Re: Forms Based Authentication Issue (VIEWSTATE) Login Form On Non Protected Page

well, what happens is this..

you have you login page by itself whether using the javascript idea or a
PostBackUrl scenario .. you enter the login info and it tries to post to the
login.aspx?ReturnURL=blahblah (pseudo code)

anyway, it goes to that page but just doesn't log you in,, once there you
see a blank form and can enter the username/password and log in fine.. but
the remote post to it just never does anything...

Like I said, I tried the concept with some basic forms posting to other
pages and form values can be response.written so the post is working..

Either you can't do something like this when dealing with forms
authentication or maybe there are some hidden variables I need to send along
with the post.. but I dont think so..especially with PostBackUrl which still
keeps the viewstate stuff in check... I been messing around with all of this
for days now.. there is just no info anywhere that I can find where anyone
has specifically done this relating to forms authentication.

The ?ReturnURL may be causing a problem too as far as the posting process
goes.. not sure.. I tried not using and having a DefaultURL set in the
web.config which didn't work either.. I tried a lot of things I haven't even
mentioned.

I got 3 new books coming this week and I am praying one of them has
something usefull in it. Two of them are very specific to asp.net
authentication.




"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:51eb304845ee8c8f93b17b930d0@xxxxxxxxxxxxxxxxxxxxx
what's the problem?


-----
Dominick Baier (http://www.leastprivilege.com)

I tried to PostBackUrl and the javascript posting idea.. I can get
them both to work on simple forms posting data to a 2nd page... but
they just wont work under a "forms authentication scenario"

argg... something so simple yet .NET makes it so complicated.. I guess
I'll keep searching for answers

"Kyle Peterson" <kyle342@xxxxxxxxxxx> wrote in message
news:uzYFqxqKHHA.3936@xxxxxxxxxxxxxxxxxxxxxxx

that could be a solution.. looking into it now...
got to try it out... hopefully you can specify the ReturnURL via
querystring as well in the page your posting to..
if so it may work

"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:51eb3048457c8c8f8c82c50d020@xxxxxxxxxxxxxxxxxxxxx

have you tried Button.PostBackUrl?

-----
Dominick Baier (http://www.leastprivilege.com)
I have actually looked for javascript that can do a form post on
it's
own.
Couldn't find anything.
Not sure I am searching for the right terms.
Still, that solution to me seems like a total cobb.. however I
would
be willing to try it if I could find some javascript code to do
that.
CLient side code ain't my thing.
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:51eb304845038c8f87271e7de40@xxxxxxxxxxxxxxxxxxxxx

well - you could have some java script that takes the form values
and posts them to an SSL protected page - or use the use the
PostBackUrl property on the button/linkbutton etc...

-----
Dominick Baier (http://www.leastprivilege.com)
Hi,

I am doing Forms Based Authentication using the built in tools of
.NET.
Authenticating off a database with some code a wrote and using
login.aspx,
web.config, etc etc... the usual deal..
I have it all working fine and pages I want to protect show a
login
page
before being logged in to.
The problem lies that I have a few clients that want to have a
tiny
login form on an area of their homepage. So basically we are
talking
about a login form on a non protected page that submits to a
protected
page. A lot of sites do this as I am sure you know.
Now, because of VIEWSTATE and the fact that forms need to post to
themselves I cant just put appropriate form code on the homepage
posting to some protected page. (LIKE YOU COULD EASILY DO IN A
CLASSIC ASP SCENARIO)
I turning off VIEWSTATE isn;t really an option.

So, what is the solution... is there no way to do something like
this using the built in forms authentication structure of .NET.

Any ideas or articles someone can point me to would be most
appretiated. I have searched for weeks before asking this here. I
just can't come up with a good solution other there writing
something totally custom just to handle this scenario that
doesn't use the built in Forms Authentication Fetaures but checks
the user credentials, sets the authentication ticket.. all via
basic inline code..etc etc

Is that my only solution ? Is this something Microsoft left out
of the forms authentication scenarios ? Seems like it is
something a lot of people want to do.

Thanks





.