Problem with FormsAuthentication and SetAuthCookie

From: David Colliver (DavidColliver_at_discussions.microsoft.com)
Date: 06/09/05 

Date: Thu, 9 Jun 2005 07:56:02 -0700

Hi all,

I am having a slight problem with my app and authentication.

My system uses Microsoft CMS 2002, so what I have needs to fit around that.
In this case, I am not using CMS to manage the authentication. I am using SQL
Server.

Here is what I want to achieve...

Because I am using CMS, I don't want to have to create hundreds of different
pages to manage different parts of one application as this would require that
I create hundreds of templates. I need it to be as simple as possible, so I
build up the page in panels, switching off and on when needed.

My page has:
[PANEL] UserName/Password boxes and a Login Button.

[PANEL] Tabstrip

[PANEL[s]] application contents.

Naturally, first entry to the page should only show the login panel. This it
does admirably.

I enter my details and it shows the tabstrip panel. I click on an item in
the tabstrip to view the app content. However, the Login Panel now shows up
as well as the app content. (This is a logic problem that I can fix later...)

The issue is that after I setauthcookie, I am still not authenticated.

I am trying to avoid having seperate login pages and redirectors to another
page, so my login code and app code are all in the same page.

In my page load, I have...

if (User.Identity.IsAuthenticated)
{
        TabListPanel.Visible = true;
        Trace.Warn("Auth", DateTime.Now.ToString());
}
else
{
        LoginPanel.Visible = true;
}

In my button click event, I have:

CheckLogin();

CkeckLogin is:

try
{
        sqlConn.Open();

        SqlDataAdapter cmd;

        if (User.Identity.IsAuthenticated)
        {
                cmd = new SqlDataAdapter("select * from myuser where username = '" +
User.Identity.Name + "'", sqlConn);
        }
        else
        {
                cmd = new SqlDataAdapter("select * from myuser where username = '" +
LoginBox.Text.Replace("'", "''") + "' and password = '" +
PasswordBox.Text.Replace("'", "''") + "'", sqlConn);
        }

        DataSet Login = new DataSet();
        cmd.Fill(Login, "UserDetails");

        if (Login.Tables["UserDetails"].Rows.Count > 0)
        {
                // Write the authentication cookie.
                FormsAuthentication.SetAuthCookie(LogintBox.Text, true);
                // Remove login panel, show links (TAB) panel.
                LoginPanel.Visible = false;
                TabListPanel.Visible = true;
        }
}
finally
{
        sqlConn.Close();
}

To me, everything is as it should be, but after I login, the
User.Identity.IsAuthenticated in PageLoad returns false.

How can I get around this?

Thanks.

Regards,
Dave Colliver.
http://www.AshfieldFOCUS.com
~~
http://www.FOCUSPortals.com - Portal franchises available

Quantcast