Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > FormsAuthentication.RedirectFromLoginPage

Reply
Thread Tools

FormsAuthentication.RedirectFromLoginPage

 
 
Andy Sutorius
Guest
Posts: n/a
 
      02-16-2005
Hi,

For some reason the login.aspx webpage redirects to itself after a
successful login and not to the url in the address bar. I have stepped
through this with debug and it behaves as it is supposed to. What am I
overlooking? Try it.

http://www.sutorius.com/psyche
click the Administration link
username = user1
password = user1


private void cmdLogin_ServerClick(object sender, System.EventArgs e)
{
if (ValidateUser(txtUserName.Value,txtUserPass.Value) )


FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Value,chkPersistCookie
..Checked);

else

lblMsg.Text = "Invalid Log in";





 
Reply With Quote
 
 
 
 
Steve C. Orr [MVP, MCSD]
Guest
Posts: n/a
 
      02-16-2005
It looks like you've forgotten to call SetAuthCookie.
Here's more info:
http://authors.aspalliance.com/aspxt...uthCookie.aspx

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net


"Andy Sutorius" <(E-Mail Removed)> wrote in message
news:%sLQd.69593$(E-Mail Removed). com...
> Hi,
>
> For some reason the login.aspx webpage redirects to itself after a
> successful login and not to the url in the address bar. I have stepped
> through this with debug and it behaves as it is supposed to. What am I
> overlooking? Try it.
>
> http://www.sutorius.com/psyche
> click the Administration link
> username = user1
> password = user1
>
>
> private void cmdLogin_ServerClick(object sender, System.EventArgs e)
> {
> if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
>
>
> FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Value,chkPersistCookie
> .Checked);
>
> else
>
> lblMsg.Text = "Invalid Log in";
>
>
>
>
>



 
Reply With Quote
 
 
 
 
=?Utf-8?B?QmlsbCBCb3Jn?=
Guest
Posts: n/a
 
      02-16-2005
Steve, doesn't the redirectfromloginpage call create the cookie for you?

Andy, I've also had this when my web.config is not set up correctly to deny
anonymous users and *allow* authenticated users.

Bill

"Steve C. Orr [MVP, MCSD]" wrote:

> It looks like you've forgotten to call SetAuthCookie.
> Here's more info:
> http://authors.aspalliance.com/aspxt...uthCookie.aspx
>
> --
> I hope this helps,
> Steve C. Orr, MCSD, MVP
> http://SteveOrr.net
>
>
> "Andy Sutorius" <(E-Mail Removed)> wrote in message
> news:%sLQd.69593$(E-Mail Removed). com...
> > Hi,
> >
> > For some reason the login.aspx webpage redirects to itself after a
> > successful login and not to the url in the address bar. I have stepped
> > through this with debug and it behaves as it is supposed to. What am I
> > overlooking? Try it.
> >
> > http://www.sutorius.com/psyche
> > click the Administration link
> > username = user1
> > password = user1
> >
> >
> > private void cmdLogin_ServerClick(object sender, System.EventArgs e)
> > {
> > if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
> >
> >
> > FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Value,chkPersistCookie
> > .Checked);
> >
> > else
> >
> > lblMsg.Text = "Invalid Log in";
> >
> >
> >
> >
> >

>
>
>

 
Reply With Quote
 
Andy Sutorius
Guest
Posts: n/a
 
      02-16-2005
Steve,

I don't understand how adding setauthcookie has an effect on the redirect.

Andy


"Steve C. Orr [MVP, MCSD]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> It looks like you've forgotten to call SetAuthCookie.
> Here's more info:
>

http://authors.aspalliance.com/aspxt...uthCookie.aspx
>
> --
> I hope this helps,
> Steve C. Orr, MCSD, MVP
> http://SteveOrr.net
>



 
Reply With Quote
 
Andy Sutorius
Guest
Posts: n/a
 
      02-16-2005
Bill,

Thanks for that. I forgot to put in an allow. This is what my web.config
looks like now. And I am still getting the same response. I am attempting to
control access into a subdirectory from the web.config in the root folder.
Any other ideas?

<location path="admin" allowOverride="false">
<!-- <location path="admin" allowOverride="true"> -->
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>


"Bill Borg" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Steve, doesn't the redirectfromloginpage call create the cookie for you?
>
> Andy, I've also had this when my web.config is not set up correctly to

deny
> anonymous users and *allow* authenticated users.
>
> Bill
>
> "Steve C. Orr [MVP, MCSD]" wrote:
>
> > It looks like you've forgotten to call SetAuthCookie.
> > Here's more info:
> >

http://authors.aspalliance.com/aspxt...uthCookie.aspx
> >
> > --
> > I hope this helps,
> > Steve C. Orr, MCSD, MVP
> > http://SteveOrr.net
> >
> >
> > "Andy Sutorius" <(E-Mail Removed)> wrote in message
> > news:%sLQd.69593$(E-Mail Removed). com...
> > > Hi,
> > >
> > > For some reason the login.aspx webpage redirects to itself after a
> > > successful login and not to the url in the address bar. I have stepped
> > > through this with debug and it behaves as it is supposed to. What am I
> > > overlooking? Try it.
> > >
> > > http://www.sutorius.com/psyche
> > > click the Administration link
> > > username = user1
> > > password = user1
> > >
> > >
> > > private void cmdLogin_ServerClick(object sender, System.EventArgs e)
> > > {
> > > if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
> > >
> > >
> > >

FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Value,chkPersistCookie
> > > .Checked);
> > >
> > > else
> > >
> > > lblMsg.Text = "Invalid Log in";
> > >
> > >
> > >
> > >
> > >

> >
> >
> >



 
Reply With Quote
 
=?Utf-8?B?QmlsbCBCb3Jn?=
Guest
Posts: n/a
 
      02-16-2005
Looks pretty good at first blush. Any chance there's a web.config in the
subfolder too (that would override the root)?

Also, per your comment above, I'll be anxious to read Steve's response. I've
been working through all this same stuff lately. To me, redirectfromloginpage
is one of those times where asp.net does *too* much to make it easy, so you
don't really understand what's happening underneath. Afaik, it combines
creating the cookie, creating the authentication ticket stored in the cookie,
persisting them or not, and redirecting to the requested page. You can do all
these yourself if you understand what's happening, and you're forced to do
that in cases I run into all the time, such as wanting to name the cookie
myself, keeping multiple cookies, playing with timeout values per user, etc.
Best discussion I've seen of all this is in Esposito's Programming ASP.NET
(best discussion of most *anything* is in that book). There's also a ton of
great stuff in this forum.

Bill

"Andy Sutorius" wrote:

> Bill,
>
> Thanks for that. I forgot to put in an allow. This is what my web.config
> looks like now. And I am still getting the same response. I am attempting to
> control access into a subdirectory from the web.config in the root folder.
> Any other ideas?
>
> <location path="admin" allowOverride="false">
> <!-- <location path="admin" allowOverride="true"> -->
> <system.web>
> <authorization>
> <deny users="?" />
> <allow users="*" />
> </authorization>
> </system.web>
> </location>
>
>
> "Bill Borg" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Steve, doesn't the redirectfromloginpage call create the cookie for you?
> >
> > Andy, I've also had this when my web.config is not set up correctly to

> deny
> > anonymous users and *allow* authenticated users.
> >
> > Bill
> >
> > "Steve C. Orr [MVP, MCSD]" wrote:
> >
> > > It looks like you've forgotten to call SetAuthCookie.
> > > Here's more info:
> > >

> http://authors.aspalliance.com/aspxt...uthCookie.aspx
> > >
> > > --
> > > I hope this helps,
> > > Steve C. Orr, MCSD, MVP
> > > http://SteveOrr.net
> > >
> > >
> > > "Andy Sutorius" <(E-Mail Removed)> wrote in message
> > > news:%sLQd.69593$(E-Mail Removed). com...
> > > > Hi,
> > > >
> > > > For some reason the login.aspx webpage redirects to itself after a
> > > > successful login and not to the url in the address bar. I have stepped
> > > > through this with debug and it behaves as it is supposed to. What am I
> > > > overlooking? Try it.
> > > >
> > > > http://www.sutorius.com/psyche
> > > > click the Administration link
> > > > username = user1
> > > > password = user1
> > > >
> > > >
> > > > private void cmdLogin_ServerClick(object sender, System.EventArgs e)
> > > > {
> > > > if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
> > > >
> > > >
> > > >

> FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Value,chkPersistCookie
> > > > .Checked);
> > > >
> > > > else
> > > >
> > > > lblMsg.Text = "Invalid Log in";
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >

>
>
>

 
Reply With Quote
 
=?Utf-8?B?QmlsbCBCb3Jn?=
Guest
Posts: n/a
 
      02-16-2005
*This might be a double-post (having system trouble), but here goes (again):*

Looks pretty good at first blush. Any chance there's a web.config in the
subfolder too (that would override the root)?

Also, per your comment above, I'll be anxious to read Steve's response. I've
been working through all this same stuff lately. To me, redirectfromloginpage
is one of those times where asp.net does *too* much to make it easy, so you
don't really understand what's happening underneath. Afaik, it combines
creating the cookie, creating the authentication ticket stored in the cookie,
persisting them or not, and redirecting to the requested page. You can do all
these yourself if you understand what's happening, and you're forced to do
that in cases I run into all the time, such as wanting to name the cookie
myself, keeping multiple cookies, playing with timeout values per user, etc.
Best discussion I've seen of all this is in Esposito's Programming ASP.NET
(best discussion of most *anything* is in that book). There's also a ton of
great stuff in this forum.

Bill

"Andy Sutorius" wrote:

> Bill,
>
> Thanks for that. I forgot to put in an allow. This is what my web.config
> looks like now. And I am still getting the same response. I am attempting to
> control access into a subdirectory from the web.config in the root folder.
> Any other ideas?
>
> <location path="admin" allowOverride="false">
> <!-- <location path="admin" allowOverride="true"> -->
> <system.web>
> <authorization>
> <deny users="?" />
> <allow users="*" />
> </authorization>
> </system.web>
> </location>
>
>
> "Bill Borg" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Steve, doesn't the redirectfromloginpage call create the cookie for you?
> >
> > Andy, I've also had this when my web.config is not set up correctly to

> deny
> > anonymous users and *allow* authenticated users.
> >
> > Bill
> >
> > "Steve C. Orr [MVP, MCSD]" wrote:
> >
> > > It looks like you've forgotten to call SetAuthCookie.
> > > Here's more info:
> > >

> http://authors.aspalliance.com/aspxt...uthCookie.aspx
> > >
> > > --
> > > I hope this helps,
> > > Steve C. Orr, MCSD, MVP
> > > http://SteveOrr.net
> > >
> > >
> > > "Andy Sutorius" <(E-Mail Removed)> wrote in message
> > > news:%sLQd.69593$(E-Mail Removed). com...
> > > > Hi,
> > > >
> > > > For some reason the login.aspx webpage redirects to itself after a
> > > > successful login and not to the url in the address bar. I have stepped
> > > > through this with debug and it behaves as it is supposed to. What am I
> > > > overlooking? Try it.
> > > >
> > > > http://www.sutorius.com/psyche
> > > > click the Administration link
> > > > username = user1
> > > > password = user1
> > > >
> > > >
> > > > private void cmdLogin_ServerClick(object sender, System.EventArgs e)
> > > > {
> > > > if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
> > > >
> > > >
> > > >

> FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Value,chkPersistCookie
> > > > .Checked);
> > > >
> > > > else
> > > >
> > > > lblMsg.Text = "Invalid Log in";
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >

>
>
>

 
Reply With Quote
 
Andy Sutorius
Guest
Posts: n/a
 
      02-16-2005
Bill,

Thanks for the extra eyes. In fact there is a web.config in the subfolder
with the same deny/allow so I took it out. Getting the same action though.
I've got something silly turned on/off, I just know it.

I like this article and related code:
http://www.theserverside.net/article...Authentication

Andy


"Bill Borg" <(E-Mail Removed)> wrote in message
news(E-Mail Removed)...
> Looks pretty good at first blush. Any chance there's a web.config in the
> subfolder too (that would override the root)?
>
> Also, per your comment above, I'll be anxious to read Steve's response.

I've
> been working through all this same stuff lately. To me,

redirectfromloginpage
> is one of those times where asp.net does *too* much to make it easy, so

you
> don't really understand what's happening underneath. Afaik, it combines
> creating the cookie, creating the authentication ticket stored in the

cookie,
> persisting them or not, and redirecting to the requested page. You can do

all
> these yourself if you understand what's happening, and you're forced to do
> that in cases I run into all the time, such as wanting to name the cookie
> myself, keeping multiple cookies, playing with timeout values per user,

etc.
> Best discussion I've seen of all this is in Esposito's Programming ASP.NET
> (best discussion of most *anything* is in that book). There's also a ton

of
> great stuff in this forum.
>
> Bill
>



 
Reply With Quote
 
Steve C. Orr [MVP, MCSD]
Guest
Posts: n/a
 
      02-16-2005
It's behaving like the cookie isn't being set.
This is a way to explicitly set the cookie, so I thought it would be worth a
try. Then you can do a standard redirect and see if it works.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net



"Andy Sutorius" <(E-Mail Removed)> wrote in message
news:c_LQd.4$(E-Mail Removed)...
> Steve,
>
> I don't understand how adding setauthcookie has an effect on the redirect.
>
> Andy
>
>
> "Steve C. Orr [MVP, MCSD]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> It looks like you've forgotten to call SetAuthCookie.
>> Here's more info:
>>

> http://authors.aspalliance.com/aspxt...uthCookie.aspx
>>
>> --
>> I hope this helps,
>> Steve C. Orr, MCSD, MVP
>> http://SteveOrr.net
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments