Forms Authentication

[Leonard Rutkowski]

Hi Hernan,
I attempted to do what the article described, and I get 401 errors. I am
doing this on my pc, for now, so I tried removing the IsolateApps, in my
machine.config. I don't want to do ssl yet, so I changed the requireSSL to
false.

"Hernan de Lahitte" wrote:

> Feel free to ask me whatever thing you don't understand in that article or
> if you wish to give me your feedback about what you find confusing, I'll
> appreciate a great.
>
>
> --
> Hernan de Lahitte
> [url]http://weblogs.asp.net/hernandl[/url]
> [url]http://www.lagash.com/english/index.html[/url]
>
> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
> message news:4C74D2CF-01DA-4539-B139-D761BE221CDC@microsoft.com...

> > Hi Hernan,
> > I read this article, and didn't really understand it. I will take another
> > look at it.
> >
> > Thanks,
> > Leonard
> >
> > "Hernan de Lahitte" wrote:
> >

> >> If you want to redirect your users to different virtual directories
> >> though
> >> different applications, you have a SSO (Single Sign On) scenario with
> >> Forms
> >> Authentication therefore I suggest you this post:
> >>
> >> [url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]
> >>
> >> Regards.
> >>
> >> Hernan de Lahitte
> >> [url]http://weblogs.asp.net/hernandl[/url]
> >> [url]http://www.lagash.com/english/index.html[/url]
> >>
> >> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
> >> message news:57B8B42F-3B2C-4F8C-9343-890A2895F005@microsoft.com...
> >> > Hello all,
> >> > I am trying to use Forms authentication. I have got it to work
> >> > successfully, when the login page, and the redirect page are in the
> >> > same
> >> > virtual directory, however, I want to put the login page into a
> >> > separate
> >> > directory. When the user logs in, they will be directed to an
> >> > application,
> >> > that may be different for each user, and these applications will be in
> >> > separate virtual directories. When I try to login, the login page
> >> > returns.
> >> > This seems to indicate that the authorization is not being passed on to
> >> > the
> >> > application.
> >> >
> >> > Here is my code:
> >> > Dim AppLogin As New AppLogin
> >> > If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
> >> > txtUsername.Text, txtPassword.Text) Then
> >> > 'FormsAuthentication.RedirectFromLoginPage("lrutko wski",
> >> > False)
> >> > 'FormsAuthentication.SetAuthCookie("lrutkowski", False)
> >> > Dim authTicket As New FormsAuthenticationTicket(1,
> >> > txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
> >> > "test")
> >> > 'Dim authTicket As New FormsAuthenticationTicket(1,
> >> > "lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False, "test")
> >> > Dim encryptedTicket As String =
> >> > FormsAuthentication.Encrypt(authTicket)
> >> > Dim authCookie As New
> >> > HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
> >> > Response.Cookies.Add(authCookie)
> >> > Response.Redirect("/CustomerService/default.aspx")
> >> > Else
> >> > lblErrorMsg.Text = "Login is invalid"
> >> > End If
> >> >
> >> > and here is my web.config:
> >> >
> >> > <authentication mode="Forms">
> >> > <forms name=".gfdASPXAUTH"
> >> > path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
> >> > protection="All" timeout="30"
> >> > requireSSL="false">
> >> > </forms>
> >> > </authentication>
> >> >
> >> > <!-- AUTHORIZATION
> >> > This section sets the authorization policies of the
> >> > application.
> >> > You can allow or deny access
> >> > to application resources by user or role. Wildcards: "*" mean
> >> > everyone, "?" means anonymous
> >> > (unauthenticated) users.
> >> > -->
> >> > <authorization>
> >> > <deny users="?" />
> >> > <!-- <allow users="*" /> --> <!-- Allow all users -->
> >> > <!-- <allow users="[comma separated list of users]"
> >> > roles="[comma separated list of roles]"/>
> >> > <deny users="[comma separated list of users]"
> >> > roles="[comma separated list of roles]"/>
> >> > -->
> >> > </authorization>
> >> >
> >> >
> >> > Thanks, Leonard
> >> >
> >>
> >>
> >>

>
>
>

[Hernan de Lahitte]

That is an IIS error (Unauthorized -- xxx) and it may be ralated to the
authentication mode (check it out if you have annonymous enabled and may be
NTLM if you wish for debugging).

You may also verify all your web.config files on each application and the
froms section that complies with the article sample
If you wish to give me any further detail about your environment (virtual
folder hierarchy, web.config files to check, etc.) go ahead with that.

Hernan de Lahitte
[url]http://weblogs.asp.net/hernandl[/url]
[url]http://www.lagash.com/english/index.html[/url]

"Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
message news:89C2CECF-418A-45DE-AFBA-3839BBF400AF@microsoft.com...

> Hi Hernan,
> I attempted to do what the article described, and I get 401 errors. I am
> doing this on my pc, for now, so I tried removing the IsolateApps, in my
> machine.config. I don't want to do ssl yet, so I changed the requireSSL
> to
> false.
>
> "Hernan de Lahitte" wrote:
>

>> Feel free to ask me whatever thing you don't understand in that article
>> or
>> if you wish to give me your feedback about what you find confusing, I'll
>> appreciate a great.
>>
>>
>> --
>> Hernan de Lahitte
>> [url]http://weblogs.asp.net/hernandl[/url]
>> [url]http://www.lagash.com/english/index.html[/url]
>>
>> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
>> message news:4C74D2CF-01DA-4539-B139-D761BE221CDC@microsoft.com...

>> > Hi Hernan,
>> > I read this article, and didn't really understand it. I will take
>> > another
>> > look at it.
>> >
>> > Thanks,
>> > Leonard
>> >
>> > "Hernan de Lahitte" wrote:
>> >
>> >> If you want to redirect your users to different virtual directories
>> >> though
>> >> different applications, you have a SSO (Single Sign On) scenario with
>> >> Forms
>> >> Authentication therefore I suggest you this post:
>> >>
>> >> [url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]
>> >>
>> >> Regards.
>> >>
>> >> Hernan de Lahitte
>> >> [url]http://weblogs.asp.net/hernandl[/url]
>> >> [url]http://www.lagash.com/english/index.html[/url]
>> >>
>> >> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote
>> >> in
>> >> message news:57B8B42F-3B2C-4F8C-9343-890A2895F005@microsoft.com...
>> >> > Hello all,
>> >> > I am trying to use Forms authentication. I have got it to work
>> >> > successfully, when the login page, and the redirect page are in the
>> >> > same
>> >> > virtual directory, however, I want to put the login page into a
>> >> > separate
>> >> > directory. When the user logs in, they will be directed to an
>> >> > application,
>> >> > that may be different for each user, and these applications will be
>> >> > in
>> >> > separate virtual directories. When I try to login, the login page
>> >> > returns.
>> >> > This seems to indicate that the authorization is not being passed on
>> >> > to
>> >> > the
>> >> > application.
>> >> >
>> >> > Here is my code:
>> >> > Dim AppLogin As New AppLogin
>> >> > If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
>> >> > txtUsername.Text, txtPassword.Text) Then
>> >> > 'FormsAuthentication.RedirectFromLoginPage("lrutko wski",
>> >> > False)
>> >> > 'FormsAuthentication.SetAuthCookie("lrutkowski", False)
>> >> > Dim authTicket As New FormsAuthenticationTicket(1,
>> >> > txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
>> >> > "test")
>> >> > 'Dim authTicket As New FormsAuthenticationTicket(1,
>> >> > "lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False,
>> >> > "test")
>> >> > Dim encryptedTicket As String =
>> >> > FormsAuthentication.Encrypt(authTicket)
>> >> > Dim authCookie As New
>> >> > HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
>> >> > Response.Cookies.Add(authCookie)
>> >> > Response.Redirect("/CustomerService/default.aspx")
>> >> > Else
>> >> > lblErrorMsg.Text = "Login is invalid"
>> >> > End If
>> >> >
>> >> > and here is my web.config:
>> >> >
>> >> > <authentication mode="Forms">
>> >> > <forms name=".gfdASPXAUTH"
>> >> > path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
>> >> > protection="All" timeout="30"
>> >> > requireSSL="false">
>> >> > </forms>
>> >> > </authentication>
>> >> >
>> >> > <!-- AUTHORIZATION
>> >> > This section sets the authorization policies of the
>> >> > application.
>> >> > You can allow or deny access
>> >> > to application resources by user or role. Wildcards: "*"
>> >> > mean
>> >> > everyone, "?" means anonymous
>> >> > (unauthenticated) users.
>> >> > -->
>> >> > <authorization>
>> >> > <deny users="?" />
>> >> > <!-- <allow users="*" /> --> <!-- Allow all users -->
>> >> > <!-- <allow users="[comma separated list of users]"
>> >> > roles="[comma separated list of
>> >> > roles]"/>
>> >> > <deny users="[comma separated list of users]"
>> >> > roles="[comma separated list of
>> >> > roles]"/>
>> >> > -->
>> >> > </authorization>
>> >> >
>> >> >
>> >> > Thanks, Leonard
>> >> >
>> >>
>> >>
>> >>

>>
>>
>>

[Leonard Rutkowski]

Hi Hernan,
My problem now, if I type the URL for my application, it takes me to that
page, even if I have 'logged out', instead of the login page. How do I
prevent this? I'm not sure how I need to set my IIS. I'm using 5.0 on my
local machine, but I will be using 6.0 when I go to production.

"Hernan de Lahitte" wrote:

> That is an IIS error (Unauthorized -- xxx) and it may be ralated to the
> authentication mode (check it out if you have annonymous enabled and may be
> NTLM if you wish for debugging).
>
> You may also verify all your web.config files on each application and the
> froms section that complies with the article sample
> If you wish to give me any further detail about your environment (virtual
> folder hierarchy, web.config files to check, etc.) go ahead with that.
>
> Hernan de Lahitte
> [url]http://weblogs.asp.net/hernandl[/url]
> [url]http://www.lagash.com/english/index.html[/url]
>
> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
> message news:89C2CECF-418A-45DE-AFBA-3839BBF400AF@microsoft.com...

> > Hi Hernan,
> > I attempted to do what the article described, and I get 401 errors. I am
> > doing this on my pc, for now, so I tried removing the IsolateApps, in my
> > machine.config. I don't want to do ssl yet, so I changed the requireSSL
> > to
> > false.
> >
> > "Hernan de Lahitte" wrote:
> >

> >> Feel free to ask me whatever thing you don't understand in that article
> >> or
> >> if you wish to give me your feedback about what you find confusing, I'll
> >> appreciate a great.
> >>
> >>
> >> --
> >> Hernan de Lahitte
> >> [url]http://weblogs.asp.net/hernandl[/url]
> >> [url]http://www.lagash.com/english/index.html[/url]
> >>
> >> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
> >> message news:4C74D2CF-01DA-4539-B139-D761BE221CDC@microsoft.com...
> >> > Hi Hernan,
> >> > I read this article, and didn't really understand it. I will take
> >> > another
> >> > look at it.
> >> >
> >> > Thanks,
> >> > Leonard
> >> >
> >> > "Hernan de Lahitte" wrote:
> >> >
> >> >> If you want to redirect your users to different virtual directories
> >> >> though
> >> >> different applications, you have a SSO (Single Sign On) scenario with
> >> >> Forms
> >> >> Authentication therefore I suggest you this post:
> >> >>
> >> >> [url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]
> >> >>
> >> >> Regards.
> >> >>
> >> >> Hernan de Lahitte
> >> >> [url]http://weblogs.asp.net/hernandl[/url]
> >> >> [url]http://www.lagash.com/english/index.html[/url]
> >> >>
> >> >> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote
> >> >> in
> >> >> message news:57B8B42F-3B2C-4F8C-9343-890A2895F005@microsoft.com...
> >> >> > Hello all,
> >> >> > I am trying to use Forms authentication. I have got it to work
> >> >> > successfully, when the login page, and the redirect page are in the
> >> >> > same
> >> >> > virtual directory, however, I want to put the login page into a
> >> >> > separate
> >> >> > directory. When the user logs in, they will be directed to an
> >> >> > application,
> >> >> > that may be different for each user, and these applications will be
> >> >> > in
> >> >> > separate virtual directories. When I try to login, the login page
> >> >> > returns.
> >> >> > This seems to indicate that the authorization is not being passed on
> >> >> > to
> >> >> > the
> >> >> > application.
> >> >> >
> >> >> > Here is my code:
> >> >> > Dim AppLogin As New AppLogin
> >> >> > If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
> >> >> > txtUsername.Text, txtPassword.Text) Then
> >> >> > 'FormsAuthentication.RedirectFromLoginPage("lrutko wski",
> >> >> > False)
> >> >> > 'FormsAuthentication.SetAuthCookie("lrutkowski", False)
> >> >> > Dim authTicket As New FormsAuthenticationTicket(1,
> >> >> > txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
> >> >> > "test")
> >> >> > 'Dim authTicket As New FormsAuthenticationTicket(1,
> >> >> > "lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False,
> >> >> > "test")
> >> >> > Dim encryptedTicket As String =
> >> >> > FormsAuthentication.Encrypt(authTicket)
> >> >> > Dim authCookie As New
> >> >> > HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
> >> >> > Response.Cookies.Add(authCookie)
> >> >> > Response.Redirect("/CustomerService/default.aspx")
> >> >> > Else
> >> >> > lblErrorMsg.Text = "Login is invalid"
> >> >> > End If
> >> >> >
> >> >> > and here is my web.config:
> >> >> >
> >> >> > <authentication mode="Forms">
> >> >> > <forms name=".gfdASPXAUTH"
> >> >> > path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
> >> >> > protection="All" timeout="30"
> >> >> > requireSSL="false">
> >> >> > </forms>
> >> >> > </authentication>
> >> >> >
> >> >> > <!-- AUTHORIZATION
> >> >> > This section sets the authorization policies of the
> >> >> > application.
> >> >> > You can allow or deny access
> >> >> > to application resources by user or role. Wildcards: "*"
> >> >> > mean
> >> >> > everyone, "?" means anonymous
> >> >> > (unauthenticated) users.
> >> >> > -->
> >> >> > <authorization>
> >> >> > <deny users="?" />
> >> >> > <!-- <allow users="*" /> --> <!-- Allow all users -->
> >> >> > <!-- <allow users="[comma separated list of users]"
> >> >> > roles="[comma separated list of
> >> >> > roles]"/>
> >> >> > <deny users="[comma separated list of users]"
> >> >> > roles="[comma separated list of
> >> >> > roles]"/>
> >> >> > -->
> >> >> > </authorization>
> >> >> >
> >> >> >
> >> >> > Thanks, Leonard
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>

>
>
>

[Leonard Rutkowski]

Hi Hernan,
As additional information, if I have Integrated Windows authentication and
Anonymous turned on, for my application, then my login button takes me back
to the login page, If I have integrated windows authentication turned off,
then it does not. In either case, I am still 'logged in', and can type the
application url and it will take me into the application. I guess my logout
is not working.

Sub btnLogoff_Click(ByVal sender As Object, ByVal e As EventArgs)
Handles btnLogoff.Click
FormsAuthentication.SignOut()
Response.Redirect("/PortalLogin/PortalLogin.aspx", True)
End Sub


"Hernan de Lahitte" wrote:

> That is an IIS error (Unauthorized -- xxx) and it may be ralated to the
> authentication mode (check it out if you have annonymous enabled and may be
> NTLM if you wish for debugging).
>
> You may also verify all your web.config files on each application and the
> froms section that complies with the article sample
> If you wish to give me any further detail about your environment (virtual
> folder hierarchy, web.config files to check, etc.) go ahead with that.
>
> Hernan de Lahitte
> [url]http://weblogs.asp.net/hernandl[/url]
> [url]http://www.lagash.com/english/index.html[/url]
>
> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
> message news:89C2CECF-418A-45DE-AFBA-3839BBF400AF@microsoft.com...

> > Hi Hernan,
> > I attempted to do what the article described, and I get 401 errors. I am
> > doing this on my pc, for now, so I tried removing the IsolateApps, in my
> > machine.config. I don't want to do ssl yet, so I changed the requireSSL
> > to
> > false.
> >
> > "Hernan de Lahitte" wrote:
> >

> >> Feel free to ask me whatever thing you don't understand in that article
> >> or
> >> if you wish to give me your feedback about what you find confusing, I'll
> >> appreciate a great.
> >>
> >>
> >> --
> >> Hernan de Lahitte
> >> [url]http://weblogs.asp.net/hernandl[/url]
> >> [url]http://www.lagash.com/english/index.html[/url]
> >>
> >> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
> >> message news:4C74D2CF-01DA-4539-B139-D761BE221CDC@microsoft.com...
> >> > Hi Hernan,
> >> > I read this article, and didn't really understand it. I will take
> >> > another
> >> > look at it.
> >> >
> >> > Thanks,
> >> > Leonard
> >> >
> >> > "Hernan de Lahitte" wrote:
> >> >
> >> >> If you want to redirect your users to different virtual directories
> >> >> though
> >> >> different applications, you have a SSO (Single Sign On) scenario with
> >> >> Forms
> >> >> Authentication therefore I suggest you this post:
> >> >>
> >> >> [url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]
> >> >>
> >> >> Regards.
> >> >>
> >> >> Hernan de Lahitte
> >> >> [url]http://weblogs.asp.net/hernandl[/url]
> >> >> [url]http://www.lagash.com/english/index.html[/url]
> >> >>
> >> >> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote
> >> >> in
> >> >> message news:57B8B42F-3B2C-4F8C-9343-890A2895F005@microsoft.com...
> >> >> > Hello all,
> >> >> > I am trying to use Forms authentication. I have got it to work
> >> >> > successfully, when the login page, and the redirect page are in the
> >> >> > same
> >> >> > virtual directory, however, I want to put the login page into a
> >> >> > separate
> >> >> > directory. When the user logs in, they will be directed to an
> >> >> > application,
> >> >> > that may be different for each user, and these applications will be
> >> >> > in
> >> >> > separate virtual directories. When I try to login, the login page
> >> >> > returns.
> >> >> > This seems to indicate that the authorization is not being passed on
> >> >> > to
> >> >> > the
> >> >> > application.
> >> >> >
> >> >> > Here is my code:
> >> >> > Dim AppLogin As New AppLogin
> >> >> > If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
> >> >> > txtUsername.Text, txtPassword.Text) Then
> >> >> > 'FormsAuthentication.RedirectFromLoginPage("lrutko wski",
> >> >> > False)
> >> >> > 'FormsAuthentication.SetAuthCookie("lrutkowski", False)
> >> >> > Dim authTicket As New FormsAuthenticationTicket(1,
> >> >> > txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
> >> >> > "test")
> >> >> > 'Dim authTicket As New FormsAuthenticationTicket(1,
> >> >> > "lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False,
> >> >> > "test")
> >> >> > Dim encryptedTicket As String =
> >> >> > FormsAuthentication.Encrypt(authTicket)
> >> >> > Dim authCookie As New
> >> >> > HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
> >> >> > Response.Cookies.Add(authCookie)
> >> >> > Response.Redirect("/CustomerService/default.aspx")
> >> >> > Else
> >> >> > lblErrorMsg.Text = "Login is invalid"
> >> >> > End If
> >> >> >
> >> >> > and here is my web.config:
> >> >> >
> >> >> > <authentication mode="Forms">
> >> >> > <forms name=".gfdASPXAUTH"
> >> >> > path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
> >> >> > protection="All" timeout="30"
> >> >> > requireSSL="false">
> >> >> > </forms>
> >> >> > </authentication>
> >> >> >
> >> >> > <!-- AUTHORIZATION
> >> >> > This section sets the authorization policies of the
> >> >> > application.
> >> >> > You can allow or deny access
> >> >> > to application resources by user or role. Wildcards: "*"
> >> >> > mean
> >> >> > everyone, "?" means anonymous
> >> >> > (unauthenticated) users.
> >> >> > -->
> >> >> > <authorization>
> >> >> > <deny users="?" />
> >> >> > <!-- <allow users="*" /> --> <!-- Allow all users -->
> >> >> > <!-- <allow users="[comma separated list of users]"
> >> >> > roles="[comma separated list of
> >> >> > roles]"/>
> >> >> > <deny users="[comma separated list of users]"
> >> >> > roles="[comma separated list of
> >> >> > roles]"/>
> >> >> > -->
> >> >> > </authorization>
> >> >> >
> >> >> >
> >> >> > Thanks, Leonard
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>

>
>
>

[Hernan de Lahitte]

It seems that your Forms auth settings in your application's web.config is
not working as expected.
First of all, the IIS security setting is just for debugging purposes when
using Forms auth in ASP.NET (annon+NTLM checked for debugging in VS, and
annon only checked for your production environment).
Recall that each one of your applications should have its OWN Forms auth
setting in its OWN web.config file and the authorization section configured
to protect the folders of the Forms auth scope.
BTW, don't forget to configure your machineKey setting (per app or per
machine) without the IsolateApps attribute, just leave the AutoGenerate
value if all your apps are on the same box.

If the scope is for ALL the application, this should be your setting:

<authorization>
<deny users="?" />
</authorization>

If you want to protect just one folder of your app, follow this sample (this
should be the scenario for public and secured zones (SSL usage suggested)
in one app):

(This should go outside of your <system.web>

<location path="YourProtectedFolder" >
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

--
Hernan de Lahitte
[url]http://weblogs.asp.net/hernandl[/url]
[url]http://www.lagash.com/english/index.html[/url]

"Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
message news:B64BFBEB-CA9A-4A9B-B389-56F4F0B73405@microsoft.com...

> Hi Hernan,
> As additional information, if I have Integrated Windows authentication and
> Anonymous turned on, for my application, then my login button takes me
> back
> to the login page, If I have integrated windows authentication turned
> off,
> then it does not. In either case, I am still 'logged in', and can type
> the
> application url and it will take me into the application. I guess my
> logout
> is not working.
>
> Sub btnLogoff_Click(ByVal sender As Object, ByVal e As EventArgs)
> Handles btnLogoff.Click
> FormsAuthentication.SignOut()
> Response.Redirect("/PortalLogin/PortalLogin.aspx", True)
> End Sub
>
>
> "Hernan de Lahitte" wrote:
>

>> That is an IIS error (Unauthorized -- xxx) and it may be ralated to the
>> authentication mode (check it out if you have annonymous enabled and may
>> be
>> NTLM if you wish for debugging).
>>
>> You may also verify all your web.config files on each application and the
>> froms section that complies with the article sample
>> If you wish to give me any further detail about your environment (virtual
>> folder hierarchy, web.config files to check, etc.) go ahead with that.
>>
>> Hernan de Lahitte
>> [url]http://weblogs.asp.net/hernandl[/url]
>> [url]http://www.lagash.com/english/index.html[/url]
>>
>> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
>> message news:89C2CECF-418A-45DE-AFBA-3839BBF400AF@microsoft.com...

>> > Hi Hernan,
>> > I attempted to do what the article described, and I get 401 errors. I
>> > am
>> > doing this on my pc, for now, so I tried removing the IsolateApps, in
>> > my
>> > machine.config. I don't want to do ssl yet, so I changed the
>> > requireSSL
>> > to
>> > false.
>> >
>> > "Hernan de Lahitte" wrote:
>> >
>> >> Feel free to ask me whatever thing you don't understand in that
>> >> article
>> >> or
>> >> if you wish to give me your feedback about what you find confusing,
>> >> I'll
>> >> appreciate a great.
>> >>
>> >>
>> >> --
>> >> Hernan de Lahitte
>> >> [url]http://weblogs.asp.net/hernandl[/url]
>> >> [url]http://www.lagash.com/english/index.html[/url]
>> >>
>> >> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote
>> >> in
>> >> message news:4C74D2CF-01DA-4539-B139-D761BE221CDC@microsoft.com...
>> >> > Hi Hernan,
>> >> > I read this article, and didn't really understand it. I will take
>> >> > another
>> >> > look at it.
>> >> >
>> >> > Thanks,
>> >> > Leonard
>> >> >
>> >> > "Hernan de Lahitte" wrote:
>> >> >
>> >> >> If you want to redirect your users to different virtual directories
>> >> >> though
>> >> >> different applications, you have a SSO (Single Sign On) scenario
>> >> >> with
>> >> >> Forms
>> >> >> Authentication therefore I suggest you this post:
>> >> >>
>> >> >> [url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]
>> >> >>
>> >> >> Regards.
>> >> >>
>> >> >> Hernan de Lahitte
>> >> >> [url]http://weblogs.asp.net/hernandl[/url]
>> >> >> [url]http://www.lagash.com/english/index.html[/url]
>> >> >>
>> >> >> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com>
>> >> >> wrote
>> >> >> in
>> >> >> message news:57B8B42F-3B2C-4F8C-9343-890A2895F005@microsoft.com...
>> >> >> > Hello all,
>> >> >> > I am trying to use Forms authentication. I have got it to work
>> >> >> > successfully, when the login page, and the redirect page are in
>> >> >> > the
>> >> >> > same
>> >> >> > virtual directory, however, I want to put the login page into a
>> >> >> > separate
>> >> >> > directory. When the user logs in, they will be directed to an
>> >> >> > application,
>> >> >> > that may be different for each user, and these applications will
>> >> >> > be
>> >> >> > in
>> >> >> > separate virtual directories. When I try to login, the login
>> >> >> > page
>> >> >> > returns.
>> >> >> > This seems to indicate that the authorization is not being passed
>> >> >> > on
>> >> >> > to
>> >> >> > the
>> >> >> > application.
>> >> >> >
>> >> >> > Here is my code:
>> >> >> > Dim AppLogin As New AppLogin
>> >> >> > If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
>> >> >> > txtUsername.Text, txtPassword.Text) Then
>> >> >> >
>> >> >> > 'FormsAuthentication.RedirectFromLoginPage("lrutko wski",
>> >> >> > False)
>> >> >> > 'FormsAuthentication.SetAuthCookie("lrutkowski",
>> >> >> > False)
>> >> >> > Dim authTicket As New FormsAuthenticationTicket(1,
>> >> >> > txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60),
>> >> >> > False,
>> >> >> > "test")
>> >> >> > 'Dim authTicket As New FormsAuthenticationTicket(1,
>> >> >> > "lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False,
>> >> >> > "test")
>> >> >> > Dim encryptedTicket As String =
>> >> >> > FormsAuthentication.Encrypt(authTicket)
>> >> >> > Dim authCookie As New
>> >> >> > HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
>> >> >> > Response.Cookies.Add(authCookie)
>> >> >> > Response.Redirect("/CustomerService/default.aspx")
>> >> >> > Else
>> >> >> > lblErrorMsg.Text = "Login is invalid"
>> >> >> > End If
>> >> >> >
>> >> >> > and here is my web.config:
>> >> >> >
>> >> >> > <authentication mode="Forms">
>> >> >> > <forms name=".gfdASPXAUTH"
>> >> >> > path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
>> >> >> > protection="All" timeout="30"
>> >> >> > requireSSL="false">
>> >> >> > </forms>
>> >> >> > </authentication>
>> >> >> >
>> >> >> > <!-- AUTHORIZATION
>> >> >> > This section sets the authorization policies of the
>> >> >> > application.
>> >> >> > You can allow or deny access
>> >> >> > to application resources by user or role. Wildcards: "*"
>> >> >> > mean
>> >> >> > everyone, "?" means anonymous
>> >> >> > (unauthenticated) users.
>> >> >> > -->
>> >> >> > <authorization>
>> >> >> > <deny users="?" />
>> >> >> > <!-- <allow users="*" /> --> <!-- Allow all users -->
>> >> >> > <!-- <allow users="[comma separated list of
>> >> >> > users]"
>> >> >> > roles="[comma separated list of
>> >> >> > roles]"/>
>> >> >> > <deny users="[comma separated list of
>> >> >> > users]"
>> >> >> > roles="[comma separated list of
>> >> >> > roles]"/>
>> >> >> > -->
>> >> >> > </authorization>
>> >> >> >
>> >> >> >
>> >> >> > Thanks, Leonard
>> >> >> >
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>

>>
>>
>>