forms authentication

[Guest]

I am developing a web app and I am trying to use forms authentication. The web.config is as follows

<authentication mode="Forms"><forms name="authCookie" path="/" loginUrl="Login.aspx" protection="All" timeout="30"></forms></authentication><authorization><deny users="?" /><!-- Allow all users --
--></authorization

The code is as follows

private void loginButton_Click(object sender, System.EventArgs e

VerifyUser()



private void VerifyUser(

string user = userText.Text
string password = passwordText.Text
string database = databaseList.SelectedItem.ToString()
string strConnect = "Provider=\"MSDAORA.1\";User ID=" + user + ";Data Source=" + database + ";Password=" + password
OleDbConnection cn = new OleDbConnection(strConnect)
cn.Open()
if (FormsAuthentication.Authenticate(userText.Text, passwordText.Text)

FormsAuthentication.SetAuthCookie("authCookie", false)
Response.Redirect("default.aspx")

els

messageLabel.Text = "Invalid login credentials"

cn.Close()


I know i need some authentication code but I have no idea what it is. Could someone please help with this. The only thing I can find on the web has to do with role based forms authentication. I am not using roles so this is useless to me. Please, I need some help with ther code

Thanks

Dave

 

[Guest]

Hi Dave,

The whole idea surrounding the FormsAuthentication.Authenticate method is to check against a set of stored credentials. Say for instance if you were to include the following code into your web.config file the FormsAuthentication.Authenticate method would check the input against these credentials. (Note i would strongly recommend if you are going to go down this track to hash the passwords and NOT use a clear text format, this if for demo purposes only)

<authentication mode="Forms"><forms name="myForm" loginUrl="login.aspx"><credentials passwordFormat="Clear"><user name="JaneDoe" password="password" /><user name="JohnDoe" password="password" /><user name="JimDoe" password="password" /></credentials></forms></authentication

Also currently if the username and password do not match in the OleDBConnection it will throw an exception and ever authenticate - bring back the message, i would consider using the try {} catch {} finally {} scenario

Regards
Jonathan Rucker

----- Dave Bailey wrote: ----

I am developing a web app and I am trying to use forms authentication. The web.config is as follows

<authentication mode="Forms"><forms name="authCookie" path="/" loginUrl="Login.aspx" protection="All" timeout="30"></forms></authentication><authorization><deny users="?" /><!-- Allow all users --
--></authorization

The code is as follows

private void loginButton_Click(object sender, System.EventArgs e

VerifyUser()



private void VerifyUser(

string user = userText.Text
string password = passwordText.Text
string database = databaseList.SelectedItem.ToString()
string strConnect = "Provider=\"MSDAORA.1\";User ID=" + user + ";Data Source=" + database + ";Password=" + password
OleDbConnection cn = new OleDbConnection(strConnect)
cn.Open()
if (FormsAuthentication.Authenticate(userText.Text, passwordText.Text)

FormsAuthentication.SetAuthCookie("authCookie", false)
Response.Redirect("default.aspx")

els

messageLabel.Text = "Invalid login credentials"

cn.Close()


I know i need some authentication code but I have no idea what it is. Could someone please help with this. The only thing I can find on the web has to do with role based forms authentication. I am not using roles so this is useless to me. Please, I need some help with ther code

Thanks

Dave