Forms Authentication

Boris Condarco · Boris Condarco

Hi,

I am working with forms authentication, so when the user leaves the
application pushing the exit option the program execute the following
instrucctions:

FormsAuthentication.SignOut()
Response.Redirect("login.aspx")

but, when the user leaves the application pushing the close button of the
navigator (placed at the right top of the screen) the instrucctions won't be
executed.

Is there any way to catch this event in order to make the execution of the
above instructions ??

I would really appreciate your helping me...!

Thanks in advance....!

Boris

Jim Cheshire · Jim Cheshire

Boris,

That's a client-side event (onunload of the <body>) that you would capture,
and since HTTP is connectionless, you won't be able to run your code. You
can do it by having a client-side event take you to an ASPX page that runs
code to sign the user out, but you wouldn't want to do that because it
would run when the user navigates away from the page as well.

You're not going to be able to do this. You cannot rely on the Session_End
firing when the user closes the browser. In fact, it won't. It will only
fire when the session expires or if you call Session.Abandon.

Jim Cheshire
Developer Support
ASP.NET
[email]jamesche@online.microsoft.com[/email]

This post is provided as-is with no warranties and confers no rights.

--------------------

>Reply-To: "Boris Condarco" <bcondarco@sbef.gov.bo>
>From: "Boris Condarco" <bcondarco@sbef.gov.bo>
>Subject: Forms Authentication
>Date: Tue, 29 Jul 2003 15:00:05 -0400
>Lines: 23
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2720.3000
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
>Message-ID: <uSHgqcgVDHA.532@TK2MSFTNGP09.phx.gbl>
>Newsgroups: microsoft.public.dotnet.framework.aspnet
>NNTP-Posting-Host: 166.114.44.250
>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP09.phx.gbl
>Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:163109
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
>
>Hi,
>
>I am working with forms authentication, so when the user leaves the
>application pushing the exit option the program execute the following
>instrucctions:
>
>FormsAuthentication.SignOut()
>Response.Redirect("login.aspx")
>
>but, when the user leaves the application pushing the close button of the
>navigator (placed at the right top of the screen) the instrucctions won't

be

>executed.
>
>Is there any way to catch this event in order to make the execution of the
>above instructions ??
>
>I would really appreciate your helping me...!
>
>Thanks in advance....!
>
>Boris
>
>
>

Boris Condarco · Boris Condarco

Thanks a lot guys for helping me to clear the concepts above

"Jim Cheshire (MS)" <jamesche@online.microsoft.com> wrote in message
news:YtIAMGhVDHA.1800@cpmsftngxa06.phx.gbl...

> Boris,
>
> That's a client-side event (onunload of the <body>) that you would

capture,

> and since HTTP is connectionless, you won't be able to run your code. You
> can do it by having a client-side event take you to an ASPX page that runs
> code to sign the user out, but you wouldn't want to do that because it
> would run when the user navigates away from the page as well.
>
> You're not going to be able to do this. You cannot rely on the

Session_End

> firing when the user closes the browser. In fact, it won't. It will only
> fire when the session expires or if you call Session.Abandon.
>
> Jim Cheshire
> Developer Support
> ASP.NET
> [email]jamesche@online.microsoft.com[/email]
>
> This post is provided as-is with no warranties and confers no rights.
>
> --------------------

> >Reply-To: "Boris Condarco" <bcondarco@sbef.gov.bo>
> >From: "Boris Condarco" <bcondarco@sbef.gov.bo>
> >Subject: Forms Authentication
> >Date: Tue, 29 Jul 2003 15:00:05 -0400
> >Lines: 23
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >X-Newsreader: Microsoft Outlook Express 6.00.2720.3000
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> >Message-ID: <uSHgqcgVDHA.532@TK2MSFTNGP09.phx.gbl>
> >Newsgroups: microsoft.public.dotnet.framework.aspnet
> >NNTP-Posting-Host: 166.114.44.250
> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP09.phx.gbl
> >Xref: cpmsftngxa06.phx.gbl

microsoft.public.dotnet.framework.aspnet:163109

> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
> >
> >Hi,
> >
> >I am working with forms authentication, so when the user leaves the
> >application pushing the exit option the program execute the following
> >instrucctions:
> >
> >FormsAuthentication.SignOut()
> >Response.Redirect("login.aspx")
> >
> >but, when the user leaves the application pushing the close button of the
> >navigator (placed at the right top of the screen) the instrucctions won't

> be

> >executed.
> >
> >Is there any way to catch this event in order to make the execution of

the

> >above instructions ??
> >
> >I would really appreciate your helping me...!
> >
> >Thanks in advance....!
> >
> >Boris
> >
> >
> >

>

Gustavo Mateus · Gustavo Mateus

I'm beggining to migrate one of my asp apps to asp.net but i'm stuck at
some security issues.
My asp application has a custom made auth method (roles, permissions, ip
deny, etc) and I'm thinking to mantain the same base on .net, but I
don't know why, i'm not feeling safe with the FORMS Authentication.

My question is:

Is it fully secure for me to build my entire application based on this
Authentication?

PS. Windows and passport do not combine with the hosting server.

KaaN · KaaN

hi,

two people can login to yahoo on the same computer on seperate browser
windows. first one logins using a browser window and then the other
one opens another explorer window and logins. two windows can be open
simultaniously. maybe this is not secure but the two can be very good
friends or a couple :))

my problem is, can we do this with forms authentication in asp.net.
whenever i do this, all user identities turns to the one that lastly
logged in.
how can i solve this.

i know that yahoo uses some kind of forms authentication.

KaaN
[email]kaan.oezturk@spdata.de[/email]
[url]www.spdata.de[/url]

Dotnet beginner · Dotnet beginner

I have set up forms authentication for my web application.
I have several subdirectories inside a main directory and
I have forms authentication for each of my sub directories.

In the logon page when the user is authenticated, I have

FormsAuthentication.RedirectFromLoginPage(txtLogon id.Text,
False)

And in the web.config files of my subdirectory, I have
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="../Default.aspx" timeout="20"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>

-------------------------

This works absolutely fine without any problems. When I
deployed my entire app to a new server, I started getting
problems. When I click a link to the subdirectory, it
redirects me to a logon page, which means I'm not
authorized.

Does this mean that my Authentication ticket has not been
created or what? I do not understand. The same copy of the
application still works fine in my old server. Do I have
to change any settings in my new server?

Any help is appreciated.

Thanks,
Sudhir.

Hi DotNet Beginner
I don't have a solution on your problem but I still want
to answer because it's a problem that no one want to
answer. I have had almost the same problem since this
summer and I've written 3 messages about the problem here
and no answer. I have a good working website with
framework 1.0. When I update to version 1.1 I get the
same problem as you. If i degrade to 1.0 it works again.
The big problem came when I started to use Visual Studio
2003. No I'm unable to work on my projects because I must
have framework ver 1.1.I don't know if you have ver 1.1
on your new server but that can be the problem!

I hope someone read our messages and come to our help.
/Arne

>-----Original Message-----
>I have set up forms authentication for my web

application.

>I have several subdirectories inside a main directory

and

>I have forms authentication for each of my sub

directories.

>
>In the logon page when the user is authenticated, I have
>
>FormsAuthentication.RedirectFromLoginPage

(txtLogonid.Text,

>False)
>
>And in the web.config files of my subdirectory, I have
> <authentication mode="Forms">
> <forms name=".ASPXAUTH"
>loginUrl="../Default.aspx" timeout="20"/>
> </authentication>
> <authorization>
> <deny users="?" />
> </authorization>
>
>-------------------------
>
>This works absolutely fine without any problems. When I
>deployed my entire app to a new server, I started

getting

>problems. When I click a link to the subdirectory, it
>redirects me to a logon page, which means I'm not
>authorized.
>
>Does this mean that my Authentication ticket has not

been

>created or what? I do not understand. The same copy of

the

>application still works fine in my old server. Do I have
>to change any settings in my new server?
>
>Any help is appreciated.
>
>Thanks,
>Sudhir.
>
>
>.
>

slawek xxxxx · slawek xxxxx

Hello everyone,

I have found a problem with form authentication method that I can't
solve. The problem is:

I want to use a form authentication in my application, so i set :
<authentication mode="Forms">
,and
<forms name="LoginForm" loginUrl="SM_LoginPage.aspx" protection="All">

but the structure of my application folders is following:

root
|
+CommonPages
| + loginPage.aspx
|
+SysPages
| + Sys1Pages
| | +Page1.aspx
| + Sys2Pages
| +Page2.aspx
+ OtherPages
+ Page3.asp

Because of this structure the relative path of LoginPage.aspx is
diffrent for Page1.aspx(../../CommonPages/loginPage.aspx) and Page for
page3.aspx(../CommonPages/loginPage.aspx). I have to set this path in
web.config and I want to use relative path (not [url]http://.[/url]....). Is there
any way to do this?? (sth like {root}//CommonPages/loginPage.aspx)??
Thanks for any help

Best Regards
Slawek

*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

Tony · Tony

I wonder if anyone can help.

We have web application using Forms Authentication that works
perfectly ok in all environments, but in the production environment
the forms authentication isn't timing out and returning the user to a
login screen. Instead it tries to load the requested page and falls
over on a multiple control id. Remember these errors don't happen in
the Development and Testing environments.

Another interesting point is, if I set the persistence of the cookie
to true it doesn't write the cookie. The application continues to
work, but obviously doesn't remember the user on a return (as the
cookie isn't there). This happens in all environments.

Event logs show no indication of the worker process being recycled and
everthing seems to be ok.

Any ideas or suggestions?

Svein Terje Gaup · Svein Terje Gaup

Regarding your second issue, the one with the persist that doesn't work. I
stumbled into the same issue working my way through this example:
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT04.asp[/url]

The example itself does not offer persisance of the logon cookie, so I tried
to extend it. The only way to set any kind of persistance is by setting it
inside the Global.asax.cs "Application_AuthnenticateRequest" event handler.

In the Logon-button click-event handler, I create a xml document which I
store inside the FormsAuthenticationTicket. The xml document contains a
value indicating wether to persist the cookie or not. If true, I set the
"Expiration" of the cookie to 365 days from now, and then replace updated
values into the cookie:

//Reset the expiration of the cookie
if(persist) {
authCookie.Expires = DateTime.Now.AddDays(365); }
//Replace updated cookie into Response
Context.Response.Cookies.Set(authCookie);

You may download the complete code from here:
[url]http://www.geocities.com/gaupen/NETStuff.htm[/url]
The example is called "GenericPrincipalApp".

Your first problem is trickier, and I'm sorry to say I can't offer you much
help from the description you have given. What do you mean by "a multiple
control id"? Do you have the exact error message? Could you perhaps show
some code samples?

Perhaps you could check for a valid authentication cookie in
Application_AuthnenticateRequest, and do a "FormsAuthentication.Logout()" if
there isn't one.

Sincerely
Svein Terje Gaup

"Tony" <questions@resolutionsnet.co.uk> wrote in message
news:bbbbb773.0405290212.71bb6f74@posting.google.c om...

> I wonder if anyone can help.
>
> We have web application using Forms Authentication that works
> perfectly ok in all environments, but in the production environment
> the forms authentication isn't timing out and returning the user to a
> login screen. Instead it tries to load the requested page and falls
> over on a multiple control id. Remember these errors don't happen in
> the Development and Testing environments.
>
> Another interesting point is, if I set the persistence of the cookie
> to true it doesn't write the cookie. The application continues to
> work, but obviously doesn't remember the user on a return (as the
> cookie isn't there). This happens in all environments.
>
> Event logs show no indication of the worker process being recycled and
> everthing seems to be ok.
>
> Any ideas or suggestions?

Gopi · Gopi

How to exclude an aspx page from the Forms authentication of a asp.net web application. It means when ever user requests for that page it should not redirect the request to a logon page to collect credentials.
I have forgot password page which needs to be accessed by the user without authentication. pls let me know how to do this

TI
-Gopi

ranganh · ranganh

Dear Gopi

In the web.config of the root folder (where you have specified the authentication mode), just specify the followin

<location path="ForgotPassword Page"><system.web><authorization><allow users="*" /></authorization></system.web></location

hope it helps

----- Gopi wrote: ----

How to exclude an aspx page from the Forms authentication of a asp.net web application. It means when ever user requests for that page it should not redirect the request to a logon page to collect credentials.
I have forgot password page which needs to be accessed by the user without authentication. pls let me know how to do this

TI
-Gopi

Norm · Norm

Is it possible to authenticate only a certain page or set of pages within an
ASP.NET application that are all in the same folder? In other words, I have a
web directory that contains multiple ASPX pages, but I only want to
authenticate on one of the pages.

Is it possible to set up the wbe.config file in such a way? I do not want to
have to resort to putting the one page I want to authenticate on into a
different subfolder with its own web.config file.

Paul Clement · Paul Clement

On Tue, 5 Oct 2004 06:59:07 -0700, "Norm" <Norm@discussions.microsoft.com> wrote:

¤ Is it possible to authenticate only a certain page or set of pages within an
¤ ASP.NET application that are all in the same folder? In other words, I have a
¤ web directory that contains multiple ASPX pages, but I only want to
¤ authenticate on one of the pages.
¤
¤ Is it possible to set up the wbe.config file in such a way? I do not want to
¤ have to resort to putting the one page I want to authenticate on into a
¤ different subfolder with its own web.config file.

I would take a look at the below article. It demonstrates how to use Forms based authentication for
selected pages:

[url]http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/default.aspx[/url]

Paul ~~~ [email]pclement@ameritech.net[/email]
Microsoft MVP (Visual Basic)

Norm · Norm

Thanks, Paul.

"Paul Clement" wrote:

> On Tue, 5 Oct 2004 06:59:07 -0700, "Norm" <Norm@discussions.microsoft.com> wrote:
>
> Â¤ Is it possible to authenticate only a certain page or set of pages within an
> Â¤ ASP.NET application that are all in the same folder? In other words, I have a
> Â¤ web directory that contains multiple ASPX pages, but I only want to
> Â¤ authenticate on one of the pages.
> Â¤
> Â¤ Is it possible to set up the wbe.config file in such a way? I do not want to
> Â¤ have to resort to putting the one page I want to authenticate on into a
> Â¤ different subfolder with its own web.config file.
>
> I would take a look at the below article. It demonstrates how to use Forms based authentication for
> selected pages:
>
> [url]http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/default.aspx[/url]
>
>
> Paul ~~~ [email]pclement@ameritech.net[/email]
> Microsoft MVP (Visual Basic)
>

lohara · lohara

I have two separate functionalities within the same site. I would like to
use forms authentication and redirect to two separate pages if the user does
not pass the authentication (authentication for one functionality is by
password and the other is by passed in site id). I see that forms
authentication can not be set up in sub directories, it can only be done in
the applicaion web.config. Is there any way around this limitation or do I
have to set up two different sites?

Any help appreciated.

Thanks,
Lloyd

Leonard Rutkowski · Leonard Rutkowski

Hello all,
I am trying to use Forms authentication. I have got it to work
successfully, when the login page, and the redirect page are in the same
virtual directory, however, I want to put the login page into a separate
directory. When the user logs in, they will be directed to an application,
that may be different for each user, and these applications will be in
separate virtual directories. When I try to login, the login page returns.
This seems to indicate that the authorization is not being passed on to the
application.

Here is my code:
Dim AppLogin As New AppLogin
If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
txtUsername.Text, txtPassword.Text) Then
'FormsAuthentication.RedirectFromLoginPage("lrutko wski", False)
'FormsAuthentication.SetAuthCookie("lrutkowski", False)
Dim authTicket As New FormsAuthenticationTicket(1,
txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False, "test")
'Dim authTicket As New FormsAuthenticationTicket(1,
"lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False, "test")
Dim encryptedTicket As String =
FormsAuthentication.Encrypt(authTicket)
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
Response.Cookies.Add(authCookie)
Response.Redirect("/CustomerService/default.aspx")
Else
lblErrorMsg.Text = "Login is invalid"
End If

and here is my web.config:

<authentication mode="Forms">
<forms name=".gfdASPXAUTH"
path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
protection="All" timeout="30"
requireSSL="false">
</forms>
</authentication>


<authorization>
<deny users="?" />
 

</authorization>

Thanks, Leonard

Hernan de Lahitte · Hernan de Lahitte

If you want to redirect your users to different virtual directories though
different applications, you have a SSO (Single Sign On) scenario with Forms
Authentication therefore I suggest you this post:

[url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]

Regards.

Hernan de Lahitte
[url]http://weblogs.asp.net/hernandl[/url]
[url]http://www.lagash.com/english/index.html[/url]

"Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
message news:57B8B42F-3B2C-4F8C-9343-890A2895F005@microsoft.com...

> Hello all,
> I am trying to use Forms authentication. I have got it to work
> successfully, when the login page, and the redirect page are in the same
> virtual directory, however, I want to put the login page into a separate
> directory. When the user logs in, they will be directed to an
> application,
> that may be different for each user, and these applications will be in
> separate virtual directories. When I try to login, the login page
> returns.
> This seems to indicate that the authorization is not being passed on to
> the
> application.
>
> Here is my code:
> Dim AppLogin As New AppLogin
> If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
> txtUsername.Text, txtPassword.Text) Then
> 'FormsAuthentication.RedirectFromLoginPage("lrutko wski", False)
> 'FormsAuthentication.SetAuthCookie("lrutkowski", False)
> Dim authTicket As New FormsAuthenticationTicket(1,
> txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
> "test")
> 'Dim authTicket As New FormsAuthenticationTicket(1,
> "lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False, "test")
> Dim encryptedTicket As String =
> FormsAuthentication.Encrypt(authTicket)
> Dim authCookie As New
> HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
> Response.Cookies.Add(authCookie)
> Response.Redirect("/CustomerService/default.aspx")
> Else
> lblErrorMsg.Text = "Login is invalid"
> End If
>
> and here is my web.config:
>
> <authentication mode="Forms">
> <forms name=".gfdASPXAUTH"
> path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
> protection="All" timeout="30"
> requireSSL="false">
> </forms>
> </authentication>
>
> 
> <authorization>
> <deny users="?" />
>  
> 
> </authorization>
>
>
> Thanks, Leonard
>

Leonard Rutkowski · Leonard Rutkowski

Hi Hernan,
I read this article, and didn't really understand it. I will take another
look at it.

Thanks,
Leonard

"Hernan de Lahitte" wrote:

> If you want to redirect your users to different virtual directories though
> different applications, you have a SSO (Single Sign On) scenario with Forms
> Authentication therefore I suggest you this post:
>
> [url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]
>
> Regards.
>
> Hernan de Lahitte
> [url]http://weblogs.asp.net/hernandl[/url]
> [url]http://www.lagash.com/english/index.html[/url]
>
> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
> message news:57B8B42F-3B2C-4F8C-9343-890A2895F005@microsoft.com...

> > Hello all,
> > I am trying to use Forms authentication. I have got it to work
> > successfully, when the login page, and the redirect page are in the same
> > virtual directory, however, I want to put the login page into a separate
> > directory. When the user logs in, they will be directed to an
> > application,
> > that may be different for each user, and these applications will be in
> > separate virtual directories. When I try to login, the login page
> > returns.
> > This seems to indicate that the authorization is not being passed on to
> > the
> > application.
> >
> > Here is my code:
> > Dim AppLogin As New AppLogin
> > If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
> > txtUsername.Text, txtPassword.Text) Then
> > 'FormsAuthentication.RedirectFromLoginPage("lrutko wski", False)
> > 'FormsAuthentication.SetAuthCookie("lrutkowski", False)
> > Dim authTicket As New FormsAuthenticationTicket(1,
> > txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
> > "test")
> > 'Dim authTicket As New FormsAuthenticationTicket(1,
> > "lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False, "test")
> > Dim encryptedTicket As String =
> > FormsAuthentication.Encrypt(authTicket)
> > Dim authCookie As New
> > HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
> > Response.Cookies.Add(authCookie)
> > Response.Redirect("/CustomerService/default.aspx")
> > Else
> > lblErrorMsg.Text = "Login is invalid"
> > End If
> >
> > and here is my web.config:
> >
> > <authentication mode="Forms">
> > <forms name=".gfdASPXAUTH"
> > path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
> > protection="All" timeout="30"
> > requireSSL="false">
> > </forms>
> > </authentication>
> >
> > 
> > <authorization>
> > <deny users="?" />
> >  
> > 
> > </authorization>
> >
> >
> > Thanks, Leonard
> >

>
>
>

Hernan de Lahitte · Hernan de Lahitte

Feel free to ask me whatever thing you don't understand in that article or
if you wish to give me your feedback about what you find confusing, I'll
appreciate a great.

--
Hernan de Lahitte
[url]http://weblogs.asp.net/hernandl[/url]
[url]http://www.lagash.com/english/index.html[/url]

"Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
message news:4C74D2CF-01DA-4539-B139-D761BE221CDC@microsoft.com...

> Hi Hernan,
> I read this article, and didn't really understand it. I will take another
> look at it.
>
> Thanks,
> Leonard
>
> "Hernan de Lahitte" wrote:
>

>> If you want to redirect your users to different virtual directories
>> though
>> different applications, you have a SSO (Single Sign On) scenario with
>> Forms
>> Authentication therefore I suggest you this post:
>>
>> [url]http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx[/url]
>>
>> Regards.
>>
>> Hernan de Lahitte
>> [url]http://weblogs.asp.net/hernandl[/url]
>> [url]http://www.lagash.com/english/index.html[/url]
>>
>> "Leonard Rutkowski" <LeonardRutkowski@discussions.microsoft.com> wrote in
>> message news:57B8B42F-3B2C-4F8C-9343-890A2895F005@microsoft.com...

>> > Hello all,
>> > I am trying to use Forms authentication. I have got it to work
>> > successfully, when the login page, and the redirect page are in the
>> > same
>> > virtual directory, however, I want to put the login page into a
>> > separate
>> > directory. When the user logs in, they will be directed to an
>> > application,
>> > that may be different for each user, and these applications will be in
>> > separate virtual directories. When I try to login, the login page
>> > returns.
>> > This seems to indicate that the authorization is not being passed on to
>> > the
>> > application.
>> >
>> > Here is my code:
>> > Dim AppLogin As New AppLogin
>> > If AppLogin.LoginIsAuthorized(txtClientNo.Text, _
>> > txtUsername.Text, txtPassword.Text) Then
>> > 'FormsAuthentication.RedirectFromLoginPage("lrutko wski",
>> > False)
>> > 'FormsAuthentication.SetAuthCookie("lrutkowski", False)
>> > Dim authTicket As New FormsAuthenticationTicket(1,
>> > txtUsername.Text, DateTime.Now, DateTime.Now.AddMinutes(60), False,
>> > "test")
>> > 'Dim authTicket As New FormsAuthenticationTicket(1,
>> > "lrutkowski", DateTime.Now, DateTime.Now.AddMinutes(60), False, "test")
>> > Dim encryptedTicket As String =
>> > FormsAuthentication.Encrypt(authTicket)
>> > Dim authCookie As New
>> > HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
>> > Response.Cookies.Add(authCookie)
>> > Response.Redirect("/CustomerService/default.aspx")
>> > Else
>> > lblErrorMsg.Text = "Login is invalid"
>> > End If
>> >
>> > and here is my web.config:
>> >
>> > <authentication mode="Forms">
>> > <forms name=".gfdASPXAUTH"
>> > path="/" loginUrl="/PortalLogin/PortalLogin.aspx"
>> > protection="All" timeout="30"
>> > requireSSL="false">
>> > </forms>
>> > </authentication>
>> >
>> > 
>> > <authorization>
>> > <deny users="?" />
>> >  
>> > 
>> > </authorization>
>> >
>> >
>> > Thanks, Leonard
>> >

>>
>>
>>

Forms Authentication

Thread Tools

Display