Forms authentication credentials fail



Hi,

I have a site with an admin folder that is protected with forms
authentication. I just want 1 admin user to be able to access it but to
use my own user authentication for the rest of the site.

I did have it working using an asp.net 2.0 login control and the
credential specified in the web.config but after going back to working
on the admin parts, it has suddenly started refusing the login.

I set the admin user's password to the result of
FormsAuthentication.HashPasswordForStoringInConfigFile("password","sha1")
and this did work before.

I haven't done anything special with the login control.

I'm sure it's something simple but I can't see why the login fails or
what I did to break it.

Is there a 'proper' way to do this that just as simple? (Without going
into memberships etc.,)

Here's my web.config:
<configuration
xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0";>
<appSettings>
<add key="MainDomain" value="http://www.crackthelottery.com"/>
</appSettings>

<snip connection strings.../>

<system.web>

<snip assembly stuff.../>

<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="SHA1">
<user name="admin"
password="5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"/>
</credentials>
</forms>
</authentication>
<anonymousIdentification enabled="true"/>
<profile defaultProvider="SqlProvider">
<providers>
<clear/>
<add name="SqlProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="LocalSqlServer" applicationName="CrackTheLottery"
description="SqlProfileProvider for CrackTheLottery"/>
</providers>
<properties>
<add name="UserID" allowAnonymous="true" type="System.Int32"/>
</properties>
</profile>
<httpHandlers>
<add verb="*" path="*.zip" type="FileHandler"/>
<add verb="*" path="*.exe" type="FileHandler"/>
<add verb="*" path="*.xml" type="FileHandler"/>
<add verb="*" path="*.pdf" type="FileHandler"/>
</httpHandlers>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>

I can't find anything that explains this simply and can't remember
where I originally looked all this up so thanks for the help.

.



Relevant Pages

  • RE: Separating authentication and authorization for admins was: RE: AD across both DMZ & LAN
    ... Subject: Separating authentication and authorization for admins was: RE: ... administrators and/or admin actions on the ... > internet from their PC's. ... so that we only have one set of user accounts to ...
    (Security-Basics)
  • Re: Forms authentication credentials fail
    ... the login control does not work againt the section in web.config ... handle the authenticate event of the login control and call FormsAuthentication.Authenticate ... I have a site with an admin folder that is protected with forms ... to use my own user authentication for the rest of the site. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Remote Control through Vista Workstation
    ... You are prompted for authentication when you try starting remote tools (not ... account is SMS computer account. ... When you tried using local admin account on that pc, ...
    (microsoft.public.sms.admin)
  • RE: Remote Control through Vista Workstation
    ... And when authenticating using local admin credentials it was put in the ... When you tried using local admin account on that pc, ... Prompts for authentication. ...
    (microsoft.public.sms.admin)
  • Re: authentication method shell variable?
    ... for authentication. ... that members of the admin group can only log in using public/private key ...
    (SSH)