T
The Eeediot
Hello, ASP.NET gurus!
I have read many pages on setting up a login screen to access a number of web pages using Forms Authentication and I am still trying to wrap my brain around the whole thing. However, I know that my knowledge on this topic has a few gaping holes ('cause it still ain't working!). I am going to present my code and explain what I am trying to accomplish then, hopefully, you'll respond with some helpful suggestions.
The pages are in a folder called "Admin" and will be access through the company's Intranet by the path http://servername/admin/ . The page default.aspx handles the login and verification process and is supposed to move the user to the next page on a successful login.
default.aspx → (successful login) → admin.aspx
The code to verify the login seems to work when accessing the database, etc. However, when I add the lines (I think I need) in the Web.Config file I get a runtime error but I can't see what the problem is because the details are blocked.
Any suggestions / comments?
TIA...
Here's the code:
Web.Config:
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="Forms">
<forms name="Admin"
loginURL="default.aspx"
protection="All"
timeout="20"
path="/Admin" />
</authentication>
</configuration>
Default.aspx:
<%@ Page Language="VB" Inherits="Login" src="Default.vb" autoeventwireup="False" %>
<html>
....
</html>
Default.vb:
' Default.vb
'
Imports Microsoft.VisualBasic
Imports System
Imports System.Web
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Web.UI.HtmlControls
Imports System.Web.Security
Imports System.Data
Imports System.Data.OleDb
Imports System.Data.SqlClient
Public Class Login
'For PostBack
Inherits Page
'Declare web objects
Protected pnlLogin as Panel
Protected pnlInvalidLogin as Panel
Protected txtLoginID as TextBox
Protected txtPassword as TextBox
Protected WithEvents btnLogin as Button
'global connection string for class
Private ConnString as String = "Data Source=SOLOMON4;Initial Catalog=Incident;User ID=Incident;Password=tech"
'Initialize web page with Page_Load
Private Sub Page_Load(sender as Object, e as EventArgs) Handles MyBase.Load
If Me.IsPostBack = False Then
Initialize()
End If
End Sub
Private Sub Initialize()
pnlInvalidLogin.Visible = False
pnlLogin.Visible = True
End Sub
Private Function Validated(ByVal Usr as String, ByVal Pwd as String) as Boolean
'Declare objects
Dim conn as New SqlConnection
Dim cmd as New SqlCommand
Dim dreader as SqlDataReader
'Initialize values
conn.ConnectionString = ConnString
cmd.Connection = conn
cmd.CommandText = "SELECT * FROM Admin"
Try
'Open connetion and import information to DataReader object
conn.Open()
dreader = cmd.ExecuteReader()
'Go through table of valid admin logins
Do While dreader.Read()
If UCase(dreader("LoginName")) = UCase(Usr) Then
Exit Do
Else
Validated = False
End If
Loop
'validate password
If UCase(dreader("Password")) = UCase(Pwd) Then
Validated = True
Else
Validated = False
End If
dreader.Close()
Catch err as Exception
'To err is human...Bail-out!!
Validated = False
Finally
'Clean up
conn.Close()
End Try
End Function
'Event Handlers
Private Sub btnLogin_Click(sender as Object, e as EventArgs) Handles btnLogin.Click
If Validated(txtLoginID.Text, txtPassword.Text) Then
'Redirect to admin.aspx page
Response.Redirect("admin.aspx")
Else
'unsuccessful login
pnlInvalidLogin.Visible = True
pnlLogin.Visible = False
End If
End Sub
End Class
Admin.aspx:
<%@ Page Language="VB" Inherits="Admin" src="Admin.vb" autoeventwireup="False" %>
<html>
....
</html>
Admin.vb:
' Admin.vb
'
Imports Microsoft.VisualBasic
Imports System
Imports System.Web
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Web.UI.HtmlControls
Imports System.Web.Security
Imports System.Data
Imports System.Data.OleDb
Imports System.Data.SqlClient
Public Class Admin
'For PostBack
Inherits Page
Private Sub Page_Load(sender as Object, e as EventArgs) Handles MyBase.Load
'Not sure what to put in here!
End Sub
....
End Class
I have read many pages on setting up a login screen to access a number of web pages using Forms Authentication and I am still trying to wrap my brain around the whole thing. However, I know that my knowledge on this topic has a few gaping holes ('cause it still ain't working!). I am going to present my code and explain what I am trying to accomplish then, hopefully, you'll respond with some helpful suggestions.
The pages are in a folder called "Admin" and will be access through the company's Intranet by the path http://servername/admin/ . The page default.aspx handles the login and verification process and is supposed to move the user to the next page on a successful login.
default.aspx → (successful login) → admin.aspx
The code to verify the login seems to work when accessing the database, etc. However, when I add the lines (I think I need) in the Web.Config file I get a runtime error but I can't see what the problem is because the details are blocked.
Any suggestions / comments?
TIA...
Here's the code:
Web.Config:
<!-- Web.Config Configuration File -->
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
<authorization>
<deny users="?" />
</authorization>
<authentication mode="Forms">
<forms name="Admin"
loginURL="default.aspx"
protection="All"
timeout="20"
path="/Admin" />
</authentication>
</configuration>
Default.aspx:
<%@ Page Language="VB" Inherits="Login" src="Default.vb" autoeventwireup="False" %>
<html>
....
</html>
Default.vb:
' Default.vb
'
Imports Microsoft.VisualBasic
Imports System
Imports System.Web
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Web.UI.HtmlControls
Imports System.Web.Security
Imports System.Data
Imports System.Data.OleDb
Imports System.Data.SqlClient
Public Class Login
'For PostBack
Inherits Page
'Declare web objects
Protected pnlLogin as Panel
Protected pnlInvalidLogin as Panel
Protected txtLoginID as TextBox
Protected txtPassword as TextBox
Protected WithEvents btnLogin as Button
'global connection string for class
Private ConnString as String = "Data Source=SOLOMON4;Initial Catalog=Incident;User ID=Incident;Password=tech"
'Initialize web page with Page_Load
Private Sub Page_Load(sender as Object, e as EventArgs) Handles MyBase.Load
If Me.IsPostBack = False Then
Initialize()
End If
End Sub
Private Sub Initialize()
pnlInvalidLogin.Visible = False
pnlLogin.Visible = True
End Sub
Private Function Validated(ByVal Usr as String, ByVal Pwd as String) as Boolean
'Declare objects
Dim conn as New SqlConnection
Dim cmd as New SqlCommand
Dim dreader as SqlDataReader
'Initialize values
conn.ConnectionString = ConnString
cmd.Connection = conn
cmd.CommandText = "SELECT * FROM Admin"
Try
'Open connetion and import information to DataReader object
conn.Open()
dreader = cmd.ExecuteReader()
'Go through table of valid admin logins
Do While dreader.Read()
If UCase(dreader("LoginName")) = UCase(Usr) Then
Exit Do
Else
Validated = False
End If
Loop
'validate password
If UCase(dreader("Password")) = UCase(Pwd) Then
Validated = True
Else
Validated = False
End If
dreader.Close()
Catch err as Exception
'To err is human...Bail-out!!
Validated = False
Finally
'Clean up
conn.Close()
End Try
End Function
'Event Handlers
Private Sub btnLogin_Click(sender as Object, e as EventArgs) Handles btnLogin.Click
If Validated(txtLoginID.Text, txtPassword.Text) Then
'Redirect to admin.aspx page
Response.Redirect("admin.aspx")
Else
'unsuccessful login
pnlInvalidLogin.Visible = True
pnlLogin.Visible = False
End If
End Sub
End Class
Admin.aspx:
<%@ Page Language="VB" Inherits="Admin" src="Admin.vb" autoeventwireup="False" %>
<html>
....
</html>
Admin.vb:
' Admin.vb
'
Imports Microsoft.VisualBasic
Imports System
Imports System.Web
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Web.UI.HtmlControls
Imports System.Web.Security
Imports System.Data
Imports System.Data.OleDb
Imports System.Data.SqlClient
Public Class Admin
'For PostBack
Inherits Page
Private Sub Page_Load(sender as Object, e as EventArgs) Handles MyBase.Load
'Not sure what to put in here!
End Sub
....
End Class