Problem with Forms Authentication

R

Rob

I'm not sure if I'm missing something but my forms authentication
doesn't work. I'm trying to access my page and I should be redirected to
login.aspx but it just let's me access the page.

Here's my web.config code:

<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>

My login page takes care of the login information:

Dim sql As String
sql = "SELECT username FROM contacts WHERE username ='" &
txtUsername.Text & "' AND password ='" & txtPassword.Text & "'"
Dim cn As SqlConnection = New
SqlConnection(ConfigurationSettings.AppSettings("CONN_STRING"))
Dim comm As SqlCommand = New SqlCommand(sql, cn)
comm.Connection.Open()
Dim reader As SqlDataReader =
comm.ExecuteReader(CommandBehavior.CloseConnection)

If reader.Read() Then
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, True)
Else
lblMessage.Text = "Invalid User"
End If

This web config is in the same folder as my web pages so if I should try
to access "page1.aspx", I should be redirected to login.aspx.

Am I not correct or am I missing something.

Thanks for you help.

Rob
 
G

Greg Burns

I believe is should be:

<authorization>
<deny users="?" />
</authorization>

Greg
 
L

Lucas Tam

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
Click to expand...

Remote allow user="*". You're telling Forms Auth to allow all users access.

If reader.Read() Then
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, True)
Else
lblMessage.Text = "Invalid User"
End If
Click to expand...

You should do a reader.close before redirecting. Otherwise you'll have a
connection leak.
 
R

Rob

Thanks guys,
I made the change you suggested and it still allows me to access the
page???

Rob
 
R

Rob

This is my web.config file. I've removed the comments for clarity.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key=.../>
<add key=.../>
</appSettings>

<system.web>
<compilation defaultLanguage="vb" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" protection="All"
timeout="15" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />


<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user
id=sa;password="
cookieless="false"
timeout="20"
/>

<globalization requestEncoding="utf-8" responseEncoding="utf-8"
/>

</system.web>

</configuration>

Thanks
Rob
 
G

Greg Burns

The page you can access without it redirecting you to login.aspx, it is
still page1.aspx right? Forms authentication will not stop you from viewing
..html files. (grasping here)

You do have anonymous access turned on for the virtual directory (in IIS,
this is the default). This web.config is in the root directory of your
virtual directory right?

<forms name="login" loginUrl="login.aspx" protection="All" timeout="15" />

(you don't need protect="All", that is the default)

Everything looks ok to me. I dunno what is wrong.

Greg
 
R

Rob

Ya, you're right in all cases. I'll keep trying and if I figure it out,
I'll post the results. Thanks for your help.

Rob
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms Authentication Problem... 2
Forms Authentication 4
createPersistentCookie not working in FormsAuthentication.RedirectFromLoginPage 0
Forms authentication: need help urgently !!! 1
HELP !!! forms authentication ! 2
Forms authentication page not called 7
Forms Authentication not Redirecting 1
Forms Authentication - how to read timeout? 1

Top