Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Problem with FormsAuthentication and SetAuthCookie

Reply
Thread Tools

Problem with FormsAuthentication and SetAuthCookie

 
 
David Colliver
Guest
Posts: n/a
 
      06-09-2005
Hi all,

I am having a slight problem with my app and authentication.

My system uses Microsoft CMS 2002, so what I have needs to fit around that.
In this case, I am not using CMS to manage the authentication. I am using SQL
Server.

Here is what I want to achieve...

Because I am using CMS, I don't want to have to create hundreds of different
pages to manage different parts of one application as this would require that
I create hundreds of templates. I need it to be as simple as possible, so I
build up the page in panels, switching off and on when needed.

My page has:
[PANEL] UserName/Password boxes and a Login Button.

[PANEL] Tabstrip

[PANEL[s]] application contents.

Naturally, first entry to the page should only show the login panel. This it
does admirably.

I enter my details and it shows the tabstrip panel. I click on an item in
the tabstrip to view the app content. However, the Login Panel now shows up
as well as the app content. (This is a logic problem that I can fix later...)

The issue is that after I setauthcookie, I am still not authenticated.

I am trying to avoid having seperate login pages and redirectors to another
page, so my login code and app code are all in the same page.

In my page load, I have...

if (User.Identity.IsAuthenticated)
{
TabListPanel.Visible = true;
Trace.Warn("Auth", DateTime.Now.ToString());
}
else
{
LoginPanel.Visible = true;
}

In my button click event, I have:

CheckLogin();

CkeckLogin is:

try
{
sqlConn.Open();

SqlDataAdapter cmd;

if (User.Identity.IsAuthenticated)
{
cmd = new SqlDataAdapter("select * from myuser where username = '" +
User.Identity.Name + "'", sqlConn);
}
else
{
cmd = new SqlDataAdapter("select * from myuser where username = '" +
LoginBox.Text.Replace("'", "''") + "' and password = '" +
PasswordBox.Text.Replace("'", "''") + "'", sqlConn);
}

DataSet Login = new DataSet();
cmd.Fill(Login, "UserDetails");

if (Login.Tables["UserDetails"].Rows.Count > 0)
{
// Write the authentication cookie.
FormsAuthentication.SetAuthCookie(LogintBox.Text, true);
// Remove login panel, show links (TAB) panel.
LoginPanel.Visible = false;
TabListPanel.Visible = true;
}
}
finally
{
sqlConn.Close();
}


To me, everything is as it should be, but after I login, the
User.Identity.IsAuthenticated in PageLoad returns false.

How can I get around this?

Thanks.

Regards,
Dave Colliver.
http://www.AshfieldFOCUS.com
~~
http://www.FOCUSPortals.com - Portal franchises available

 
Reply With Quote
 
 
 
 
David Colliver
Guest
Posts: n/a
 
      06-16-2005
Anybody???


Regards,
Dave Colliver.
http://www.SheffieldFOCUS.com
~~
http://www.FOCUSPortals.com - Portal franchises available


"David Colliver" wrote:

> Hi all,
>
> I am having a slight problem with my app and authentication.
>
> My system uses Microsoft CMS 2002, so what I have needs to fit around that.
> In this case, I am not using CMS to manage the authentication. I am using SQL
> Server.
>
> Here is what I want to achieve...
>
> Because I am using CMS, I don't want to have to create hundreds of different
> pages to manage different parts of one application as this would require that
> I create hundreds of templates. I need it to be as simple as possible, so I
> build up the page in panels, switching off and on when needed.
>
> My page has:
> [PANEL] UserName/Password boxes and a Login Button.
>
> [PANEL] Tabstrip
>
> [PANEL[s]] application contents.
>
> Naturally, first entry to the page should only show the login panel. This it
> does admirably.
>
> I enter my details and it shows the tabstrip panel. I click on an item in
> the tabstrip to view the app content. However, the Login Panel now shows up
> as well as the app content. (This is a logic problem that I can fix later...)
>
> The issue is that after I setauthcookie, I am still not authenticated.
>
> I am trying to avoid having seperate login pages and redirectors to another
> page, so my login code and app code are all in the same page.
>
> In my page load, I have...
>
> if (User.Identity.IsAuthenticated)
> {
> TabListPanel.Visible = true;
> Trace.Warn("Auth", DateTime.Now.ToString());
> }
> else
> {
> LoginPanel.Visible = true;
> }
>
> In my button click event, I have:
>
> CheckLogin();
>
> CkeckLogin is:
>
> try
> {
> sqlConn.Open();
>
> SqlDataAdapter cmd;
>
> if (User.Identity.IsAuthenticated)
> {
> cmd = new SqlDataAdapter("select * from myuser where username = '" +
> User.Identity.Name + "'", sqlConn);
> }
> else
> {
> cmd = new SqlDataAdapter("select * from myuser where username = '" +
> LoginBox.Text.Replace("'", "''") + "' and password = '" +
> PasswordBox.Text.Replace("'", "''") + "'", sqlConn);
> }
>
> DataSet Login = new DataSet();
> cmd.Fill(Login, "UserDetails");
>
> if (Login.Tables["UserDetails"].Rows.Count > 0)
> {
> // Write the authentication cookie.
> FormsAuthentication.SetAuthCookie(LogintBox.Text, true);
> // Remove login panel, show links (TAB) panel.
> LoginPanel.Visible = false;
> TabListPanel.Visible = true;
> }
> }
> finally
> {
> sqlConn.Close();
> }
>
>
> To me, everything is as it should be, but after I login, the
> User.Identity.IsAuthenticated in PageLoad returns false.
>
> How can I get around this?
>
> Thanks.
>
> Regards,
> Dave Colliver.
> http://www.AshfieldFOCUS.com
> ~~
> http://www.FOCUSPortals.com - Portal franchises available
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
URGENT: FormsAuthentication.SetAuthCookie fails in IE6 Cirene ASP .Net 2 06-25-2008 07:58 PM
ASP.NET 2.0 RTM breaks FormsAuthentication.SetAuthCookie cookie Bill Henning ASP .Net 8 11-09-2005 04:48 PM
problem with SetAuthCookie Pascal.Landry ASP .Net Security 0 03-03-2005 03:41 PM
FormsAuthentication.SetAuthCookie issue with domains w/o www fadi ASP .Net 0 01-08-2005 06:51 PM
SetAuthCookie problem Cheung Wang Tin ASP .Net Security 0 07-05-2004 09:32 AM



Advertisments