RE: system.web.security

From: ranganh (harish.ranganathan_at_wipro.com)
Date: 06/08/04

  • Next message: ranganh: "RE: Forms Auth. allows anyone in if server accessed locally"
    Date: Mon, 7 Jun 2004 20:36:03 -0700
    
    

    Dear Tony,

    You have to change the following line of code as below :-

    If FormsAuthentication.Authenticate(tbusername.Text, tbPassword.Text) Then

    it will work.

    hope it helps.
         
         ----- Tony B wrote: -----
         
         Hi All
         
         I am quite new to asp.net and have been following an example of using
         Forms authentication on a web app.
         
         I believe that i have coded this OK but when i enter the username and
         password I do not get redirected to the start page (webform1.aspx)
         
         here is my WEB.config
         
         <?xml version="1.0" encoding="utf-8" ?><configuration><system.web><!-- DYNAMIC DEBUG COMPILATION
                   Set compilation debug="true" to insert debugging symbols
         (.pdb information)
                   into the compiled page. Because this creates a larger file
         that executes
                   more slowly, you should set this value to true only when
         debugging and to
                   false at all other times. For more information, refer to the
         documentation about
                   debugging ASP.NET files.
             --><compilation defaultLanguage="vb" debug="true" /><!-- CUSTOM ERROR MESSAGES
                   Set customErrors mode="On" or "RemoteOnly" to enable custom
         error messages, "Off" to disable.
                   Add <error> tags for each of the errors you want to handle.
         
                   "On" Always display custom (friendly) messages.
                   "Off" Always display detailed ASP.NET error information.
                   "RemoteOnly" Display custom (friendly) messages only to
         users not running
                    on the local Web server. This setting is recommended for
         security purposes, so
                    that you do not display application detail information to
         remote clients.
             --><customErrors mode="RemoteOnly" /><!-- AUTHENTICATION
                   This section sets the authentication policies of the
         application. Possible modes are "Windows",
                   "Forms", "Passport" and "None"
         
                   "None" No authentication is performed.
                   "Windows" IIS performs authentication (Basic, Digest, or
         Integrated Windows) according to
                    its settings for the application. Anonymous access must be
         disabled in IIS.
                   "Forms" You provide a custom form (Web page) for users to
         enter their credentials, and then
                    you authenticate them in your application. A user
         credential token is stored in a cookie.
                   "Passport" Authentication is performed via a centralized
         authentication service provided
                    by Microsoft that offers a single logon and core profile
         services for member sites.
             --><authentication mode="Forms" ><forms loginUrl="login.aspx"><credentials passwordFormat="Clear"><user name="tony" password="password"/></credentials></forms></authentication><authorization><deny users="?" /></authorization><!-- APPLICATION-LEVEL TRACE LOGGING
                   Application-level tracing enables trace log output for every
         page within an application.
                   Set trace enabled="true" to enable application trace
         logging. If pageOutput="true", the
                   trace information will be displayed at the bottom of each
         page. Otherwise, you can view the
                   application trace log by browsing the "trace.axd" page from
         your web application
                   root.
             --><trace enabled="false" requestLimit="10" pageOutput="false"
         traceMode="SortByTime" localOnly="true" /><!-- SESSION STATE SETTINGS
                   By default ASP.NET uses cookies to identify which requests
         belong to a particular session.
                   If cookies are not available, a session can be tracked by
         adding a session identifier to the URL.
                   To disable cookies, set sessionState cookieless="true".
             --><sessionState
                     mode="InProc"
                     stateConnectionString="tcpip=127.0.0.1:42424"
                     sqlConnectionString="data
         source=127.0.0.1;Trusted_Connection=yes"
                     cookieless="false"
                     timeout="20"
             /><!-- GLOBALIZATION
                   This section sets the globalization settings of the
         application.
             --><globalization requestEncoding="utf-8" responseEncoding="utf-8" /></system.web></configuration>
         
         This is the start page code
         
         Imports System.Web.Security
         
         
         Public Class WebForm1
             Inherits System.Web.UI.Page
         
         #Region " Web Form Designer Generated Code "
         
             'This call is required by the Web Form Designer.
             <System.Diagnostics.DebuggerStepThrough()> Private Sub
         InitializeComponent()
         
             End Sub
         
             'NOTE: The following placeholder declaration is required by the
         Web Form Designer.
             'Do not delete or move it.
             Private designerPlaceholderDeclaration As System.Object
         
             Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
         System.EventArgs) Handles MyBase.Init
                 'CODEGEN: This method call is required by the Web Form
         Designer
                 'Do not modify it using the code editor.
                 InitializeComponent()
             End Sub
         
         #End Region
         
             Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
         System.EventArgs) Handles MyBase.Load
                 'Put user code to initialize the page here
             End Sub
         
         End Class
         
         and here is the login.aspx Code
         
         Imports System.Web.Security
         
         
         Public Class login
             Inherits System.Web.UI.Page
         
         #Region " Web Form Designer Generated Code "
         
             'This call is required by the Web Form Designer.
             <System.Diagnostics.DebuggerStepThrough()> Private Sub
         InitializeComponent()
         
             End Sub
             Protected WithEvents tbusername As
         System.Web.UI.WebControls.TextBox
             Protected WithEvents tbPassword As
         System.Web.UI.WebControls.TextBox
             Protected WithEvents Label1 As System.Web.UI.WebControls.Label
             Protected WithEvents Label2 As System.Web.UI.WebControls.Label
             Protected WithEvents Button1 As System.Web.UI.WebControls.Button
         
             'NOTE: The following placeholder declaration is required by the
         Web Form Designer.
             'Do not delete or move it.
             Private designerPlaceholderDeclaration As System.Object
         
             Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
         System.EventArgs) Handles MyBase.Init
                 'CODEGEN: This method call is required by the Web Form
         Designer
                 'Do not modify it using the code editor.
                 InitializeComponent()
             End Sub
         
         #End Region
         
             Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
         System.EventArgs) Handles MyBase.Load
                 'Put user code to initialize the page here
             End Sub
         
             Private Sub Button1_Click(ByVal sender As System.Object, ByVal e
         As System.EventArgs) Handles Button1.Click
                 If FormsAuthentication.Authenticate(tbusername.Text, True)
         Then
                     FormsAuthentication.RedirectFromLoginPage(tbusername.Text,
         True)
                 Else
                     tbPassword.Text = ""
                 End If
             End Sub
         End Class
         
         and the html
         
         <%@ Page Language="vb" AutoEventWireup="false"
         Codebehind="login.aspx.vb" Inherits="WebTCMM.login"%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><title>login</title><meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"><meta content="Visual Basic .NET 7.1" name="CODE_LANGUAGE"><meta content="JavaScript" name="vs_defaultClientScript"><meta content="http://schemas.microsoft.com/intellisense/ie5"
         name="vs_targetSchema"></HEAD><body MS_POSITIONING="GridLayout"><form id="Form1" method="post" runat="server"><asp:textbox id="tbusername" style="Z-INDEX: 101; LEFT: 312px;
         POSITION: absolute; TOP: 88px"
                                         runat="server"></asp:textbox><asp:textbox id="tbPassword"
         style="Z-INDEX: 102; LEFT: 312px; POSITION: absolute; TOP: 128px"
                                         runat="server" TextMode="Password"></asp:textbox><asp:label
         id="Label1" style="Z-INDEX: 103; LEFT: 240px; POSITION: absolute; TOP:
         96px" runat="server">Label</asp:label><asp:label id="Label2"
         style="Z-INDEX: 104; LEFT: 240px; POSITION: absolute; TOP: 136px"
         runat="server">Label</asp:label><asp:button id="Button1"
         style="Z-INDEX: 105; LEFT: 352px; POSITION: absolute; TOP: 168px"
         runat="server"
                                         Text="Button"></asp:button></form></body></HTML>
         
         
         Where am I going wrong??
         
         TIA Tony
         


  • Next message: ranganh: "RE: Forms Auth. allows anyone in if server accessed locally"

    Relevant Pages

    • Re: URL redirect not working - question
      ... The URL is passed with the correct parameters, ... contents of the InitializeComponentmethod in the Web Form Designer ... the contents of the InitializeComponent() method were not erased. ... The name of the page I want to load is ManagerAccountTableEdit.ascx. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Why is an Index out of range when deriving from TreeView?
      ... namespace TreeNodeProblem ... /// Summary description for ValueNode. ... public class ValueNode: TreeNode ... This call is required by the ASP.NET Web Form Designer. ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Not getting values from DropDownLists in User Controls
      ... 'This call is required by the Web Form Designer. ... InitializeComponent() ... Private Sub Page_Init(ByVal sender As System.Object, ...
      (microsoft.public.dotnet.framework.aspnet)
    • HELP: Problem Hosting the "Simplest" of VB.NET Apps
      ... When I run this application interactively via Visual Studio 2003, ... 'This call is required by the Web Form Designer. ... InitializeComponent() ... Private Sub Page_Init(ByVal sender As System.Object, ...
      (microsoft.public.dotnet.languages.vb)
    • Page_Load called twice in child user control--AutoEventWireup=false
      ... The child user control's Page_Load is being called twice. ... Public Class Parent ... #Region " Web Form Designer Generated Code " ... End Sub ...
      (microsoft.public.dotnet.framework.aspnet.buildingcontrols)