forms authentication problem

[ElmoWatson]

I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.

I'm trying to get Forms Authentication working.....I can get any requested
page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't get
it, once the user is authenticated, to redirect to the new page. It ALWAYS
refreshes the Login.aspx page!

My database has all the users - - I query the database and validate the user
there. This part works - - I've totally verified this.
Then - - I've got this:
if ValidUser="True" then
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
<-------this is the part that DOES NOT work at all - - it never redirects
the page

The machine.config points to the correct path for the WebUIValidation.js
file....I'm using MSIE, as are all the other users who are going to be
hitting this app. - - Scripting is allowed.

in the Web.Config, I've got:
<authentication mode="Forms">
<forms name=".MyApp"
loginUrl="login.aspx"
protection="All"
timeout="480"
path="/"
/>
</authentication>
<authorization>
<deny users ="?" />
</authorization>
And I'm importing the Web.Security Namespace on each page.
Does Each subsequent page need anything else in it to make this work?
Please help - - I've been working on this for over a week now! What am I
missing?

[Seaside]

are you sure ValidUser is returning "true" ?



"ElmoWatson" <sputnik75043@yahoo.com> wrote in message
news:%23qyCYV2WDHA.2376@TK2MSFTNGP11.phx.gbl...

> I tried on the Security newgroup, as well as other places, and haven't
> gotten an answer yet - - I'm pulling my hair out over this one.
>
> I'm trying to get Forms Authentication working.....I can get any requested
> page to automatically go to the Login.aspx page, AND, the ReturnURL
> querystring is correct in the address bar, but no matter what, I can't get
> it, once the user is authenticated, to redirect to the new page. It ALWAYS
> refreshes the Login.aspx page!
>
> My database has all the users - - I query the database and validate the

user

> there. This part works - - I've totally verified this.
> Then - - I've got this:
> if ValidUser="True" then
> FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> <-------this is the part that DOES NOT work at all - - it never redirects
> the page
>
> The machine.config points to the correct path for the WebUIValidation.js
> file....I'm using MSIE, as are all the other users who are going to be
> hitting this app. - - Scripting is allowed.
>
> in the Web.Config, I've got:
> <authentication mode="Forms">
> <forms name=".MyApp"
> loginUrl="login.aspx"
> protection="All"
> timeout="480"
> path="/"
> />
> </authentication>
> <authorization>
> <deny users ="?" />
> </authorization>
> And I'm importing the Web.Security Namespace on each page.
> Does Each subsequent page need anything else in it to make this work?
> Please help - - I've been working on this for over a week now! What am I
> missing?
>
>

[ElmoWatson]

Yes - I'm sure - absolutely positive



"Seaside" <ss@hotmail.com> wrote in message
news:ez0MMe2WDHA.3444@tk2msftngp13.phx.gbl...

> are you sure ValidUser is returning "true" ?
>
>
>
> "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> news:%23qyCYV2WDHA.2376@TK2MSFTNGP11.phx.gbl...

> > I tried on the Security newgroup, as well as other places, and haven't
> > gotten an answer yet - - I'm pulling my hair out over this one.
> >
> > I'm trying to get Forms Authentication working.....I can get any

requested

> > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > querystring is correct in the address bar, but no matter what, I can't

get

> > it, once the user is authenticated, to redirect to the new page. It

ALWAYS

> > refreshes the Login.aspx page!
> >
> > My database has all the users - - I query the database and validate the

> user

> > there. This part works - - I've totally verified this.
> > Then - - I've got this:
> > if ValidUser="True" then
> > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> > <-------this is the part that DOES NOT work at all - - it never

redirects

> > the page
> >
> > The machine.config points to the correct path for the WebUIValidation.js
> > file....I'm using MSIE, as are all the other users who are going to be
> > hitting this app. - - Scripting is allowed.
> >
> > in the Web.Config, I've got:
> > <authentication mode="Forms">
> > <forms name=".MyApp"
> > loginUrl="login.aspx"
> > protection="All"
> > timeout="480"
> > path="/"
> > />
> > </authentication>
> > <authorization>
> > <deny users ="?" />
> > </authorization>
> > And I'm importing the Web.Security Namespace on each page.
> > Does Each subsequent page need anything else in it to make this work?
> > Please help - - I've been working on this for over a week now! What am I
> > missing?
> >
> >

>
>

[ElmoWatson]

Thanks - I checked it out - - all the code listings links don't go to the
code at all....nice article, but it doesn't tell me where my problem is.
BTW - If I remove the deny users part - - - - it bypasses the login.aspx
file altogether. I at least had that working


"S. Justin Gengo" <sjgengo@aboutfortunate.com> wrote in message
news:%23razhf2WDHA.608@TK2MSFTNGP12.phx.gbl...

> Elmo,
>
> When you use a database with forms authentication you need to remove the
> deny users attribute in the web.config file. You then have to create a
> method that does the validation for you.
>
> Here's a good article about using a database with form authentication:
>

[url]http://www.zdnet.com.au/builder/program/windows/story/0,2000035027,20274191,00.htm[/url]

>
> Sincerely,
>
> --
> S. Justin Gengo, MCP
> Web Developer
>
> Free code library at:
> [url]www.aboutfortunate.com[/url]
>
> "Out of chaos comes order."
> Nietzche
> "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> news:%23qyCYV2WDHA.2376@TK2MSFTNGP11.phx.gbl...

> > I tried on the Security newgroup, as well as other places, and haven't
> > gotten an answer yet - - I'm pulling my hair out over this one.
> >
> > I'm trying to get Forms Authentication working.....I can get any

requested

> > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > querystring is correct in the address bar, but no matter what, I can't

get

> > it, once the user is authenticated, to redirect to the new page. It

ALWAYS

> > refreshes the Login.aspx page!
> >
> > My database has all the users - - I query the database and validate the

> user

> > there. This part works - - I've totally verified this.
> > Then - - I've got this:
> > if ValidUser="True" then
> > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> > <-------this is the part that DOES NOT work at all - - it never

redirects

> > the page
> >
> > The machine.config points to the correct path for the WebUIValidation.js
> > file....I'm using MSIE, as are all the other users who are going to be
> > hitting this app. - - Scripting is allowed.
> >
> > in the Web.Config, I've got:
> > <authentication mode="Forms">
> > <forms name=".MyApp"
> > loginUrl="login.aspx"
> > protection="All"
> > timeout="480"
> > path="/"
> > />
> > </authentication>
> > <authorization>
> > <deny users ="?" />
> > </authorization>
> > And I'm importing the Web.Security Namespace on each page.
> > Does Each subsequent page need anything else in it to make this work?
> > Please help - - I've been working on this for over a week now! What am I
> > missing?
> >
> >

>
>

[Seaside]

see S.Justin Gengo's reply



"ElmoWatson" <sputnik75043@yahoo.com> wrote in message
news:OikY$72WDHA.2424@TK2MSFTNGP12.phx.gbl...

> Yes - I'm sure - absolutely positive
>
>
>
> "Seaside" <ss@hotmail.com> wrote in message
> news:ez0MMe2WDHA.3444@tk2msftngp13.phx.gbl...

> > are you sure ValidUser is returning "true" ?
> >
> >
> >
> > "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> > news:%23qyCYV2WDHA.2376@TK2MSFTNGP11.phx.gbl...

> > > I tried on the Security newgroup, as well as other places, and haven't
> > > gotten an answer yet - - I'm pulling my hair out over this one.
> > >
> > > I'm trying to get Forms Authentication working.....I can get any

> requested

> > > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > > querystring is correct in the address bar, but no matter what, I can't

> get

> > > it, once the user is authenticated, to redirect to the new page. It

> ALWAYS

> > > refreshes the Login.aspx page!
> > >
> > > My database has all the users - - I query the database and validate

the

> > user

> > > there. This part works - - I've totally verified this.
> > > Then - - I've got this:
> > > if ValidUser="True" then
> > > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> > > <-------this is the part that DOES NOT work at all - - it never

> redirects

> > > the page
> > >
> > > The machine.config points to the correct path for the

WebUIValidation.js

> > > file....I'm using MSIE, as are all the other users who are going to be
> > > hitting this app. - - Scripting is allowed.
> > >
> > > in the Web.Config, I've got:
> > > <authentication mode="Forms">
> > > <forms name=".MyApp"
> > > loginUrl="login.aspx"
> > > protection="All"
> > > timeout="480"
> > > path="/"
> > > />
> > > </authentication>
> > > <authorization>
> > > <deny users ="?" />
> > > </authorization>
> > > And I'm importing the Web.Security Namespace on each page.
> > > Does Each subsequent page need anything else in it to make this work?
> > > Please help - - I've been working on this for over a week now! What am

I

> > > missing?
> > >
> > >

> >
> >

>
>

[John Saunders]

Elmo,

It may be redirecting to the page, then redirecting right back to the login
page when it's found that the user isn't authenticated.

The question will be "why isn't the user authenticated when I think he
should be?" Answers I've seen include:

1) Because the cookie is set up wrong and Forms Authentication never sees
it. Check on the domain, path and expiration of the cookie. In particular,
make sure the cookie domain matches your domain. localhost has a blank
domain, BTW.
2) Because the login page and the page you're redirecting to have different
values in the <machineKey> entry in machine.config or web.config.
3) The user _is_ authenticated, but not authorized. Maybe URL authorization
has a typo in a role name, or roles aren't being applied in global.asax.

It sounds like it's time for you to look one layer deeper. In particular,
try turning on tracing in web.config:

<trace enabled="true" requestLimit="100" pageOutput="false"
traceMode="SortByTime" localOnly="true" />

Then reproduce the problem and navigate to
[url]http://localhost/yourSite/trace.axd[/url]. It may be instructive.
--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]



"ElmoWatson" <sputnik75043@yahoo.com> wrote in message
news:%23qyCYV2WDHA.2376@TK2MSFTNGP11.phx.gbl...

> I tried on the Security newgroup, as well as other places, and haven't
> gotten an answer yet - - I'm pulling my hair out over this one.
>
> I'm trying to get Forms Authentication working.....I can get any requested
> page to automatically go to the Login.aspx page, AND, the ReturnURL
> querystring is correct in the address bar, but no matter what, I can't get
> it, once the user is authenticated, to redirect to the new page. It ALWAYS
> refreshes the Login.aspx page!
>
> My database has all the users - - I query the database and validate the

user

> there. This part works - - I've totally verified this.
> Then - - I've got this:
> if ValidUser="True" then
> FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> <-------this is the part that DOES NOT work at all - - it never redirects
> the page
>
> The machine.config points to the correct path for the WebUIValidation.js
> file....I'm using MSIE, as are all the other users who are going to be
> hitting this app. - - Scripting is allowed.
>
> in the Web.Config, I've got:
> <authentication mode="Forms">
> <forms name=".MyApp"
> loginUrl="login.aspx"
> protection="All"
> timeout="480"
> path="/"
> />
> </authentication>
> <authorization>
> <deny users ="?" />
> </authorization>
> And I'm importing the Web.Security Namespace on each page.
> Does Each subsequent page need anything else in it to make this work?
> Please help - - I've been working on this for over a week now! What am I
> missing?
>
>

[S. Justin Gengo]

Hmmm,

That website must be having some pretty big link problems! I had bookmarked
it a long time ago. It looks like all their articles file links aren't
working.

Here's a line of code from a different article that I think pertains to you:

If blnIsAuthenticated Then
FormsAuthentication.RedirectFromLoginPage(strUser,
chkPersistLogin.Checked)
End If

This article is using an xml file instead of a database to store usernames
and passwords but the concept is the same. Here's the link:
[url]http://www.15seconds.com/issue/020305.htm[/url]

Sincerecly,


--
S. Justin Gengo, MCP
Web Developer

Free code library at:
[url]www.aboutfortunate.com[/url]

"Out of chaos comes order."
Nietzche
"ElmoWatson" <sputnik75043@yahoo.com> wrote in message
news:eSDQlB3WDHA.1512@TK2MSFTNGP11.phx.gbl...

> Thanks - I checked it out - - all the code listings links don't go to the
> code at all....nice article, but it doesn't tell me where my problem is.
> BTW - If I remove the deny users part - - - - it bypasses the login.aspx
> file altogether. I at least had that working
>
>
> "S. Justin Gengo" <sjgengo@aboutfortunate.com> wrote in message
> news:%23razhf2WDHA.608@TK2MSFTNGP12.phx.gbl...

> > Elmo,
> >
> > When you use a database with forms authentication you need to remove the
> > deny users attribute in the web.config file. You then have to create a
> > method that does the validation for you.
> >
> > Here's a good article about using a database with form authentication:
> >

>

[url]http://www.zdnet.com.au/builder/program/windows/story/0,2000035027,20274191,00.htm[/url]

> >
> > Sincerely,
> >
> > --
> > S. Justin Gengo, MCP
> > Web Developer
> >
> > Free code library at:
> > [url]www.aboutfortunate.com[/url]
> >
> > "Out of chaos comes order."
> > Nietzche
> > "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> > news:%23qyCYV2WDHA.2376@TK2MSFTNGP11.phx.gbl...

> > > I tried on the Security newgroup, as well as other places, and haven't
> > > gotten an answer yet - - I'm pulling my hair out over this one.
> > >
> > > I'm trying to get Forms Authentication working.....I can get any

> requested

> > > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > > querystring is correct in the address bar, but no matter what, I can't

> get

> > > it, once the user is authenticated, to redirect to the new page. It

> ALWAYS

> > > refreshes the Login.aspx page!
> > >
> > > My database has all the users - - I query the database and validate

the

> > user

> > > there. This part works - - I've totally verified this.
> > > Then - - I've got this:
> > > if ValidUser="True" then
> > > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> > > <-------this is the part that DOES NOT work at all - - it never

> redirects

> > > the page
> > >
> > > The machine.config points to the correct path for the

WebUIValidation.js

> > > file....I'm using MSIE, as are all the other users who are going to be
> > > hitting this app. - - Scripting is allowed.
> > >
> > > in the Web.Config, I've got:
> > > <authentication mode="Forms">
> > > <forms name=".MyApp"
> > > loginUrl="login.aspx"
> > > protection="All"
> > > timeout="480"
> > > path="/"
> > > />
> > > </authentication>
> > > <authorization>
> > > <deny users ="?" />
> > > </authorization>
> > > And I'm importing the Web.Security Namespace on each page.
> > > Does Each subsequent page need anything else in it to make this work?
> > > Please help - - I've been working on this for over a week now! What am

I

> > > missing?
> > >
> > >

> >
> >

>
>

[ElmoWatson]

Actually - I have had Tracing on & off several times - -
I see that the cookie is set - - but the weird thing is how it's showing - -
I went to the temporary internet files directory to watch when the cookie
shows up.

I run a page on the site in IE, get referred to the login page, login, and,
as usual, it does NOT redirect me to the original page....
Keep in mind, still no cookie in the directory -- then I close IE - - -
still no cookie.
THEN - when I start IE AGAIN, only going to its default page - - the cookie
shows up in the directory - - I don't get how this behavior works, at all.

Still - the same login scenario happens - - no redirect.

You said:

>>>>Maybe URL authorization has a typo in a role name, or roles aren't being

applied in global.asax.

I don't have any roles in play here - this scenario, at this point is
supposed to check against a database table for authorization - - if
there - - validuser is true, else it's false
if it's true, I have it set like this:
FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) and again -
here's where it doesn't work. It DOES, however, set the cookie, named the
same as in the web.config file.

Anything else?? Nothing shows up as

"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:OLe4NF3WDHA.2272@TK2MSFTNGP11.phx.gbl...

> Elmo,
>
> It may be redirecting to the page, then redirecting right back to the

login

> page when it's found that the user isn't authenticated.
>
> The question will be "why isn't the user authenticated when I think he
> should be?" Answers I've seen include:
>
> 1) Because the cookie is set up wrong and Forms Authentication never sees
> it. Check on the domain, path and expiration of the cookie. In particular,
> make sure the cookie domain matches your domain. localhost has a blank
> domain, BTW.
> 2) Because the login page and the page you're redirecting to have

different

> values in the <machineKey> entry in machine.config or web.config.
> 3) The user _is_ authenticated, but not authorized. Maybe URL

authorization

> has a typo in a role name, or roles aren't being applied in global.asax.
>
> It sounds like it's time for you to look one layer deeper. In particular,
> try turning on tracing in web.config:
>
> <trace enabled="true" requestLimit="100" pageOutput="false"
> traceMode="SortByTime" localOnly="true" />
>
> Then reproduce the problem and navigate to
> [url]http://localhost/yourSite/trace.axd[/url]. It may be instructive.
> --
> John Saunders
> Internet Engineer
> [email]john.saunders@surfcontrol.com[/email]
>
>
>
> "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> news:%23qyCYV2WDHA.2376@TK2MSFTNGP11.phx.gbl...

> > I tried on the Security newgroup, as well as other places, and haven't
> > gotten an answer yet - - I'm pulling my hair out over this one.
> >
> > I'm trying to get Forms Authentication working.....I can get any

requested

> > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > querystring is correct in the address bar, but no matter what, I can't

get

> > it, once the user is authenticated, to redirect to the new page. It

ALWAYS

> > refreshes the Login.aspx page!
> >
> > My database has all the users - - I query the database and validate the

> user

> > there. This part works - - I've totally verified this.
> > Then - - I've got this:
> > if ValidUser="True" then
> > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> > <-------this is the part that DOES NOT work at all - - it never

redirects

> > the page
> >
> > The machine.config points to the correct path for the WebUIValidation.js
> > file....I'm using MSIE, as are all the other users who are going to be
> > hitting this app. - - Scripting is allowed.
> >
> > in the Web.Config, I've got:
> > <authentication mode="Forms">
> > <forms name=".MyApp"
> > loginUrl="login.aspx"
> > protection="All"
> > timeout="480"
> > path="/"
> > />
> > </authentication>
> > <authorization>
> > <deny users ="?" />
> > </authorization>
> > And I'm importing the Web.Security Namespace on each page.
> > Does Each subsequent page need anything else in it to make this work?
> > Please help - - I've been working on this for over a week now! What am I
> > missing?
> >
> >

>
>

[ElmoWatson]

Yeah - - that's what I'm using exactly - - that's what doesn't work
correctly
I'm totally lost here......I guess I'll just have to roll my own
authentication system - - I've been at this over a week and I could have had
it all done, if I had manually created it.

Thanks for the help - - if you think of something else - - - post back,
please.

"S. Justin Gengo" <sjgengo@aboutfortunate.com> wrote in message
news:%23XKtLK3WDHA.1480@tk2msftngp13.phx.gbl...

> Hmmm,
>
> That website must be having some pretty big link problems! I had

bookmarked

> it a long time ago. It looks like all their articles file links aren't
> working.
>
> Here's a line of code from a different article that I think pertains to

you:

>
> If blnIsAuthenticated Then
> FormsAuthentication.RedirectFromLoginPage(strUser,
> chkPersistLogin.Checked)
> End If
>
> This article is using an xml file instead of a database to store usernames
> and passwords but the concept is the same. Here's the link:
> [url]http://www.15seconds.com/issue/020305.htm[/url]
>
> Sincerecly,
>
>
> --
> S. Justin Gengo, MCP
> Web Developer
>
> Free code library at:
> [url]www.aboutfortunate.com[/url]
>
> "Out of chaos comes order."
> Nietzche
> "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> news:eSDQlB3WDHA.1512@TK2MSFTNGP11.phx.gbl...

> > Thanks - I checked it out - - all the code listings links don't go to

the

> > code at all....nice article, but it doesn't tell me where my problem is.
> > BTW - If I remove the deny users part - - - - it bypasses the

login.aspx

> > file altogether. I at least had that working
> >
> >
> > "S. Justin Gengo" <sjgengo@aboutfortunate.com> wrote in message
> > news:%23razhf2WDHA.608@TK2MSFTNGP12.phx.gbl...

> > > Elmo,
> > >
> > > When you use a database with forms authentication you need to remove

the

> > > deny users attribute in the web.config file. You then have to create a
> > > method that does the validation for you.
> > >
> > > Here's a good article about using a database with form authentication:
> > >

> >

>

[url]http://www.zdnet.com.au/builder/program/windows/story/0,2000035027,20274191,00.htm[/url]

> > >
> > > Sincerely,
> > >
> > > --
> > > S. Justin Gengo, MCP
> > > Web Developer
> > >
> > > Free code library at:
> > > [url]www.aboutfortunate.com[/url]
> > >
> > > "Out of chaos comes order."
> > > Nietzche
> > > "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> > > news:%23qyCYV2WDHA.2376@TK2MSFTNGP11.phx.gbl...
> > > > I tried on the Security newgroup, as well as other places, and

haven't

> > > > gotten an answer yet - - I'm pulling my hair out over this one.
> > > >
> > > > I'm trying to get Forms Authentication working.....I can get any

> > requested

> > > > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > > > querystring is correct in the address bar, but no matter what, I

can't

> > get

> > > > it, once the user is authenticated, to redirect to the new page. It

> > ALWAYS

> > > > refreshes the Login.aspx page!
> > > >
> > > > My database has all the users - - I query the database and validate

> the

> > > user
> > > > there. This part works - - I've totally verified this.
> > > > Then - - I've got this:
> > > > if ValidUser="True" then
> > > > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> > > > <-------this is the part that DOES NOT work at all - - it never

> > redirects

> > > > the page
> > > >
> > > > The machine.config points to the correct path for the

> WebUIValidation.js

> > > > file....I'm using MSIE, as are all the other users who are going to

be

> > > > hitting this app. - - Scripting is allowed.
> > > >
> > > > in the Web.Config, I've got:
> > > > <authentication mode="Forms">
> > > > <forms name=".MyApp"
> > > > loginUrl="login.aspx"
> > > > protection="All"
> > > > timeout="480"
> > > > path="/"
> > > > />
> > > > </authentication>
> > > > <authorization>
> > > > <deny users ="?" />
> > > > </authorization>
> > > > And I'm importing the Web.Security Namespace on each page.
> > > > Does Each subsequent page need anything else in it to make this

work?

> > > > Please help - - I've been working on this for over a week now! What

am

> I

> > > > missing?
> > > >
> > > >
> > >
> > >

> >
> >

>
>

[John Saunders]

Elmo,

Let's be sure we understand each other. Here's a sequence of events to
reproduce:

1) Close _all_ of your browsers
2) Start up IE (preferably with your home page set to about:blank).
3) Navigate to a page which requires you to be authenticated
4) You should be redirected to the login page
5) Check for the cookie it should be absent.
6) Log in. It should attempt to redirect you to the original page.
7) Whether or not it redirected you, check for the cookie again. If it's
there, post the details, in particular, the path, domain and expiration.

BTW, I don't know how you're seeing the cookie at all. Session cookies
aren't displayed in IE's "View Files" dialog. You'd do better to use a tool
like ProxyTrace from [url]http://pocketsoap.com[/url], which will allow you to see the
actual Set-Cookie header(s).
--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]


"ElmoWatson" <sputnik75043@yahoo.com> wrote in message
news:eX0gGh3WDHA.1640@TK2MSFTNGP10.phx.gbl...

> Actually - I have had Tracing on & off several times - -
> I see that the cookie is set - - but the weird thing is how it's

showing - -

> I went to the temporary internet files directory to watch when the cookie
> shows up.
>
> I run a page on the site in IE, get referred to the login page, login,

and,

> as usual, it does NOT redirect me to the original page....
> Keep in mind, still no cookie in the directory -- then I close IE - - -
> still no cookie.
> THEN - when I start IE AGAIN, only going to its default page - - the

cookie

> shows up in the directory - - I don't get how this behavior works, at

all.

>
> Still - the same login scenario happens - - no redirect.
>
> You said:

> >>>>Maybe URL authorization has a typo in a role name, or roles aren't

being

> applied in global.asax.
>
> I don't have any roles in play here - this scenario, at this point is
> supposed to check against a database table for authorization - - if
> there - - validuser is true, else it's false
> if it's true, I have it set like this:
> FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) and again -
> here's where it doesn't work. It DOES, however, set the cookie, named the
> same as in the web.config file.
>
> Anything else?? Nothing shows up as
>
> "John Saunders" <john.saunders@surfcontrol.com> wrote in message
> news:OLe4NF3WDHA.2272@TK2MSFTNGP11.phx.gbl...

> > Elmo,
> >
> > It may be redirecting to the page, then redirecting right back to the

> login

> > page when it's found that the user isn't authenticated.
> >
> > The question will be "why isn't the user authenticated when I think he
> > should be?" Answers I've seen include:
> >
> > 1) Because the cookie is set up wrong and Forms Authentication never

sees

> > it. Check on the domain, path and expiration of the cookie. In

particular,

> > make sure the cookie domain matches your domain. localhost has a blank
> > domain, BTW.
> > 2) Because the login page and the page you're redirecting to have

> different

> > values in the <machineKey> entry in machine.config or web.config.
> > 3) The user _is_ authenticated, but not authorized. Maybe URL

> authorization

> > has a typo in a role name, or roles aren't being applied in global.asax.
> >
> > It sounds like it's time for you to look one layer deeper. In

particular,

> > try turning on tracing in web.config:
> >
> > <trace enabled="true" requestLimit="100" pageOutput="false"
> > traceMode="SortByTime" localOnly="true" />
> >
> > Then reproduce the problem and navigate to
> > [url]http://localhost/yourSite/trace.axd[/url]. It may be instructive.
> > --
> > John Saunders
> > Internet Engineer
> > [email]john.saunders@surfcontrol.com[/email]
> >
> >
> >
> > "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> > news:%23qyCYV2WDHA.2376@TK2MSFTNGP11.phx.gbl...

> > > I tried on the Security newgroup, as well as other places, and haven't
> > > gotten an answer yet - - I'm pulling my hair out over this one.
> > >
> > > I'm trying to get Forms Authentication working.....I can get any

> requested

> > > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > > querystring is correct in the address bar, but no matter what, I can't

> get

> > > it, once the user is authenticated, to redirect to the new page. It

> ALWAYS

> > > refreshes the Login.aspx page!
> > >
> > > My database has all the users - - I query the database and validate

the

> > user

> > > there. This part works - - I've totally verified this.
> > > Then - - I've got this:
> > > if ValidUser="True" then
> > > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> > > <-------this is the part that DOES NOT work at all - - it never

> redirects

> > > the page
> > >
> > > The machine.config points to the correct path for the

WebUIValidation.js

> > > file....I'm using MSIE, as are all the other users who are going to be
> > > hitting this app. - - Scripting is allowed.
> > >
> > > in the Web.Config, I've got:
> > > <authentication mode="Forms">
> > > <forms name=".MyApp"
> > > loginUrl="login.aspx"
> > > protection="All"
> > > timeout="480"
> > > path="/"
> > > />
> > > </authentication>
> > > <authorization>
> > > <deny users ="?" />
> > > </authorization>
> > > And I'm importing the Web.Security Namespace on each page.
> > > Does Each subsequent page need anything else in it to make this work?
> > > Please help - - I've been working on this for over a week now! What am

I

> > > missing?
> > >
> > >

> >
> >

>
>

[ElmoWatson]

Here are my steps
1. Delete existing cookie, starting from scratch
2. Run a page on web server - - redirects me to login page
3. Login, hoping to go to url in querystring
4. It does NOT redirect me to the correct page - -
in the Trace details, it shows the cookie with the correct name (from
Web.Config Name = section)
5. However, I don't see the cookie in the Temporary Internet Files dir
yet - - close IE -no cookie
6. Start IE (goes to default site which is NOT the web site in question) -
Cookie shows up
7. Details - - - in the directory list (Windows Explorer):
Name: Cookie:myname@testWebserver/ --- this is correct --
Internet Address - same as Name: - TXT file
Expires: 8/5/2053
Last Modified/Last Accessed/Last Checked - - all the same time/date (today)

8. Try running a page on the web server again - - redirects me to login
page, with the originally requested page, correctly, in the querystring
(ReturnUrL) - - cookie shows up with the name given to it, in my Web.config
file.

Does this show you anything?

"John Saunders" <john.saunders@surfcontrol.com> wrote in message
news:uGP7F43WDHA.2080@TK2MSFTNGP11.phx.gbl...

> Elmo,
>
> Let's be sure we understand each other. Here's a sequence of events to
> reproduce:
>
> 1) Close _all_ of your browsers
> 2) Start up IE (preferably with your home page set to about:blank).
> 3) Navigate to a page which requires you to be authenticated
> 4) You should be redirected to the login page
> 5) Check for the cookie it should be absent.
> 6) Log in. It should attempt to redirect you to the original page.
> 7) Whether or not it redirected you, check for the cookie again. If it's
> there, post the details, in particular, the path, domain and expiration.
>
> BTW, I don't know how you're seeing the cookie at all. Session cookies
> aren't displayed in IE's "View Files" dialog. You'd do better to use a

tool

> like ProxyTrace from [url]http://pocketsoap.com[/url], which will allow you to see

the

> actual Set-Cookie header(s).
> --
> John Saunders
> Internet Engineer
> [email]john.saunders@surfcontrol.com[/email]
>
>
> "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> news:eX0gGh3WDHA.1640@TK2MSFTNGP10.phx.gbl...

> > Actually - I have had Tracing on & off several times - -
> > I see that the cookie is set - - but the weird thing is how it's

> showing - -

> > I went to the temporary internet files directory to watch when the

cookie

> > shows up.
> >
> > I run a page on the site in IE, get referred to the login page, login,

> and,

> > as usual, it does NOT redirect me to the original page....
> > Keep in mind, still no cookie in the directory -- then I close IE - - -
> > still no cookie.
> > THEN - when I start IE AGAIN, only going to its default page - - the

> cookie

> > shows up in the directory - - I don't get how this behavior works, at

> all.

> >
> > Still - the same login scenario happens - - no redirect.
> >
> > You said:

> > >>>>Maybe URL authorization has a typo in a role name, or roles aren't

> being

> > applied in global.asax.
> >
> > I don't have any roles in play here - this scenario, at this point is
> > supposed to check against a database table for authorization - - if
> > there - - validuser is true, else it's false
> > if it's true, I have it set like this:
> > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) and again -
> > here's where it doesn't work. It DOES, however, set the cookie, named

the

> > same as in the web.config file.
> >
> > Anything else?? Nothing shows up as
> >
> > "John Saunders" <john.saunders@surfcontrol.com> wrote in message
> > news:OLe4NF3WDHA.2272@TK2MSFTNGP11.phx.gbl...

> > > Elmo,
> > >
> > > It may be redirecting to the page, then redirecting right back to the

> > login

> > > page when it's found that the user isn't authenticated.
> > >
> > > The question will be "why isn't the user authenticated when I think he
> > > should be?" Answers I've seen include:
> > >
> > > 1) Because the cookie is set up wrong and Forms Authentication never

> sees

> > > it. Check on the domain, path and expiration of the cookie. In

> particular,

> > > make sure the cookie domain matches your domain. localhost has a blank
> > > domain, BTW.
> > > 2) Because the login page and the page you're redirecting to have

> > different

> > > values in the <machineKey> entry in machine.config or web.config.
> > > 3) The user _is_ authenticated, but not authorized. Maybe URL

> > authorization

> > > has a typo in a role name, or roles aren't being applied in

global.asax.

> > >
> > > It sounds like it's time for you to look one layer deeper. In

> particular,

> > > try turning on tracing in web.config:
> > >
> > > <trace enabled="true" requestLimit="100" pageOutput="false"
> > > traceMode="SortByTime" localOnly="true" />
> > >
> > > Then reproduce the problem and navigate to
> > > [url]http://localhost/yourSite/trace.axd[/url]. It may be instructive.
> > > --
> > > John Saunders
> > > Internet Engineer
> > > [email]john.saunders@surfcontrol.com[/email]
> > >
> > >
> > >
> > > "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> > > news:%23qyCYV2WDHA.2376@TK2MSFTNGP11.phx.gbl...
> > > > I tried on the Security newgroup, as well as other places, and

haven't

> > > > gotten an answer yet - - I'm pulling my hair out over this one.
> > > >
> > > > I'm trying to get Forms Authentication working.....I can get any

> > requested

> > > > page to automatically go to the Login.aspx page, AND, the ReturnURL
> > > > querystring is correct in the address bar, but no matter what, I

can't

> > get

> > > > it, once the user is authenticated, to redirect to the new page. It

> > ALWAYS

> > > > refreshes the Login.aspx page!
> > > >
> > > > My database has all the users - - I query the database and validate

> the

> > > user
> > > > there. This part works - - I've totally verified this.
> > > > Then - - I've got this:
> > > > if ValidUser="True" then
> > > > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) '
> > > > <-------this is the part that DOES NOT work at all - - it never

> > redirects

> > > > the page
> > > >
> > > > The machine.config points to the correct path for the

> WebUIValidation.js

> > > > file....I'm using MSIE, as are all the other users who are going to

be

> > > > hitting this app. - - Scripting is allowed.
> > > >
> > > > in the Web.Config, I've got:
> > > > <authentication mode="Forms">
> > > > <forms name=".MyApp"
> > > > loginUrl="login.aspx"
> > > > protection="All"
> > > > timeout="480"
> > > > path="/"
> > > > />
> > > > </authentication>
> > > > <authorization>
> > > > <deny users ="?" />
> > > > </authorization>
> > > > And I'm importing the Web.Security Namespace on each page.
> > > > Does Each subsequent page need anything else in it to make this

work?

> > > > Please help - - I've been working on this for over a week now! What

am

> I

> > > > missing?
> > > >
> > > >
> > >
> > >

> >
> >

>
>

[John Saunders]

Yeah, Elmo, that's what I figured from your detailed post. Your Forms
Authentication page may be using the same cookie name as being used by that
"classic ASP" page. Choose another name!

You're not _supposed_ to be able to see session cookies in Temporary
Internet Files! The fact that you saw it there suggested that it wasn't from
ASP.NET, and the fact that you saw it after going to the "default" page
suggested that you were getting that cookie from the default page.

--
John Saunders
Internet Engineer
[email]john.saunders@surfcontrol.com[/email]


"ElmoWatson" <sputnik75043@yahoo.com> wrote in message
news:u8NICn4WDHA.1680@tk2msftngp13.phx.gbl...

> I didn't notice until I sent the last message, that you said to 'blank'

out

> the start page....
> The weirdest thing happened - - previously, my start page was one of the
> other intranet's login page in our company (classic asp/different
> login/different server/completely different physical location) - - -
>
> AS SOON as I dumped that page from my default page in IE - the whole Forms
> Authentication worked perfectly - just like it was supposed to.
>
>
>
> "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> news:ewZKdC4WDHA.608@TK2MSFTNGP12.phx.gbl...

> > Here are my steps
> > 1. Delete existing cookie, starting from scratch
> > 2. Run a page on web server - - redirects me to login page
> > 3. Login, hoping to go to url in querystring
> > 4. It does NOT redirect me to the correct page - -
> > in the Trace details, it shows the cookie with the correct name (from
> > Web.Config Name = section)
> > 5. However, I don't see the cookie in the Temporary Internet Files dir
> > yet - - close IE -no cookie
> > 6. Start IE (goes to default site which is NOT the web site in

question) -

> > Cookie shows up
> > 7. Details - - - in the directory list (Windows Explorer):
> > Name: Cookie:myname@testWebserver/ --- this is correct --
> > Internet Address - same as Name: - TXT file
> > Expires: 8/5/2053
> > Last Modified/Last Accessed/Last Checked - - all the same time/date

> (today)

> >
> > 8. Try running a page on the web server again - - redirects me to login
> > page, with the originally requested page, correctly, in the querystring
> > (ReturnUrL) - - cookie shows up with the name given to it, in my

> Web.config

> > file.
> >
> > Does this show you anything?
> >
> > "John Saunders" <john.saunders@surfcontrol.com> wrote in message
> > news:uGP7F43WDHA.2080@TK2MSFTNGP11.phx.gbl...

> > > Elmo,
> > >
> > > Let's be sure we understand each other. Here's a sequence of events to
> > > reproduce:
> > >
> > > 1) Close _all_ of your browsers
> > > 2) Start up IE (preferably with your home page set to about:blank).
> > > 3) Navigate to a page which requires you to be authenticated
> > > 4) You should be redirected to the login page
> > > 5) Check for the cookie it should be absent.
> > > 6) Log in. It should attempt to redirect you to the original page.
> > > 7) Whether or not it redirected you, check for the cookie again. If

it's

> > > there, post the details, in particular, the path, domain and

expiration.

> > >
> > > BTW, I don't know how you're seeing the cookie at all. Session cookies
> > > aren't displayed in IE's "View Files" dialog. You'd do better to use a

> > tool

> > > like ProxyTrace from [url]http://pocketsoap.com[/url], which will allow you to

see

> > the

> > > actual Set-Cookie header(s).
> > > --
> > > John Saunders
> > > Internet Engineer
> > > [email]john.saunders@surfcontrol.com[/email]
> > >
> > >
> > > "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> > > news:eX0gGh3WDHA.1640@TK2MSFTNGP10.phx.gbl...
> > > > Actually - I have had Tracing on & off several times - -
> > > > I see that the cookie is set - - but the weird thing is how it's
> > > showing - -
> > > > I went to the temporary internet files directory to watch when the

> > cookie

> > > > shows up.
> > > >
> > > > I run a page on the site in IE, get referred to the login page,

login,

> > > and,
> > > > as usual, it does NOT redirect me to the original page....
> > > > Keep in mind, still no cookie in the directory -- then I close

> IE - - -

> > > > still no cookie.
> > > > THEN - when I start IE AGAIN, only going to its default page - - the
> > > cookie
> > > > shows up in the directory - - I don't get how this behavior works,

> at

> > > all.
> > > >
> > > > Still - the same login scenario happens - - no redirect.
> > > >
> > > > You said:
> > > > >>>>Maybe URL authorization has a typo in a role name, or roles

aren't

> > > being
> > > > applied in global.asax.
> > > >
> > > > I don't have any roles in play here - this scenario, at this point

is

> > > > supposed to check against a database table for authorization - - if
> > > > there - - validuser is true, else it's false
> > > > if it's true, I have it set like this:
> > > > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True) and

> again -

> > > > here's where it doesn't work. It DOES, however, set the cookie,

named

> > the

> > > > same as in the web.config file.
> > > >
> > > > Anything else?? Nothing shows up as
> > > >
> > > > "John Saunders" <john.saunders@surfcontrol.com> wrote in message
> > > > news:OLe4NF3WDHA.2272@TK2MSFTNGP11.phx.gbl...
> > > > > Elmo,
> > > > >
> > > > > It may be redirecting to the page, then redirecting right back to

> the

> > > > login
> > > > > page when it's found that the user isn't authenticated.
> > > > >
> > > > > The question will be "why isn't the user authenticated when I

think

> he

> > > > > should be?" Answers I've seen include:
> > > > >
> > > > > 1) Because the cookie is set up wrong and Forms Authentication

never

> > > sees
> > > > > it. Check on the domain, path and expiration of the cookie. In
> > > particular,
> > > > > make sure the cookie domain matches your domain. localhost has a

> blank

> > > > > domain, BTW.
> > > > > 2) Because the login page and the page you're redirecting to have
> > > > different
> > > > > values in the <machineKey> entry in machine.config or web.config.
> > > > > 3) The user _is_ authenticated, but not authorized. Maybe URL
> > > > authorization
> > > > > has a typo in a role name, or roles aren't being applied in

> > global.asax.

> > > > >
> > > > > It sounds like it's time for you to look one layer deeper. In
> > > particular,
> > > > > try turning on tracing in web.config:
> > > > >
> > > > > <trace enabled="true" requestLimit="100" pageOutput="false"
> > > > > traceMode="SortByTime" localOnly="true" />
> > > > >
> > > > > Then reproduce the problem and navigate to
> > > > > [url]http://localhost/yourSite/trace.axd[/url]. It may be instructive.
> > > > > --
> > > > > John Saunders
> > > > > Internet Engineer
> > > > > [email]john.saunders@surfcontrol.com[/email]
> > > > >
> > > > >
> > > > >
> > > > > "ElmoWatson" <sputnik75043@yahoo.com> wrote in message
> > > > > news:%23qyCYV2WDHA.2376@TK2MSFTNGP11.phx.gbl...
> > > > > > I tried on the Security newgroup, as well as other places, and

> > haven't

> > > > > > gotten an answer yet - - I'm pulling my hair out over this one.
> > > > > >
> > > > > > I'm trying to get Forms Authentication working.....I can get any
> > > > requested
> > > > > > page to automatically go to the Login.aspx page, AND, the

> ReturnURL

> > > > > > querystring is correct in the address bar, but no matter what, I

> > can't

> > > > get
> > > > > > it, once the user is authenticated, to redirect to the new page.

> It

> > > > ALWAYS
> > > > > > refreshes the Login.aspx page!
> > > > > >
> > > > > > My database has all the users - - I query the database and

> validate

> > > the
> > > > > user
> > > > > > there. This part works - - I've totally verified this.
> > > > > > Then - - I've got this:
> > > > > > if ValidUser="True" then
> > > > > > FormsAuthentication.RedirectFromLoginPage(txtUID.t ext, True)

'

> > > > > > <-------this is the part that DOES NOT work at all - - it never
> > > > redirects
> > > > > > the page
> > > > > >
> > > > > > The machine.config points to the correct path for the
> > > WebUIValidation.js
> > > > > > file....I'm using MSIE, as are all the other users who are going

> to

> > be

> > > > > > hitting this app. - - Scripting is allowed.
> > > > > >
> > > > > > in the Web.Config, I've got:
> > > > > > <authentication mode="Forms">
> > > > > > <forms name=".MyApp"
> > > > > > loginUrl="login.aspx"
> > > > > > protection="All"
> > > > > > timeout="480"
> > > > > > path="/"
> > > > > > />
> > > > > > </authentication>
> > > > > > <authorization>
> > > > > > <deny users ="?" />
> > > > > > </authorization>
> > > > > > And I'm importing the Web.Security Namespace on each page.
> > > > > > Does Each subsequent page need anything else in it to make this

> > work?

> > > > > > Please help - - I've been working on this for over a week now!

> What

> > am

> > > I
> > > > > > missing?
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >

> >
> >

>
>

[Perecli Manole]

I have implemented forms authentication which works fine as tested from a
browser on my dev machine. Now that I am ready to deploy I am noticeing a
problem. Any other computer that accesses the site served by IIS from my
machine gets an Windows Authentication prompt but only on certain pages. For
example after logging in through forms the home page loads fine but when
going to another page from the menu the Windows login pops up. What could be
the problem?

Perry

[keeper7k]

Hi Everyone...

I have a strange problem..
I managed to perform authentication (cookie & cookieless ) and
get redirected to a default page, but when i try to move to
another page within the protected area, i get prompted for the login
page again...

My Web.Cofig in the authorization section looks like this :

<authorization>
<deny users="?" />
</authorization>

Any suggestions would be appreciated..
Thanks in advance...

[Jeff]

Are the pages you are redirecting to in the same web app? If not, you need
to set the MachineKey value in the machine.config file to not be
automatically assigned. This causes each site to get its own
encrypt/decrypt keys causing each site to need it's own authentication. You
can info on how to set the keys here:
[url]http://support.microsoft.com/default.aspx?scid=kb;EN-US;312906[/url]

HTH,
Jeff

"keeper7k" <keeper7k@no.spam.com> wrote in message
news:MPG.1a2c1befca02574f989680@news.otenet.gr...

> Hi Everyone...
>
> I have a strange problem..
> I managed to perform authentication (cookie & cookieless ) and
> get redirected to a default page, but when i try to move to
> another page within the protected area, i get prompted for the login
> page again...
>
> My Web.Cofig in the authorization section looks like this :
>
> <authorization>
> <deny users="?" />
> </authorization>
>
> Any suggestions would be appreciated..
> Thanks in advance...

[Rafi]

Hi,

I have problem with my application and I don't know how to solve it.
I am using forms authentication to secure some subdirectories. When I want
to access MojeAukcje.aspx I am redirected to the Login.aspx what I obviously
inteded, but after typing correct login and password I am still redirected
to the Login.aspx and not to MojeAukcje.aspx as I would like to be.

My web.config file is in the root directory Aukcja, its code:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="RemotUOnly" />
<authentication mode="Forms">
<forms name=".NoweCiacho"
loginUrl="http://lokalhost/Aukcja/Login/Login.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
<trace enbled="false" requestLimit="10" pageOutput="false"
treMode="SortByTime" localOnly="true" />
<sessionState mode="InProc" stateConnectionString="tpip=127.0.0.1:42424"
sqlConnUctionString="datL soure=127.0.0.1;user id=sa;password="
cookielU,s="false" timeout="20" />
<globalization requestEncoding="utf-8" responsUEncoding="utf-8" />
</system.web>
<location path="Login">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="NewUser">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="MojeAukcje">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>

My Login.aspx.cs file I have:
.........
private void BtZatwierdz_Click(object sender, System.EventArgs e)
{
LogowanieProc.Parameters["@login"].Value = TBLogin.Text;
LogowanieProc.Parameters["@haslo"].Value =
FormsAuthentication.HashPasswordForStoringInConfig File(TBHaslo.Text,"MD5");

LogowanieProc.Connection.Open();
LogowanieProc.ExecuteReader();
LogowanieProc.Connection.Close();

if (LogowanieProc.Parameters["@wynik"].Value.ToString() == "1") // if
password and login are correct it will be true
{
HttpCookie cookie = new HttpCookie(".NoweCiacho");
cookie.Expires = DateTime.Now.AddMinutes(10);
cookie["user"] = TBLogin.Text;
Response.Cookies.Add(cookie);

string returnUrl = Request.QueryString["ReturnUrl"];

if (returnUrl == null)
returnUrl = "http://localhost/Aukcja/troll.aspx";
Response.Redirect(returnUrl);
}
else
{
LbBlad.Text = "Nieprawid³owy login lub has³o. "; //Incorrect login or
password
}
}
.........

Where is my mistake? Can anybody tell me, pls.

Rafi

[Mark Berryman]

After you've verified the user's password and login are correct, you need
to execute "FormsAuthentication.RedirectFromLoginPage(... )". This will
auto-generate a cookie which holds an authentication ticket. You don't
need to create one explicitly unless you want to add some additional info
to the ticket.

----------------------------------------------------------------------------
-------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

[smita]

Hi,

May I know how can I use Forms Authentication without storing my
credentials information in web.Config but in some other Xml file of my own .
Since I am creating users at runtime I need to store username and passwords
in a different xml file which i need to use to authenticate the users. But
how do i inform Forms Authentication about this b'coz as far as i know it
searches the credentials section in Web.Config file for authenticating the
users.

Any advice would be helpful.

thanx,
smita.

[Hernan de Lahitte]

Take a look at this article, may be of some help.

[url]http://www.theserverside.net/articles/article.aspx?l=FormAuthentication[/url]


--
Hernan de Lahitte - MSDE
Lagash Systems S.A. - Buenos Aires, Argentina
[url]http://www.lagash.com[/url]



"keeper7k" <keeper7k@no.spam.com> wrote in message
news:MPG.1a2c1befca02574f989680@news.otenet.gr...

> Hi Everyone...
>
> I have a strange problem..
> I managed to perform authentication (cookie & cookieless ) and
> get redirected to a default page, but when i try to move to
> another page within the protected area, i get prompted for the login
> page again...
>
> My Web.Cofig in the authorization section looks like this :
>
> <authorization>
> <deny users="?" />
> </authorization>
>
> Any suggestions would be appreciated..
> Thanks in advance...

[Hernan de Lahitte]

I don´t know why you want to store user credentials in a xml file (despite
you can do it with forms auth) but I definitely don´t recommend you this
practice. I think that is not possible with forms auth to store the creds
outside the web.config file but you might implement your own auth scheme
with the file you want.

--
Hernan de Lahitte - MSDE
Lagash Systems S.A. - Buenos Aires, Argentina
[url]http://www.lagash.com[/url]



"smita" <smita@rarefind.com> wrote in message
news:#4fhZhN4DHA.1596@TK2MSFTNGP10.phx.gbl...

> Hi,
>
> May I know how can I use Forms Authentication without storing my
> credentials information in web.Config but in some other Xml file of my own

..

> Since I am creating users at runtime I need to store username and

passwords

> in a different xml file which i need to use to authenticate the users. But
> how do i inform Forms Authentication about this b'coz as far as i know it
> searches the credentials section in Web.Config file for authenticating the
> users.
>
> Any advice would be helpful.
>
> thanx,
> smita.
>
>
>
>