Forms Authentication problem with IsAuthenticated

[Bob Hansen]

Hello All,

I am trying to set up forms authentication for an ASP.NET web site. I
programmed quite a bit of stuff with custom IPrincipal and IIdentity objects
and everything only to find out that none of it worked. After fiddling
around with things I decided to try a really basic example. A set some
values in the web.config as follows...

<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>

I then created a simple login.aspx page and a default.aspx page with no
implementation. The only thing I wanted to do was see if accessing the
default.aspx page would bring up the login.aspx page as expected. Didnt
work. Not only that, but on further inspection of the
Context.User.Identity.IsAuthenticated property revealed that I am always
authenticated. I cannot unauthenticate myself. Further, the
Context.User.Identity.Name comes up as my login name for windows complete
with network domain!

Is there a configuration option I am missing somewhere? Is there something
in IIS that needs to be set? Please help!!!

Cheers,

Bob Hansen
JASCorp, L.L.C.
[url]www.jasrx.com[/url]
[url]www.jascorp.com[/url]

[.NET Follower]

hv u set the cookie in the login code
just ad the
if (HttpContext.Current.User != null)

{

if (Request.IsAuthenticated)

{

FormsAuthenticationTicket authTicket=null;

string strCookieName=FormsAuthentication.FormsCookieName;

HttpCookie authCookie=Context.Request.Cookies[strCookieName];


if (authCookie==null)

{

return;

}

else

{

authTicket=FormsAuthentication.Decrypt(authCookie. Value);

string[] strarrUserGroups=authTicket.UserData.Split(new char[]{'|'});


FormsIdentity Id=new FormsIdentity(authTicket);

GenericPrincipal principal=new GenericPrincipal(Id,strarrUserGroups);

}

}

}

and set cookie in login code with

methods of sormsauth class

and it will definatley work...

mine is working




--
Thanks and Regards,

Amit Agarwal
Software Programmer(.NET)
"Bob Hansen" <bhansen200@jascorp.com> wrote in message
news:uRnAxF26DHA.3704@tk2msftngp13.phx.gbl...

> Hello All,
>
> I am trying to set up forms authentication for an ASP.NET web site. I
> programmed quite a bit of stuff with custom IPrincipal and IIdentity

objects

> and everything only to find out that none of it worked. After fiddling
> around with things I decided to try a really basic example. A set some
> values in the web.config as follows...
>
> <authentication mode="Forms">
> <forms name=".ASPXAUTH" loginUrl="Login.aspx" />
> </authentication>
> <authorization>
> <deny users="?" />
> <allow users="*" />
> </authorization>
>
> I then created a simple login.aspx page and a default.aspx page with no
> implementation. The only thing I wanted to do was see if accessing the
> default.aspx page would bring up the login.aspx page as expected. Didnt
> work. Not only that, but on further inspection of the
> Context.User.Identity.IsAuthenticated property revealed that I am always
> authenticated. I cannot unauthenticate myself. Further, the
> Context.User.Identity.Name comes up as my login name for windows complete
> with network domain!
>
> Is there a configuration option I am missing somewhere? Is there

something

> in IIS that needs to be set? Please help!!!
>
> Cheers,
>
> Bob Hansen
> JASCorp, L.L.C.
> [url]www.jasrx.com[/url]
> [url]www.jascorp.com[/url]
>
>
>
>

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
Version: 6.0.577 / Virus Database: 366 - Release Date: 2/3/2004

[Madan Nayak]

Hi...

Let me explain you some more details...

Actually authentication and CustomPrincipal are little different topics...

In the authentication process you validate the credentials of a user gaiants
any authority.... Only when the user is authenticated, you can use this
authentication information for further to maintain the context the current
user....to achieve the role based security...

For that you have to ceate the custom principal by implementting IPrincipal
Interface. It takes identity and roles to creat the custom principal... and
the setting the custom principal in global.asax.cs / vb page...in an event
called application_authentication beginrequest...

Thanks
".NET Follower" <amitagarwal-NET@SoftHome.net> wrote in message
news:%23vMx%23nG7DHA.1852@TK2MSFTNGP10.phx.gbl...

> hv u set the cookie in the login code
> just ad the
> if (HttpContext.Current.User != null)
>
> {
>
> if (Request.IsAuthenticated)
>
> {
>
> FormsAuthenticationTicket authTicket=null;
>
> string strCookieName=FormsAuthentication.FormsCookieName;
>
> HttpCookie authCookie=Context.Request.Cookies[strCookieName];
>
>
> if (authCookie==null)
>
> {
>
> return;
>
> }
>
> else
>
> {
>
> authTicket=FormsAuthentication.Decrypt(authCookie. Value);
>
> string[] strarrUserGroups=authTicket.UserData.Split(new char[]{'|'});
>
>
> FormsIdentity Id=new FormsIdentity(authTicket);
>
> GenericPrincipal principal=new GenericPrincipal(Id,strarrUserGroups);
>
> }
>
> }
>
> }
>
> and set cookie in login code with
>
> methods of sormsauth class
>
> and it will definatley work...
>
> mine is working
>
>
>
>
> --
> Thanks and Regards,
>
> Amit Agarwal
> Software Programmer(.NET)
> "Bob Hansen" <bhansen200@jascorp.com> wrote in message
> news:uRnAxF26DHA.3704@tk2msftngp13.phx.gbl...

> > Hello All,
> >
> > I am trying to set up forms authentication for an ASP.NET web site. I
> > programmed quite a bit of stuff with custom IPrincipal and IIdentity

> objects

> > and everything only to find out that none of it worked. After fiddling
> > around with things I decided to try a really basic example. A set some
> > values in the web.config as follows...
> >
> > <authentication mode="Forms">
> > <forms name=".ASPXAUTH" loginUrl="Login.aspx" />
> > </authentication>
> > <authorization>
> > <deny users="?" />
> > <allow users="*" />
> > </authorization>
> >
> > I then created a simple login.aspx page and a default.aspx page with no
> > implementation. The only thing I wanted to do was see if accessing the
> > default.aspx page would bring up the login.aspx page as expected. Didnt
> > work. Not only that, but on further inspection of the
> > Context.User.Identity.IsAuthenticated property revealed that I am always
> > authenticated. I cannot unauthenticate myself. Further, the
> > Context.User.Identity.Name comes up as my login name for windows

complete

> > with network domain!
> >
> > Is there a configuration option I am missing somewhere? Is there

> something

> > in IIS that needs to be set? Please help!!!
> >
> > Cheers,
> >
> > Bob Hansen
> > JASCorp, L.L.C.
> > [url]www.jasrx.com[/url]
> > [url]www.jascorp.com[/url]
> >
> >
> >
> >

>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system ([url]http://www.grisoft.com[/url]).
> Version: 6.0.577 / Virus Database: 366 - Release Date: 2/3/2004
>
>