Hi Scott, Heres the scene( big page and lots of code). i have a home page.
top bar has header user control. left bar has navigation user control and
then footer control on the bottom. i have images with hidden panels(with
links to pages) in the navigation Ucontrol. right under the images i have a
panel with table that has text fields to enter id and password. once
validated the panel for login is hidden(visible=false). users can click on
images to display the panels and click on links to navigate (at least that's
the idea). i can click on image and execute server.transfer from code behind
which navigates to the other page, however if you have a hyperlink (<a></a>)
etc then they cannot. instead they are posted back to the same
page(home.aspx.).
Here's the code from the codebehind file. sorry for such a long entry......
namespace LHW
{
using System;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Data.OleDb;
using System.Security.Cryptography;
using System.Web.Security;
/// <summary>
/// Summary description for Navigation.
/// </summary>
public class Navigation : System.Web.UI.UserControl
{
protected System.Web.UI.WebControls.ImageButton LHW_ImageProperty;
protected System.Web.UI.WebControls.HyperLink HyperLink1;
protected System.Web.UI.WebControls.HyperLink Hyperlink2;
protected System.Web.UI.WebControls.Panel LHW_PanelProperty;
protected System.Web.UI.WebControls.ImageButton ImageButton1;
protected System.Web.UI.WebControls.HyperLink Hyperlink3;
protected System.Web.UI.WebControls.HyperLink Hyperlink4;
protected System.Web.UI.WebControls.Panel LHW_PanelContacts;
protected System.Web.UI.WebControls.ImageButton ImageButton2;
protected System.Web.UI.WebControls.ImageButton ImageButton3;
protected System.Web.UI.WebControls.Panel LHW_PanelPID;
protected System.Web.UI.HtmlControls.HtmlInputButton Submit1;
protected System.Web.UI.HtmlControls.HtmlInputButton Reset1;
protected System.Web.UI.WebControls.RequiredFieldValidator
LHW_RequiredFieldPassword;
protected System.Web.UI.WebControls.RequiredFieldValidator
LHW_RequiredFieldID;
protected System.Web.UI.WebControls.TextBox LHW_TextFieldPassword;
protected System.Web.UI.WebControls.Label lblMessage;
protected System.Web.UI.WebControls.TextBox LHW_TextFieldID;
protected System.Web.UI.WebControls.HyperLink LHW_HyperlinkAddUser;
protected System.Web.UI.WebControls.HyperLink LHW_HyperlinCRM;
protected System.Web.UI.WebControls.Panel LHW_PanelAdmin;
protected System.Web.UI.HtmlControls.HtmlTable LHW_TableLogin;
protected System.Web.UI.WebControls.Panel LHW_PanelLogin;
protected System.Web.UI.WebControls.ImageButton ImageButton4;
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.LHW_ImageProperty.Click += new
System.Web.UI.ImageClickEventHandler(this.LHW_ImageProperty_Click);
this.ImageButton1.Click += new
System.Web.UI.ImageClickEventHandler(this.ImageButton1_Click);
this.ImageButton4.Click += new
System.Web.UI.ImageClickEventHandler(this.ImageButton4_Click);
this.Submit1.ServerClick += new
System.EventHandler(this.Submit1_ServerClick);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void LHW_ImageProperty_Click(object sender,
System.Web.UI.ImageClickEventArgs e)
{
LHW_PanelProperty.Visible=true;
LHW_PanelContacts.Visible=false;
LHW_PanelAdmin.Visible=false;
}
private void ImageButton1_Click(object sender,
System.Web.UI.ImageClickEventArgs e)
{
LHW_PanelProperty.Visible=false;
LHW_PanelContacts.Visible=true;
LHW_PanelAdmin.Visible=false;
}
public void UpdateLabel(object sender, ApplicationEventArgs e)
{
//Set The Label Properties
string test;
test=e.Application.Trim();
if (String.Compare(test, "Property Information Database").Equals(0))
{
LHW_PanelPID.Visible=true;
}
else
{
LHW_PanelPID.Visible=false;
}
//this.myText.ForeColor = System.Drawing.Color.FromName(e.Color);
}
private static string CreateSalt(int size)
{
// Generate a cryptographic random number using the cryptographic
// service provider
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
byte[] buff = new byte[size];
rng.GetBytes(buff);
// Return a Base64 string representation of the random number
return Convert.ToBase64String(buff);
}
private static string CreatePasswordHash(string pwd, string salt)
{
string saltAndPwd = String.Concat(pwd, salt);
string hashedPwd =
FormsAuthentication.HashPasswordForStoringInConfigFile(
saltAndPwd, "SHA1");
return hashedPwd;
}
private void Submit1_ServerClick(object sender, System.EventArgs e)
{
bool passwordVerified = false;
try
{
passwordVerified =
VerifyPassword(LHW_TextFieldID.Text,LHW_TextFieldPassword.Text);
}
catch(Exception ex)
{
lblMessage.Text = ex.Message;
lblMessage.Visible=true;
return;
}
if (passwordVerified == true )
{
// The user is authenticated
// At this point, an authentication ticket is normally created
// This can subsequently be used to generate a GenericPrincipal
// object for .NET authorization purposes
// For details, see "How To: Use Forms authentication with
// GenericPrincipal objects
lblMessage.Text = "Logon successful: User is authenticated";
LHW_PanelLogin.Visible=false;
LHW_PanelAdmin.Visible=true;
}
else
{
lblMessage.Text = "Invalid username or password";
lblMessage.Visible=true;
}
}
private bool VerifyPassword(string suppliedUserName,
string suppliedPassword )
{
bool passwordMatch = false;
// Get the salt and pwd from the database based on the user name.
// See "How To: Use DPAPI (Machine Store) from ASP.NET," "How To:
// Use DPAPI (User Store) from Enterprise Services," and "How To:
// Create a DPAPI Library" for more information about how to use
// DPAPI to securely store connection strings.
SqlConnection conn = new SqlConnection( "Server=(local);" +
"Integrated Security=SSPI;" +
"database=UserAccounts");
SqlCommand cmd = new SqlCommand( "LookupUser", conn );
cmd.CommandType = CommandType.StoredProcedure;
SqlParameter sqlParam = cmd.Parameters.Add("@userName",
SqlDbType.VarChar,
255);
sqlParam.Value = suppliedUserName;
try
{
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
reader.Read(); // Advance to the one and only row
// Return output parameters from returned data stream
string dbPasswordHash = reader.GetString(0);
string salt = reader.GetString(1);
reader.Close();
// Now take the salt and the password entered by the user
// and concatenate them together.
string passwordAndSalt = String.Concat(suppliedPassword, salt);
// Now hash them
string hashedPasswordAndSalt
=FormsAuthentication.HashPasswordForStoringInConfigFile(passwordAndSalt,"SHA1");
// Now verify them.
passwordMatch = hashedPasswordAndSalt.Equals(dbPasswordHash);
}
catch (Exception ex)
{
throw new Exception("Execption verifying password. " +
ex.Message);
}
finally
{
conn.Close();
}
return passwordMatch;
}
private void ImageButton4_Click(object sender,
System.Web.UI.ImageClickEventArgs e)
{
Server.Transfer("./admin/adduser.aspx");
}
}
}
:
Manny, how are you logging in the user with forms authentication? That
is, what does your code look like in the login.aspx page? Are you using
FormsAuthentication.RedirectFromLoginPage()?
--
Scott Mitchell
(e-mail address removed)
http://www.4GuysFromRolla.com
* When you think ASP.NET, think 4GuysFromRolla.com!
