Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Form-based Authentication

Reply
Thread Tools

Form-based Authentication

 
 
=?Utf-8?B?QXNpbQ==?=
Guest
Posts: n/a
 
      12-16-2004
I am trying to use Forms-based authentication. I followed MS Support Q301240
article. I want to control access to a folder (swhouse) and its contents.
Below is the sample of actual web.config.

<configuration>
<location path="swhouse" >
<system.web>
<authentication mode="Forms">
<forms name=".partnerslogin"
loginUrl="/CompanyWebsite/partnerlogin.aspx" protection="All"
timeout="30" path="\"></forms>
</authentication>
<authorization>
<allow users = "asim" />
<deny users="?"/>
</authorization>
</system.web>
</location>
<location>
<system.web>
<compilation defaultLanguage="c#" debug="false" />
<authentication mode="None"/>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
</location>
</configuration>

Next I created a webform and named it partnerlogin.aspx. This page contains
2 textboxes, for user name and password, and a submit button, when the user
clicks the submit button the following code is executed (at this time it does
not include any kind of user name validation as I wanted to get this working
first)

private void btnLogin_Click(object sender, System.EventArgs e)
{
try
{
// authenticate user...


// after authentication send to appropriate page or presentation
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
"asim",
System.DateTime.Now,
System.DateTime.Now.AddMinutes(30),
true,
"",
FormsAuthentication.FormsCookiePath);

// Encrypt the ticket.
string encTicket = FormsAuthentication.Encrypt(ticket);

// Create the cookie.
Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
encTicket));

// Redirect back to original URL.
string strRedirect =Request["ReturnUrl"];
if (strRedirect==null)
strRedirect = "partnerlogin.aspx";
Response.Redirect(strRedirect, true);
Response.Redirect(FormsAuthentication.GetRedirectU rl("asim", false));
}
catch (SystemException SysExp)
{
lblErrorMessage.Visible = true;
lblErrorMessage.Text = SysExp.Message;
}

}


Now the problem I am seeing is that the page I am trying to access never
gets rendered. But if I remove <deny users="?"/> from web.config the page
gets rendered. So it seems that I am doing something wrong but I can't
figure what. Any help will be greatly appreciated.


Thanks

Asim

 
Reply With Quote
 
 
 
 
=?Utf-8?B?UGF0cmljay5PLklnZQ==?=
Guest
Posts: n/a
 
      12-17-2004
Asim what do u really want to do?
Do u want to allow only "ASIM" as a user or allow authnticated Users?


"Asim" wrote:

> I am trying to use Forms-based authentication. I followed MS Support Q301240
> article. I want to control access to a folder (swhouse) and its contents.
> Below is the sample of actual web.config.
>
> <configuration>
> <location path="swhouse" >
> <system.web>
> <authentication mode="Forms">
> <forms name=".partnerslogin"
> loginUrl="/CompanyWebsite/partnerlogin.aspx" protection="All"
> timeout="30" path="\"></forms>
> </authentication>
> <authorization>
> <allow users = "asim" />
> <deny users="?"/>
> </authorization>
> </system.web>
> </location>
> <location>
> <system.web>
> <compilation defaultLanguage="c#" debug="false" />
> <authentication mode="None"/>
> <trace enabled="false" requestLimit="10" pageOutput="false"
> traceMode="SortByTime" localOnly="true" />
> <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
> sqlConnectionString="data source=127.0.0.1;user id=sa;password="
> cookieless="false" timeout="20" />
> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
> </system.web>
> </location>
> </configuration>
>
> Next I created a webform and named it partnerlogin.aspx. This page contains
> 2 textboxes, for user name and password, and a submit button, when the user
> clicks the submit button the following code is executed (at this time it does
> not include any kind of user name validation as I wanted to get this working
> first)
>
> private void btnLogin_Click(object sender, System.EventArgs e)
> {
> try
> {
> // authenticate user...
>
>
> // after authentication send to appropriate page or presentation
> FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
> 1,
> "asim",
> System.DateTime.Now,
> System.DateTime.Now.AddMinutes(30),
> true,
> "",
> FormsAuthentication.FormsCookiePath);
>
> // Encrypt the ticket.
> string encTicket = FormsAuthentication.Encrypt(ticket);
>
> // Create the cookie.
> Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
> encTicket));
>
> // Redirect back to original URL.
> string strRedirect =Request["ReturnUrl"];
> if (strRedirect==null)
> strRedirect = "partnerlogin.aspx";
> Response.Redirect(strRedirect, true);
> Response.Redirect(FormsAuthentication.GetRedirectU rl("asim", false));
> }
> catch (SystemException SysExp)
> {
> lblErrorMessage.Visible = true;
> lblErrorMessage.Text = SysExp.Message;
> }
>
> }
>
>
> Now the problem I am seeing is that the page I am trying to access never
> gets rendered. But if I remove <deny users="?"/> from web.config the page
> gets rendered. So it seems that I am doing something wrong but I can't
> figure what. Any help will be greatly appreciated.
>
>
> Thanks
>
> Asim
>

 
Reply With Quote
 
 
 
 
=?Utf-8?B?QXNpbQ==?=
Guest
Posts: n/a
 
      12-17-2004

Patrick

We have some presentations which we want to put on the webserver, but not
all the authenticated users should have access to it. So what I am trying to
do is create separate directories and then give certain users access to those
directories and their contents. Basically user 'A' should have access to
presentation 'A' in directory 'A' but he should not have access to
presentation 'B' in directory 'B'. I want to put the users in the database
and authenticate them once they enter their user name and password. That's
the easy part.

So in the sample code which I added to my post, I want only user "asim" to
have access to the directory "swhouse" and it's contents. But so far what
code is doing is bringing me back to the login page.

Thanks

Asim

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Failed Authentication, Status "Unsupported Authentication Algorithm" Rafael Cisco 1 11-26-2004 03:57 PM
Basic Authentication v. Integrated Windows Authentication w/ Delegation Mark ASP .Net 0 01-20-2004 03:13 PM
ASP.Net Forms authentication with basic authentication popup Brett Porter ASP .Net 2 01-20-2004 02:17 PM
Moving from Baisc Authentication to Forms Authentication raj mandadi ASP .Net 0 12-22-2003 12:16 AM
Forms Authentication, external authentication server, & rerouting to orig. req. URL Andrew Connell ASP .Net 1 10-21-2003 05:41 PM



Advertisments