Forms autentication and registration page - some advices

[NWx]

Hi,

I implement forms authentication in my application.
So I have a login form.
Actually I have two custom Web controls, one to login and one to redirect
user to Register page

Login custom control perform some client-side validation if username or
password are empty

I have two problems:

1. Even if user click on register button (which is on Register user
control), my page performs client side validation for username and password
from Login user control. How can I prevent this? I can disable client-side
validation, but I don't want this.

2. Usually I shouldn't be able to access register page, since I'm not
authenticated.
So I "trick" the application, and I authenticate with a "dummy" user name,
with a code as below, in cmdRegister_click:
FormsAuthentication.SetAuthCookie("guest", False)

Response.Redirect("register.aspx")

Also, I created a custom header control I place on every page, which check
in page_load if current user is guest and page is <> register.aspx, and in
this case calls signoff, to avoid user to access a protected page by typing
its name in address bar after loading Register.aspx.

Is this solution safe enough? Can anyone suggest any better approach?

Thank you.

[Saravana [MVP]]

> 1. Even if user click on register button (which is on Register user

> control), my page performs client side validation for username and

password

> from Login user control. How can I prevent this? I can disable client-side
> validation, but I don't want this.

You can set "CausesValidation" for register button to false,so it wont do
validation.

> 2. Usually I shouldn't be able to access register page, since I'm not
> authenticated.
> So I "trick" the application, and I authenticate with a "dummy" user name,
> with a code as below, in cmdRegister_click:
> FormsAuthentication.SetAuthCookie("guest", False)

You can set authorization setting for particular file using location tag,
for this file alone give
access to all the user for all other file deny access to unauthenticated
user. For example to set
authorization permission for particular page,
<location path="<filename>">
<system.web>
<autorization>
<allow users="*">
</autorization>
</system.web>
</location>

--
Saravana
Microsoft MVP - ASP.NET
[url]www.extremeexperts.com[/url]



"NWx" <test@test.com> wrote in message
news:uH8Yfgd8DHA.360@TK2MSFTNGP12.phx.gbl...

> Hi,
>
> I implement forms authentication in my application.
> So I have a login form.
> Actually I have two custom Web controls, one to login and one to redirect
> user to Register page
>
> Login custom control perform some client-side validation if username or
> password are empty
>
> I have two problems:
>
> 1. Even if user click on register button (which is on Register user
> control), my page performs client side validation for username and

password

> from Login user control. How can I prevent this? I can disable client-side
> validation, but I don't want this.
>
> 2. Usually I shouldn't be able to access register page, since I'm not
> authenticated.
> So I "trick" the application, and I authenticate with a "dummy" user name,
> with a code as below, in cmdRegister_click:
> FormsAuthentication.SetAuthCookie("guest", False)
>
> Response.Redirect("register.aspx")
>
> Also, I created a custom header control I place on every page, which check
> in page_load if current user is guest and page is <> register.aspx, and in
> this case calls signoff, to avoid user to access a protected page by

typing

> its name in address bar after loading Register.aspx.
>
> Is this solution safe enough? Can anyone suggest any better approach?
>
> Thank you.
>
>