Forms Auth keeps going to logon page

[Andy Fraser]

Hi,

I am using forms authentication for a web application I am writing. I query
a SQL server database to find a matching username and password then create
an encrypted cookie. I then redirect to my main menu page. However, when I
select a menu and try to jump to another page, it keeps taking me back to my
logon page ! Can anybody suggest what I am doing wrong, I enclose a sample
of my web.config file and a sample of the code that creates the
authentication cookie.
Thanks in advance.

Andy

Web.Config

<authentication mode="None">
<forms name=".RNWEBAUTH" loginUrl="RNLogon.aspx" protection="All"
timeout="60"></forms>
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>

Logon.aspx

FormsAuthenticationTicket tkt = new FormsAuthenticationTicket( 1,

Username.Text,

DateTime.Now,

DateTime.Now.AddMinutes( 30 ),

false,

strAccess,

FormsAuthentication.FormsCookiePath );
//
// Hash the cookie for security
//
string hash = FormsAuthentication.Encrypt( tkt );
HttpCookie ck = new HttpCookie( FormsAuthentication.FormsCookieName,hash );

//
// Add cookie to the response
//
Response.Cookies.Add( ck );
Response.Cookies[ "UserID" ].Value = nUserID.ToString();
Response.Cookies[ "UserID" ].Expires = DateTime.MaxValue;
Response.Cookies[ "Access" ].Value = strAccess;
Response.Cookies[ "Access" ].Expires = DateTime.MaxValue;

//
// Jump to main menu page
//
Response.Redirect( strRedirect,true );

[Cowboy \(Gregory A. Beamer\)]

Try using something like:

string name = NameText.Text;
string password = PasswordText.Text;

if(FormsAuthentication.Authenticate(name,password) )
{
FormsAuthentication.RedirectFromLogonPage(name, false);
}

NOTE: You do not set the cookie for authentication using Response.Cookies.
This is why your app is blowing up. You can do the following, if you want to
use Response.Redirect:

FormsAuthentication.GetAuthCookie(name, false);
Response.Redirect("myFavoritePage.aspx");

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

************************************************** ********************
Think Outside the Box!
************************************************** ********************
"Andy Fraser" <news@andyfraser.co.uk> wrote in message
news:1067895940.781891@ananke.eclipse.net.uk...

> Hi,
>
> I am using forms authentication for a web application I am writing. I

query

> a SQL server database to find a matching username and password then create
> an encrypted cookie. I then redirect to my main menu page. However, when I
> select a menu and try to jump to another page, it keeps taking me back to

my

> logon page ! Can anybody suggest what I am doing wrong, I enclose a sample
> of my web.config file and a sample of the code that creates the
> authentication cookie.
> Thanks in advance.
>
> Andy
>
> Web.Config
>
> <authentication mode="None">
> <forms name=".RNWEBAUTH" loginUrl="RNLogon.aspx" protection="All"
> timeout="60"></forms>
> </authentication>
> <authorization>
> <deny users="?" />
> <allow users="*" />
> </authorization>
>
> Logon.aspx
>
> FormsAuthenticationTicket tkt = new FormsAuthenticationTicket( 1,
>
> Username.Text,
>
> DateTime.Now,
>
> DateTime.Now.AddMinutes( 30 ),
>
> false,
>
> strAccess,
>
> FormsAuthentication.FormsCookiePath );
> //
> // Hash the cookie for security
> //
> string hash = FormsAuthentication.Encrypt( tkt );
> HttpCookie ck = new HttpCookie(

FormsAuthentication.FormsCookieName,hash );

>
> //
> // Add cookie to the response
> //
> Response.Cookies.Add( ck );
> Response.Cookies[ "UserID" ].Value = nUserID.ToString();
> Response.Cookies[ "UserID" ].Expires = DateTime.MaxValue;
> Response.Cookies[ "Access" ].Value = strAccess;
> Response.Cookies[ "Access" ].Expires = DateTime.MaxValue;
>
> //
> // Jump to main menu page
> //
> Response.Redirect( strRedirect,true );
>
>

[alan Hemmings]

I was experiencing a problem with a project that worked fine on my dev
box, but when I deployed to a standalone windows 2000 server, the forms
authentication stopped working...kept on being redirected to the login
page.

In my situation, it turned out that the cause was due to the server not
being located on the same domain that the users were on, e.g. setting up
the server host name as [url]www.fred.com[/url], while the network was
[url]www.notfred.com[/url].

Moving the server, so that it became a subdomain of [url]www.notfred.com[/url]
solved our problem...

e.g. zeus.notfred.com

I think what was happening, was internally, when we connected to the
windows 2000 server, and IE saw the server a strange domain, not
matching the network domain that the IE user was on, and IE default
setting is not to accept cookies from strange domains on the LAN.

On the internet, IE happily accepts the cookies.

Changing the domain of the server, to be part of ( a subdomain) of
notfred.com solved our problem, and suddenly IE accepted cookies (
without any pop up message ), from the subdomain'ed server, and thus the
server was able to create a session for the user after logging in.

Without accepting cookies, IIS is unable to establish a session for the
user.

Hope this helps...

regards

Alan Hemmings
[email]alan@net-catalogue.co.uk[/email]
-powerful yet affordable web hosting, run by a small personal family
business-

“..the dreamers of the day are dangerous men, for they may act out their
dreams with open eyes to make them reality.” T.E. Lawrence (Lawrence of
Arabia)



*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

[Andy Fraser]

Gregory,

It is my understanding that FormsAuthentication.Authenticate authenticates
the username and password against a list held in the web.config file. I need
to authenticate from usernames and passwords held on a database so I thought
that I could not use FormsAuthentication.Authenticate. So I basically do a
SQL query and if I get a valid match, call the code given in my initial
post. Do I need to do something different to get the forms authentication to
work when authenticating from a database rather than web.config ?

Andy

"Cowboy (Gregory A. Beamer)" <NoSpamMgbworld@comcast.netNoSpamM> wrote in
message news:ufk01%236oDHA.688@TK2MSFTNGP10.phx.gbl...

> Try using something like:
>
> string name = NameText.Text;
> string password = PasswordText.Text;
>
> if(FormsAuthentication.Authenticate(name,password) )
> {
> FormsAuthentication.RedirectFromLogonPage(name, false);
> }
>
> NOTE: You do not set the cookie for authentication using Response.Cookies.
> This is why your app is blowing up. You can do the following, if you want

to

> use Response.Redirect:
>
> FormsAuthentication.GetAuthCookie(name, false);
> Response.Redirect("myFavoritePage.aspx");
>
> --
> Gregory A. Beamer
> MVP; MCP: +I, SE, SD, DBA
>
> ************************************************** ********************
> Think Outside the Box!
> ************************************************** ********************
> "Andy Fraser" <news@andyfraser.co.uk> wrote in message
> news:1067895940.781891@ananke.eclipse.net.uk...

> > Hi,
> >
> > I am using forms authentication for a web application I am writing. I

> query

> > a SQL server database to find a matching username and password then

create

> > an encrypted cookie. I then redirect to my main menu page. However, when

I

> > select a menu and try to jump to another page, it keeps taking me back

to

> my

> > logon page ! Can anybody suggest what I am doing wrong, I enclose a

sample

> > of my web.config file and a sample of the code that creates the
> > authentication cookie.
> > Thanks in advance.
> >
> > Andy
> >
> > Web.Config
> >
> > <authentication mode="None">
> > <forms name=".RNWEBAUTH" loginUrl="RNLogon.aspx" protection="All"
> > timeout="60"></forms>
> > </authentication>
> > <authorization>
> > <deny users="?" />
> > <allow users="*" />
> > </authorization>
> >
> > Logon.aspx
> >
> > FormsAuthenticationTicket tkt = new FormsAuthenticationTicket( 1,
> >
> > Username.Text,
> >
> > DateTime.Now,
> >
> > DateTime.Now.AddMinutes( 30 ),
> >
> > false,
> >
> > strAccess,
> >
> > FormsAuthentication.FormsCookiePath );
> > //
> > // Hash the cookie for security
> > //
> > string hash = FormsAuthentication.Encrypt( tkt );
> > HttpCookie ck = new HttpCookie(

> FormsAuthentication.FormsCookieName,hash );

> >
> > //
> > // Add cookie to the response
> > //
> > Response.Cookies.Add( ck );
> > Response.Cookies[ "UserID" ].Value = nUserID.ToString();
> > Response.Cookies[ "UserID" ].Expires = DateTime.MaxValue;
> > Response.Cookies[ "Access" ].Value = strAccess;
> > Response.Cookies[ "Access" ].Expires = DateTime.MaxValue;
> >
> > //
> > // Jump to main menu page
> > //
> > Response.Redirect( strRedirect,true );
> >
> >

>
>

Andy,
The sample IBuySpy portal is an excellent example of
custom forms authentication.
You can use your own code to authenticate the user (check
user credentials) and if the user is valid, just call
FormsAuthentication.RedirectFromLogonPage(name, false);

>-----Original Message-----
>Gregory,
>
>It is my understanding that

FormsAuthentication.Authenticate authenticates

>the username and password against a list held in the

web.config file. I need

>to authenticate from usernames and passwords held on a

database so I thought

>that I could not use FormsAuthentication.Authenticate. So

I basically do a

>SQL query and if I get a valid match, call the code given

in my initial

>post. Do I need to do something different to get the

forms authentication to

>work when authenticating from a database rather than

web.config ?

>
>Andy
>
>"Cowboy (Gregory A. Beamer)"

<NoSpamMgbworld@comcast.netNoSpamM> wrote in

>message news:ufk01%236oDHA.688@TK2MSFTNGP10.phx.gbl...

>> Try using something like:
>>
>> string name = NameText.Text;
>> string password = PasswordText.Text;
>>
>> if(FormsAuthentication.Authenticate(name,password) )
>> {
>> FormsAuthentication.RedirectFromLogonPage(name,

false);

>> }
>>
>> NOTE: You do not set the cookie for authentication

using Response.Cookies.

>> This is why your app is blowing up. You can do the

following, if you want

>to

>> use Response.Redirect:
>>
>> FormsAuthentication.GetAuthCookie(name, false);
>> Response.Redirect("myFavoritePage.aspx");
>>
>> --
>> Gregory A. Beamer
>> MVP; MCP: +I, SE, SD, DBA
>>
>>

************************************************** *********
***********

>> Think Outside the Box!
>>

************************************************** *********
***********

>> "Andy Fraser" <news@andyfraser.co.uk> wrote in message
>> news:1067895940.781891@ananke.eclipse.net.uk...

>> > Hi,
>> >
>> > I am using forms authentication for a web application

I am writing. I

>> query

>> > a SQL server database to find a matching username and

password then

>create

>> > an encrypted cookie. I then redirect to my main menu

page. However, when

>I

>> > select a menu and try to jump to another page, it

keeps taking me back

>to

>> my

>> > logon page ! Can anybody suggest what I am doing

wrong, I enclose a

>sample

>> > of my web.config file and a sample of the code that

creates the

>> > authentication cookie.
>> > Thanks in advance.
>> >
>> > Andy
>> >
>> > Web.Config
>> >
>> > <authentication mode="None">
>> > <forms name=".RNWEBAUTH" loginUrl="RNLogon.aspx"

protection="All"

>> > timeout="60"></forms>
>> > </authentication>
>> > <authorization>
>> > <deny users="?" />
>> > <allow users="*" />
>> > </authorization>
>> >
>> > Logon.aspx
>> >
>> > FormsAuthenticationTicket tkt = new

FormsAuthenticationTicket( 1,

>> >
>> > Username.Text,
>> >
>> > DateTime.Now,
>> >
>> > DateTime.Now.AddMinutes( 30 ),
>> >
>> > false,
>> >
>> > strAccess,
>> >
>> > FormsAuthentication.FormsCookiePath );
>> > //
>> > // Hash the cookie for security
>> > //
>> > string hash = FormsAuthentication.Encrypt( tkt );
>> > HttpCookie ck = new HttpCookie(

>> FormsAuthentication.FormsCookieName,hash );

>> >
>> > //
>> > // Add cookie to the response
>> > //
>> > Response.Cookies.Add( ck );
>> > Response.Cookies[ "UserID" ].Value = nUserID.ToString

();

>> > Response.Cookies[ "UserID" ].Expires =

DateTime.MaxValue;

>> > Response.Cookies[ "Access" ].Value = strAccess;
>> > Response.Cookies[ "Access" ].Expires =

DateTime.MaxValue;

>> >
>> > //
>> > // Jump to main menu page
>> > //
>> > Response.Redirect( strRedirect,true );
>> >
>> >

>>
>>

>
>
>.
>

sorry for separate postings . here is another link that i
thot u might find useful :
[url]http://www.codeproject.com/aspnet/AspNetCustomAuth.asp[/url]

>-----Original Message-----
>Gregory,
>
>It is my understanding that

FormsAuthentication.Authenticate authenticates

>the username and password against a list held in the

web.config file. I need

>to authenticate from usernames and passwords held on a

database so I thought

>that I could not use FormsAuthentication.Authenticate. So

I basically do a

>SQL query and if I get a valid match, call the code given

in my initial

>post. Do I need to do something different to get the

forms authentication to

>work when authenticating from a database rather than

web.config ?

>
>Andy
>
>"Cowboy (Gregory A. Beamer)"

<NoSpamMgbworld@comcast.netNoSpamM> wrote in

>message news:ufk01%236oDHA.688@TK2MSFTNGP10.phx.gbl...

>> Try using something like:
>>
>> string name = NameText.Text;
>> string password = PasswordText.Text;
>>
>> if(FormsAuthentication.Authenticate(name,password) )
>> {
>> FormsAuthentication.RedirectFromLogonPage(name,

false);

>> }
>>
>> NOTE: You do not set the cookie for authentication

using Response.Cookies.

>> This is why your app is blowing up. You can do the

following, if you want

>to

>> use Response.Redirect:
>>
>> FormsAuthentication.GetAuthCookie(name, false);
>> Response.Redirect("myFavoritePage.aspx");
>>
>> --
>> Gregory A. Beamer
>> MVP; MCP: +I, SE, SD, DBA
>>
>>

************************************************** *********
***********

>> Think Outside the Box!
>>

************************************************** *********
***********

>> "Andy Fraser" <news@andyfraser.co.uk> wrote in message
>> news:1067895940.781891@ananke.eclipse.net.uk...

>> > Hi,
>> >
>> > I am using forms authentication for a web application

I am writing. I

>> query

>> > a SQL server database to find a matching username and

password then

>create

>> > an encrypted cookie. I then redirect to my main menu

page. However, when

>I

>> > select a menu and try to jump to another page, it

keeps taking me back

>to

>> my

>> > logon page ! Can anybody suggest what I am doing

wrong, I enclose a

>sample

>> > of my web.config file and a sample of the code that

creates the

>> > authentication cookie.
>> > Thanks in advance.
>> >
>> > Andy
>> >
>> > Web.Config
>> >
>> > <authentication mode="None">
>> > <forms name=".RNWEBAUTH" loginUrl="RNLogon.aspx"

protection="All"

>> > timeout="60"></forms>
>> > </authentication>
>> > <authorization>
>> > <deny users="?" />
>> > <allow users="*" />
>> > </authorization>
>> >
>> > Logon.aspx
>> >
>> > FormsAuthenticationTicket tkt = new

FormsAuthenticationTicket( 1,

>> >
>> > Username.Text,
>> >
>> > DateTime.Now,
>> >
>> > DateTime.Now.AddMinutes( 30 ),
>> >
>> > false,
>> >
>> > strAccess,
>> >
>> > FormsAuthentication.FormsCookiePath );
>> > //
>> > // Hash the cookie for security
>> > //
>> > string hash = FormsAuthentication.Encrypt( tkt );
>> > HttpCookie ck = new HttpCookie(

>> FormsAuthentication.FormsCookieName,hash );

>> >
>> > //
>> > // Add cookie to the response
>> > //
>> > Response.Cookies.Add( ck );
>> > Response.Cookies[ "UserID" ].Value = nUserID.ToString

();

>> > Response.Cookies[ "UserID" ].Expires =

DateTime.MaxValue;

>> > Response.Cookies[ "Access" ].Value = strAccess;
>> > Response.Cookies[ "Access" ].Expires =

DateTime.MaxValue;

>> >
>> > //
>> > // Jump to main menu page
>> > //
>> > Response.Redirect( strRedirect,true );
>> >
>> >

>>
>>

>
>
>.
>