Re: Forms Based Authentication Issue (VIEWSTATE) Login Form On Non Protected Page

that sorta is what it is..


"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:51eb304846558c8f99c8fc56f10@xxxxxxxxxxxxxxxxxxxxx
so why don't you create a login user/web control that handles the
authentication logic - this can be embedded on any page...?


-----
Dominick Baier (http://www.leastprivilege.com)

I can and that is probably what I will do.. but I didnt really want to
make a custom deal just for that.

Though the basics of .NET forms authentication are being used I have
an custom authentication deal going on where I do all my checks
against a database.. part of it gets called from an asp.net dll I
created. Code Behind.. I really want everything to work with
"login.aspx" as part of the main authentication logic if hidden from
the customer .. Basically there is licensing code they are not
supposed to easily see as I sell this authentication system to various
corporations (its a special add-on to a web based mailing system made
by a major player) and licensing it via domains as well as other
means. They need a license key in the web.config to run the system.

I really didnt want to create a special scenario just for doing a
login box on the home page and probably another dll just used when
doing that. That is the answer. Without showing you all my code I
can't really make you understand but I have my reasons.

I was trying to do everything all at once and was doing pretty good
until this issue popped up.

In the end it seems I will have to make a special page just for this
and set
the authentication ticket info there as well after doing the checks..
Seems stupid though for this one purpose but I dont see another way at
the
moment.
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:51eb3048464a8c8f99588969d10@xxxxxxxxxxxxxxxxxxxxx

How do you set the cookie?

Why can't you grab the values from Page.Form["..."] and do a
FormsAuthentication.SetAuthCookie - and afterwards a
Response.Redirect??

I don't see a problem.

Is one of the books from MS Press? ;)

-----
Dominick Baier (http://www.leastprivilege.com)
well, what happens is this..

you have you login page by itself whether using the javascript idea
or a PostBackUrl scenario .. you enter the login info and it tries
to post to the login.aspx?ReturnURL=blahblah (pseudo code)

anyway, it goes to that page but just doesn't log you in,, once
there you see a blank form and can enter the username/password and
log in fine.. but the remote post to it just never does anything...

Like I said, I tried the concept with some basic forms posting to
other pages and form values can be response.written so the post is
working..

Either you can't do something like this when dealing with forms
authentication or maybe there are some hidden variables I need to
send along with the post.. but I dont think so..especially with
PostBackUrl which still keeps the viewstate stuff in check... I been
messing around with all of this for days now.. there is just no info
anywhere that I can find where anyone has specifically done this
relating to forms authentication.

The ?ReturnURL may be causing a problem too as far as the posting
process goes.. not sure.. I tried not using and having a DefaultURL
set in the web.config which didn't work either.. I tried a lot of
things I haven't even mentioned.

I got 3 new books coming this week and I am praying one of them has
something usefull in it. Two of them are very specific to asp.net
authentication.

"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:51eb304845ee8c8f93b17b930d0@xxxxxxxxxxxxxxxxxxxxx

what's the problem?

-----
Dominick Baier (http://www.leastprivilege.com)
I tried to PostBackUrl and the javascript posting idea.. I can get
them both to work on simple forms posting data to a 2nd page...
but they just wont work under a "forms authentication scenario"

argg... something so simple yet .NET makes it so complicated.. I
guess I'll keep searching for answers

"Kyle Peterson" <kyle342@xxxxxxxxxxx> wrote in message
news:uzYFqxqKHHA.3936@xxxxxxxxxxxxxxxxxxxxxxx

that could be a solution.. looking into it now...
got to try it out... hopefully you can specify the ReturnURL via
querystring as well in the page your posting to..
if so it may work
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:51eb3048457c8c8f8c82c50d020@xxxxxxxxxxxxxxxxxxxxx
have you tried Button.PostBackUrl?

-----
Dominick Baier (http://www.leastprivilege.com)
I have actually looked for javascript that can do a form post
on
it's
own.
Couldn't find anything.
Not sure I am searching for the right terms.
Still, that solution to me seems like a total cobb.. however I
would
be willing to try it if I could find some javascript code to do
that.
CLient side code ain't my thing.
"Dominick Baier" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message
news:51eb304845038c8f87271e7de40@xxxxxxxxxxxxxxxxxxxxx
well - you could have some java script that takes the form
values and posts them to an SSL protected page - or use the
use the PostBackUrl property on the button/linkbutton etc...

-----
Dominick Baier (http://www.leastprivilege.com)
Hi,

I am doing Forms Based Authentication using the built in
tools
of
.NET.
Authenticating off a database with some code a wrote and
using
login.aspx,
web.config, etc etc... the usual deal..
I have it all working fine and pages I want to protect show a
login
page
before being logged in to.
The problem lies that I have a few clients that want to have
a
tiny
login form on an area of their homepage. So basically we are
talking
about a login form on a non protected page that submits to a
protected
page. A lot of sites do this as I am sure you know.
Now, because of VIEWSTATE and the fact that forms need to
post
to
themselves I cant just put appropriate form code on the
homepage
posting to some protected page. (LIKE YOU COULD EASILY DO IN
A
CLASSIC ASP SCENARIO)
I turning off VIEWSTATE isn;t really an option.
So, what is the solution... is there no way to do something
like this using the built in forms authentication structure
of
.NET.
Any ideas or articles someone can point me to would be most
appretiated. I have searched for weeks before asking this
here. I just can't come up with a good solution other there
writing something totally custom just to handle this scenario
that doesn't use the built in Forms Authentication Fetaures
but checks the user credentials, sets the authentication
ticket.. all via basic inline code..etc etc

Is that my only solution ? Is this something Microsoft left
out of the forms authentication scenarios ? Seems like it is
something a lot of people want to do.

Thanks





.