system.web.security

[Tony B]

Hi All

I am quite new to asp.net and have been following an example of using
Forms authentication on a web app.

I believe that i have coded this OK but when i enter the username and
password I do not get redirected to the start page (webform1.aspx)

here is my WEB.config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<system.web>

<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to insert debugging symbols
(.pdb information)
into the compiled page. Because this creates a larger file
that executes
more slowly, you should set this value to true only when
debugging and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage="vb" debug="true" />

<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom
error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.

"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to
users not running
on the local Web server. This setting is recommended for
security purposes, so
that you do not display application detail information to
remote clients.
-->
<customErrors mode="RemoteOnly" />

<!-- AUTHENTICATION
This section sets the authentication policies of the
application. Possible modes are "Windows",
"Forms", "Passport" and "None"

"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or
Integrated Windows) according to
its settings for the application. Anonymous access must be
disabled in IIS.
"Forms" You provide a custom form (Web page) for users to
enter their credentials, and then
you authenticate them in your application. A user
credential token is stored in a cookie.
"Passport" Authentication is performed via a centralized
authentication service provided
by Microsoft that offers a single logon and core profile
services for member sites.
-->
<authentication mode="Forms" >
<forms loginUrl="login.aspx">
<credentials passwordFormat="Clear">
<user name="tony" password="password"/>
</credentials>
</forms>
</authentication>


<authorization>
<deny users="?" />
</authorization>

<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every
page within an application.
Set trace enabled="true" to enable application trace
logging. If pageOutput="true", the
trace information will be displayed at the bottom of each
page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from
your web application
root.
-->
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />


<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests
belong to a particular session.
If cookies are not available, a session can be tracked by
adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>

<!-- GLOBALIZATION
This section sets the globalization settings of the
application.
-->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />

</system.web>

</configuration>

This is the start page code

Imports System.Web.Security


Public Class WebForm1
Inherits System.Web.UI.Page

#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub
InitializeComponent()

End Sub

'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form
Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub

End Class

and here is the login.aspx Code

Imports System.Web.Security


Public Class login
Inherits System.Web.UI.Page

#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub
InitializeComponent()

End Sub
Protected WithEvents tbusername As
System.Web.UI.WebControls.TextBox
Protected WithEvents tbPassword As
System.Web.UI.WebControls.TextBox
Protected WithEvents Label1 As System.Web.UI.WebControls.Label
Protected WithEvents Label2 As System.Web.UI.WebControls.Label
Protected WithEvents Button1 As System.Web.UI.WebControls.Button

'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form
Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e
As System.EventArgs) Handles Button1.Click
If FormsAuthentication.Authenticate(tbusername.Text, True)
Then
FormsAuthentication.RedirectFromLoginPage(tbuserna me.Text,
True)
Else
tbPassword.Text = ""
End If
End Sub
End Class

and the html

<%@ Page Language="vb" AutoEventWireup="false"
Codebehind="login.aspx.vb" Inherits="WebTCMM.login"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<title>login</title>
<meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR">
<meta content="Visual Basic .NET 7.1" name="CODE_LANGUAGE">
<meta content="JavaScript" name="vs_defaultClientScript">
<meta content="http://schemas.microsoft.com/intellisense/ie5"
name="vs_targetSchema">
</HEAD>
<body MS_POSITIONING="GridLayout">
<form id="Form1" method="post" runat="server">
<asp:textbox id="tbusername" style="Z-INDEX: 101; LEFT: 312px;
POSITION: absolute; TOP: 88px"
runat="server"></asp:textbox><asp:textbox id="tbPassword"
style="Z-INDEX: 102; LEFT: 312px; POSITION: absolute; TOP: 128px"
runat="server" TextMode="Password"></asp:textbox><asp:label
id="Label1" style="Z-INDEX: 103; LEFT: 240px; POSITION: absolute; TOP:
96px" runat="server">Label</asp:label><asp:label id="Label2"
style="Z-INDEX: 104; LEFT: 240px; POSITION: absolute; TOP: 136px"
runat="server">Label</asp:label><asp:button id="Button1"
style="Z-INDEX: 105; LEFT: 352px; POSITION: absolute; TOP: 168px"
runat="server"
Text="Button"></asp:button></form>
</body>
</HTML>


Where am I going wrong??

TIA Tony

[ranganh]

Dear Tony

You have to change the following line of code as below :

If FormsAuthentication.Authenticate(tbusername.Text, tbPassword.Text) The

it will work

hope it helps

----- Tony B wrote: ----

Hi Al

I am quite new to asp.net and have been following an example of usin
Forms authentication on a web app

I believe that i have coded this OK but when i enter the username an
password I do not get redirected to the start page (webform1.aspx

here is my WEB.confi

<?xml version="1.0" encoding="utf-8" ?><configuration><system.web><!-- DYNAMIC DEBUG COMPILATIO
Set compilation debug="true" to insert debugging symbol
(.pdb information
into the compiled page. Because this creates a larger fil
that execute
more slowly, you should set this value to true only whe
debugging and t
false at all other times. For more information, refer to th
documentation abou
debugging ASP.NET files
--><compilation defaultLanguage="vb" debug="true" /><!-- CUSTOM ERROR MESSAGE
Set customErrors mode="On" or "RemoteOnly" to enable custo
error messages, "Off" to disable
Add <error> tags for each of the errors you want to handle

"On" Always display custom (friendly) messages
"Off" Always display detailed ASP.NET error information
"RemoteOnly" Display custom (friendly) messages only t
users not runnin
on the local Web server. This setting is recommended fo
security purposes, s
that you do not display application detail information t
remote clients
--><customErrors mode="RemoteOnly" /><!-- AUTHENTICATION
This section sets the authentication policies of th
application. Possible modes are "Windows"
"Forms", "Passport" and "None

"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, o
Integrated Windows) according t
its settings for the application. Anonymous access must b
disabled in IIS
"Forms" You provide a custom form (Web page) for users t
enter their credentials, and the
you authenticate them in your application. A use
credential token is stored in a cookie
"Passport" Authentication is performed via a centralize
authentication service provide
by Microsoft that offers a single logon and core profil
services for member sites
--><authentication mode="Forms" ><forms loginUrl="login.aspx"><credentials passwordFormat="Clear"><user name="tony" password="password"/></credentials></forms></authentication><authorization><deny users="?" /></authorization><!-- APPLICATION-LEVEL TRACE LOGGIN
Application-level tracing enables trace log output for ever
page within an application
Set trace enabled="true" to enable application trac
logging. If pageOutput="true", th
trace information will be displayed at the bottom of eac
page. Otherwise, you can view th
application trace log by browsing the "trace.axd" page fro
your web applicatio
root.
--><trace enabled="false" requestLimit="10" pageOutput="false
traceMode="SortByTime" localOnly="true" /><!-- SESSION STATE SETTING
By default ASP.NET uses cookies to identify which request
belong to a particular session
If cookies are not available, a session can be tracked b
adding a session identifier to the URL
To disable cookies, set sessionState cookieless="true"
--><sessionState
mode="InProc
stateConnectionString="tcpip=127.0.0.1:42424
sqlConnectionString="dat
source=127.0.0.1;Trusted_Connection=yes
cookieless="false"
timeout="20"
/><!-- GLOBALIZATION
This section sets the globalization settings of the
application.
--><globalization requestEncoding="utf-8" responseEncoding="utf-8" /></system.web></configuration>

This is the start page code

Imports System.Web.Security


Public Class WebForm1
Inherits System.Web.UI.Page

#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub
InitializeComponent()

End Sub

'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form
Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub

End Class

and here is the login.aspx Code

Imports System.Web.Security


Public Class login
Inherits System.Web.UI.Page

#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub
InitializeComponent()

End Sub
Protected WithEvents tbusername As
System.Web.UI.WebControls.TextBox
Protected WithEvents tbPassword As
System.Web.UI.WebControls.TextBox
Protected WithEvents Label1 As System.Web.UI.WebControls.Label
Protected WithEvents Label2 As System.Web.UI.WebControls.Label
Protected WithEvents Button1 As System.Web.UI.WebControls.Button

'NOTE: The following placeholder declaration is required by the
Web Form Designer.
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form
Designer
'Do not modify it using the code editor.
InitializeComponent()
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e
As System.EventArgs) Handles Button1.Click
If FormsAuthentication.Authenticate(tbusername.Text, True)
Then
FormsAuthentication.RedirectFromLoginPage(tbuserna me.Text,
True)
Else
tbPassword.Text = ""
End If
End Sub
End Class

and the html

<%@ Page Language="vb" AutoEventWireup="false"
Codebehind="login.aspx.vb" Inherits="WebTCMM.login"%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><title>login</title><meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"><meta content="Visual Basic .NET 7.1" name="CODE_LANGUAGE"><meta content="JavaScript" name="vs_defaultClientScript"><meta content="http://schemas.microsoft.com/intellisense/ie5"
name="vs_targetSchema"></HEAD><body MS_POSITIONING="GridLayout"><form id="Form1" method="post" runat="server"><asp:textbox id="tbusername" style="Z-INDEX: 101; LEFT: 312px;
POSITION: absolute; TOP: 88px"
runat="server"></asp:textbox><asp:textbox id="tbPassword"
style="Z-INDEX: 102; LEFT: 312px; POSITION: absolute; TOP: 128px"
runat="server" TextMode="Password"></asp:textbox><asp:label
id="Label1" style="Z-INDEX: 103; LEFT: 240px; POSITION: absolute; TOP:
96px" runat="server">Label</asp:label><asp:label id="Label2"
style="Z-INDEX: 104; LEFT: 240px; POSITION: absolute; TOP: 136px"
runat="server">Label</asp:label><asp:button id="Button1"
style="Z-INDEX: 105; LEFT: 352px; POSITION: absolute; TOP: 168px"
runat="server"
Text="Button"></asp:button></form></body></HTML>


Where am I going wrong??

TIA Tony