a login page you can easily interact directly with the ...
    (microsoft.public.vb.controls)