Re: Forms Based Authentication Issue (VIEWSTATE) Login Form On Non Protected Page

well - you could have some java script that takes the form values and posts them to an SSL protected page - or use the use the PostBackUrl property on the button/linkbutton etc...


-----
Dominick Baier (http://www.leastprivilege.com)

Hi,

I am doing Forms Based Authentication using the built in tools of
.NET.
Authenticating off a database with some code a wrote and using
login.aspx,
web.config, etc etc... the usual deal..
I have it all working fine and pages I want to protect show a login
page
before being logged in to.
The problem lies that I have a few clients that want to have a tiny
login form on an area of their homepage. So basically we are talking
about a login form on a non protected page that submits to a protected
page. A lot of sites do this as I am sure you know.

Now, because of VIEWSTATE and the fact that forms need to post to
themselves I cant just put appropriate form code on the homepage
posting to some protected page. (LIKE YOU COULD EASILY DO IN A CLASSIC
ASP SCENARIO)

I turning off VIEWSTATE isn;t really an option.

So, what is the solution... is there no way to do something like this
using the built in forms authentication structure of .NET.

Any ideas or articles someone can point me to would be most
appretiated. I have searched for weeks before asking this here. I just
can't come up with a good solution other there writing something
totally custom just to handle this scenario that doesn't use the built
in Forms Authentication Fetaures but checks the user credentials, sets
the authentication ticket.. all via basic inline code..etc etc

Is that my only solution ? Is this something Microsoft left out of the
forms authentication scenarios ? Seems like it is something a lot of
people want to do.

Thanks



.