Problem with Forms Authentication

  • Thread starter Thread starter Rob
  • Start date Start date
R

Rob

I'm not sure if I'm missing something but my forms authentication
doesn't work. I'm trying to access my page and I should be redirected to
login.aspx but it just let's me access the page.

Here's my web.config code:

<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>

My login page takes care of the login information:

Dim sql As String
sql = "SELECT username FROM contacts WHERE username ='" &
txtUsername.Text & "' AND password ='" & txtPassword.Text & "'"
Dim cn As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings("CONN_STRING"))
Dim comm As SqlCommand = New SqlCommand(sql, cn)
comm.Connection.Open()
Dim reader As SqlDataReader =
comm.ExecuteReader(CommandBehavior.CloseConnection)

If reader.Read() Then
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, True)
Else
lblMessage.Text = "Invalid User"
End If

This web config is in the same folder as my web pages so if I should try
to access "page1.aspx", I should be redirected to login.aspx.

Am I not correct or am I missing something.

Thanks for you help.

Rob
 
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
Click to expand...

Remote allow user="*". You're telling Forms Auth to allow all users access.

If reader.Read() Then
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, True)
Else
lblMessage.Text = "Invalid User"
End If
Click to expand...

You should do a reader.close before redirecting. Otherwise you'll have a
connection leak.
 
Thanks guys,
I made the change you suggested and it still allows me to access the
page???

Rob
 
This is my web.config file. I've removed the comments for clarity.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key=.../>
<add key=.../>
</appSettings>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />


<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password="
cookieless="false"
timeout="20"
/>

<globalization requestEncoding="utf-8" responseEncoding="utf-8"
/>

</system.web>

</configuration>

Thanks
Rob
 
The page you can access without it redirecting you to login.aspx, it is
still page1.aspx right? Forms authentication will not stop you from viewing
..html files. (grasping here)

You do have anonymous access turned on for the virtual directory (in IIS,
this is the default). This web.config is in the root directory of your
virtual directory right?

<forms name="login" loginUrl="login.aspx" protection="All" timeout="15" />

(you don't need protect="All", that is the default)

Everything looks ok to me. I dunno what is wrong.

Greg
 
Ya, you're right in all cases. I'll keep trying and if I figure it out,
I'll post the results. Thanks for your help.

Rob
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms Authentication Problem... 2
Forms Authentication 4
createPersistentCookie not working in FormsAuthentication.RedirectFromLoginPage 0
not enforcing authentication on some page 2
System.InvalidCastException was unhandled by user code 2
Forms authentication: need help urgently !!! 1
HELP !!! forms authentication ! 2
Forms Authentication - how to read timeout? 1

Back
Top