Forms autentication and registration page - some advices


N

NWx

Hi,

I implement forms authentication in my application.
So I have a login form.
Actually I have two custom Web controls, one to login and one to redirect
user to Register page

Login custom control perform some client-side validation if username or
password are empty

I have two problems:

1. Even if user click on register button (which is on Register user
control), my page performs client side validation for username and password
from Login user control. How can I prevent this? I can disable client-side
validation, but I don't want this.

2. Usually I shouldn't be able to access register page, since I'm not
authenticated.
So I "trick" the application, and I authenticate with a "dummy" user name,
with a code as below, in cmdRegister_click:
FormsAuthentication.SetAuthCookie("guest", False)

Response.Redirect("register.aspx")

Also, I created a custom header control I place on every page, which check
in page_load if current user is guest and page is <> register.aspx, and in
this case calls signoff, to avoid user to access a protected page by typing
its name in address bar after loading Register.aspx.

Is this solution safe enough? Can anyone suggest any better approach?

Thank you.
 
Ad

Advertisements

S

Saravana [MVP]

1. Even if user click on register button (which is on Register user
control), my page performs client side validation for username and password
from Login user control. How can I prevent this? I can disable client-side
validation, but I don't want this.

You can set "CausesValidation" for register button to false,so it wont do
validation.
2. Usually I shouldn't be able to access register page, since I'm not
authenticated.
So I "trick" the application, and I authenticate with a "dummy" user name,
with a code as below, in cmdRegister_click:
FormsAuthentication.SetAuthCookie("guest", False)

You can set authorization setting for particular file using location tag,
for this file alone give
access to all the user for all other file deny access to unauthenticated
user. For example to set
authorization permission for particular page,
<location path="<filename>">
<system.web>
<autorization>
<allow users="*">
</autorization>
</system.web>
</location>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top