redirecting from another page besides the login page

[WhiskyRomeo]

We have forms authentication working on a website. A user is presented the
login page where he can login or press a button to go to the Registration
page.

In the Registration page, he puts in his data and submits it. If
successful, he is taken to the login page to reenter is his username,
password. Can we elminate this second step without compromising security?
That is have the system login a user?

I attempted to redirect him from the Registration page, but forms
authentication will not allow that.

The code to do the redirections is very simple:

Private Sub RedirectUser(ByVal strUserName As String)

Dim strReturnURL As String = Request.QueryString.Item("ReturnUrl")
'create authentication ticket
Dim authTicket As New FormsAuthenticationTicket(1, strUserName,
DateTime.Now, DateTime.Now.AddMinutes(20), False, Session("WebRoles"))

'Create encrypted string representation of ticket
Dim strEncryptedTicket As String
Try
strEncryptedTicket = FormsAuthentication.Encrypt(authTicket)
Catch ex As Exception
Session("StringEncrptFailed") = ex.Message
End Try

'Store it within a HttpCookie Object
Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, strEncryptedTicket)
Dim strCookiePath As String = authCookie.Path
'Add it the cookie to the outgoing cookie collection
Try
Response.Cookies.Add(authCookie)
Catch ex As Exception
Session("CookieAddFailed") = ex.Message
End Try

'Redirect the request
Response.Redirect(FormsAuthentication.GetRedirectU rl(strUserName,
True))


End Sub
--
wr

[WhiskyRomeo]

I think the answer to this problem is when the user sucessfully add himself
the following lines of code are executed:

FormsAuthentication.SetAuthCookie(tbEmail.Text, False)
Response.Redirect("Public/Appt.aspx")

I just want to make sure no compromise is made in security. Is there?

"WhiskyRomeo" wrote:

> We have forms authentication working on a website. A user is presented the
> login page where he can login or press a button to go to the Registration
> page.
>
> In the Registration page, he puts in his data and submits it. If
> successful, he is taken to the login page to reenter is his username,
> password. Can we elminate this second step without compromising security?
> That is have the system login a user?
>
> I attempted to redirect him from the Registration page, but forms
> authentication will not allow that.
>
> The code to do the redirections is very simple:
>
> Private Sub RedirectUser(ByVal strUserName As String)
>
> Dim strReturnURL As String = Request.QueryString.Item("ReturnUrl")
> 'create authentication ticket
> Dim authTicket As New FormsAuthenticationTicket(1, strUserName,
> DateTime.Now, DateTime.Now.AddMinutes(20), False, Session("WebRoles"))
>
> 'Create encrypted string representation of ticket
> Dim strEncryptedTicket As String
> Try
> strEncryptedTicket = FormsAuthentication.Encrypt(authTicket)
> Catch ex As Exception
> Session("StringEncrptFailed") = ex.Message
> End Try
>
> 'Store it within a HttpCookie Object
> Dim authCookie As New
> HttpCookie(FormsAuthentication.FormsCookieName, strEncryptedTicket)
> Dim strCookiePath As String = authCookie.Path
> 'Add it the cookie to the outgoing cookie collection
> Try
> Response.Cookies.Add(authCookie)
> Catch ex As Exception
> Session("CookieAddFailed") = ex.Message
> End Try
>
> 'Redirect the request
> Response.Redirect(FormsAuthentication.GetRedirectU rl(strUserName,
> True))
>
>
> End Sub
> --
> wr