Re: Forms authentication credentials fail

---

• From: Dominick Baier [DevelopMentor] <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 21 Apr 2006 14:31:07 +0000 (UTC)

---

the login control does not work againt the <credential> section in web.config

you can

a) handle the authenticate event of the login control and call FormsAuthentication.Authenticate
b) use the provider i wrote: http://www.leastprivilege.com/ASPNETMembershipProviderForWebconfig2ndTry.aspx

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Hi,

I have a site with an admin folder that is protected with forms
authentication. I just want 1 admin user to be able to access it but
to use my own user authentication for the rest of the site.

I did have it working using an asp.net 2.0 login control and the
credential specified in the web.config but after going back to working
on the admin parts, it has suddenly started refusing the login.

I set the admin user's password to the result of
FormsAuthentication.HashPasswordForStoringInConfigFile("password","sha
1") and this did work before.

I haven't done anything special with the login control.

I'm sure it's something simple but I can't see why the login fails or
what I did to break it.

Is there a 'proper' way to do this that just as simple? (Without going
into memberships etc.,)

Here's my web.config:
<configuration
xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0";>
<appSettings>
<add key="MainDomain" value="http://www.crackthelottery.com"/>
</appSettings>
<snip connection strings.../>

<system.web>

<snip assembly stuff.../>

<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="SHA1">
<user name="admin"
password="5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"/>
</credentials>
</forms>
</authentication>
<anonymousIdentification enabled="true"/>
<profile defaultProvider="SqlProvider">
<providers>
<clear/>
<add name="SqlProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="LocalSqlServer"
applicationName="CrackTheLottery"
description="SqlProfileProvider for CrackTheLottery"/>
</providers>
<properties>
<add name="UserID" allowAnonymous="true" type="System.Int32"/>
</properties>
</profile>
<httpHandlers>
<add verb="*" path="*.zip" type="FileHandler"/>
<add verb="*" path="*.exe" type="FileHandler"/>
<add verb="*" path="*.xml" type="FileHandler"/>
<add verb="*" path="*.pdf" type="FileHandler"/>
</httpHandlers>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
I can't find anything that explains this simply and can't remember
where I originally looked all this up so thanks for the help.

.

---

• Follow-Ups:
  • Re: Forms authentication credentials fail
    • From: Some Bloke

• References:
  • Forms authentication credentials fail
    • From: Chris

• Prev by Date: Re: strange Formsauthentication behavior
• Next by Date: Re: Persist impersonated NT credentials across pages
• Previous by thread: Forms authentication credentials fail
• Next by thread: Re: Forms authentication credentials fail
• Index(es):
  • Date
  • Thread

---

Relevant Pages Forms authentication credentials fail ... I have a site with an admin folder that is protected with forms ... use my own user authentication for the rest of the site. ... I haven't done anything special with the login control. ... <snip connection strings.../> ... (microsoft.public.dotnet.framework.aspnet.security) Re: What Determines the Default Page (And How to Change)? ... it appears they just get taken to the login page even though they are already logged in and authentication code withing default.aspx would never get a chance to run. ... "Jonathan Wood" wrote in message ... I implemented this by redirecting the user to the appropriate home page in the handler for the LoggedIn event of the Login control. ... For example, if I check the Remember Me box and then disconnect and then reconnect, I go straight to default.aspx in the root folder withough having to log in again. ... (microsoft.public.dotnet.framework.aspnet) Re: can someone explain this weird behaviour? ... IIS to also authenticate with another protocol before even allowing ... authentication scheme seems confusing, and I agree -- and that is why ... The "Dir Security" property you change is one of the ... But for the same asp.net application with the same login control etc.. ... (microsoft.public.inetserver.iis.security) Re: Image not showing in MasterPage during login ... I have the login control on a page (login.aspx ... Authentication began blocking access to all files, ... If you figure out the original reason, ... (microsoft.public.dotnet.framework.aspnet) Re: Image not showing in MasterPage during login ... I have the login control on a page (login.aspx ... there's probably some mind-boggling reason I missed. ... Authentication began blocking access to all files, ... (microsoft.public.dotnet.framework.aspnet)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2006-04