Re: VB Login page problem?

From: Dam6 (damian_at_excalibur.force8.net)
Date: 06/27/05

  • Next message: Dominick Baier [DevelopMentor]: "Re: Security (Urgent!!!)" 
    Date: Mon, 27 Jun 2005 18:01:25 +0100

    Dave,

    Today I opened the default.aspx page that resides outside of the folder
    where login.aspx resides. Created a link to login.aspx and the index.aspx
    page etc.
    Clicking on either brings forth the login page. Once I enter the user/pass
    and press enter nothing happens apart from the top url changing

    http://localhost/Modify/login.aspx?ReturnUrl=%2fModify%2fdefault.aspx

    still no re-direction.

    "Dave F." <dflower@gmail.com> wrote in message
    news:%23yXF%236geFHA.3184@TK2MSFTNGP15.phx.gbl...
    > Hi
    >
    > You should never use your login page as your entry url.
    > http://localhost/Modify/Default.aspx. The forms authentication will
    > redirect the user to Login.aspx. Then once the user is authenicated they
    > will be returned to Default.aspx once you issue the
    > "FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false)"
    > request.
    > Hope this helps.
    >
    > Dave
    >
    > "Dam6" <damian@excalibur.force8.net> wrote in message
    > news:jMqdnb4ppIAyzyHfRVnyuw@pipex.net...
    >> Okay...
    >> Using vb .net within DW MX2004, connecting to an access database:
    >>
    >> Background: I have created a simple login.aspx page that is supposed to
    >> re-direct to default.aspx using
    >> FormsAuthentication.RedirectFromLoginPage. The data is correct from
    >> testing the dataset etc and the page also informs me that I have entered
    >> an incorrect user / password.
    >>
    >> Problem:
    >> When I go to http://localhost/Modify/Login.aspx and enter the username
    >> and password the url returns
    >> http://localhost/Modify/login.aspx?ReturnUrl=%2fModify%2fdefault.aspx and
    >> does not take me to any other page???
    >>
    >> Code:
    >> WEB.CONFIG:
    >>
    >> <system.web>
    >> <customErrors mode="Off" />
    >> <authentication mode = "Forms">
    >> <forms name = " .SECAUTH " loginUrl="login.aspx">
    >> <credentials />
    >> </forms>
    >> </authentication>
    >> <authorization>
    >> <deny users="?" />
    >> </authorization>
    >> </system.web>
    >>
    >>
    >>
    >>
    >>
    >> LOGIN PAGE:
    >>
    >> <%@ Page Language="VB" ContentType="text/html"
    >> ResponseEncoding="iso-8859-1" %>
    >> <%@ Register TagPrefix="MM" Namespace="DreamweaverCtrls"
    >> Assembly="DreamweaverCtrls,version=1.0.0.0,publicKeyToken=836f606ede05d46a,culture=neutral"
    >> %>
    >> <MM:DataSet
    >> id="dsLogin"
    >> runat="Server"
    >> IsStoredProcedure="false"
    >> ConnectionString='<%#
    >> System.Configuration.ConfigurationSettings.AppSettings("MM_CONNECTION_STRING_connITNoticeboardASP")
    >> %>'
    >> DatabaseType='<%#
    >> System.Configuration.ConfigurationSettings.AppSettings("MM_CONNECTION_DATABASETYPE_connITNoticeboardASP")
    >> %>'
    >> CommandText='<%# "SELECT EmployeeID, LastLogin, User_name, Pass_wrd FROM
    >> tbl_users WHERE User_name = ? AND Pass_wrd = ?" %>'
    >> Debug="true"
    >>><Parameters>
    >> <Parameter Name="@User_name" Value='<%#
    >> IIf((Request.Form("tfUsername") <> Nothing), Request.Form("tfUsername"),
    >> "") %>' Type="WChar" />
    >> <Parameter Name="@Pass_wrd" Value='<%# IIf((Request.Form("tfPasswrd")
    >> <> Nothing), Request.Form("tfPasswrd"), "") %>' Type="WChar" />
    >> </Parameters></MM:DataSet>
    >> <MM:PageBind runat="server" PostBackBind="true" />
    >> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    >> "http://www.w3.org/TR/html4/loose.dtd">
    >> <html>
    >> <head>
    >> <title>Login Page</title>
    >> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    >> <style type="text/css">
    >> <!--
    >> .style1 {
    >> font-size: 18px;
    >> font-weight: bold;
    >> }
    >> -->
    >> </style>
    >> </head>
    >> <body>
    >> <p align="center" class="style1">Login Page</p>
    >> <p>&nbsp;</p>
    >> <table width="300" border="0" align="center" cellpadding="0"
    >> cellspacing="0">
    >> <tr>
    >> <td><form runat="server">
    >> <table width="300" border="0" cellspacing="0" cellpadding="0">
    >> <tr>
    >> <td width="98">Username:</td>
    >> <td width="202"><asp:TextBox ID="tfUsername" runat="server"
    >> /></td>
    >> </tr>
    >> <tr>
    >> <td>Password:</td>
    >> <td><asp:TextBox ID="tfPasswrd" runat="server"
    >> TextMode="Password" /></td>
    >> </tr>
    >> <tr>
    >> <td>&nbsp;</td>
    >> <td><asp:Button ID="Button" Text="Login" runat="server" /></td>
    >> </tr>
    >> </table>
    >> </form></td>
    >> <%
    >> if dsLogin.RecordCount > 0 then
    >> Session("sessUsername") = Request.Form("tfUsername")
    >> FormsAuthentication.RedirectFromLoginPage("tfUsername.value", true )
    >> else if ((Request.Form("tfUsername"))) <> Nothing OR
    >> ((Request.Form("tfPassword"))) <> Nothing
    >> response.Write("Login Failed. Please Try Again.")
    >> end if
    >> %>
    >>
    >>
    >> </tr>
    >> </table>
    >> <table width="300" border="0" align="center" cellpadding="0"
    >> cellspacing="0">
    >> <tr>
    >> <td><p align="center"><a href="http://www.yahoo.com"
    >> target="_parent">www.yahoo.com</a></p>
    >> <p align="center"><a href="../search_it.aspx" target="_parent">Start
    >> Page</a> </p></td>
    >> </tr>
    >> </table>
    >> <p>&nbsp; </p>
    >> </body>
    >> </html>
    >>
    >>
    >
    >

  • Next message: Dominick Baier [DevelopMentor]: "Re: Security (Urgent!!!)"