laredo512
Regular
I got this aspx page in vb.net that verifies a querystring at the page_load event. The goal is to authenticate the user to pass trough the logon page and right in my members area without typing a word since he's being referred by another site.
If a user comes direct to my page, they can logon... everything works. But when a user is referred by another site, the key exchange that I set up work perfect and the FormsAuthentication does not.
here's the code to the problematic
If a user comes direct to my page, they can logon... everything works. But when a user is referred by another site, the key exchange that I set up work perfect and the FormsAuthentication does not.
here's the code to the problematic
Visual Basic:
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
'Put user code to initialize the page here
'sess_id1(new value), randval(existing value), name
' response is [url]http://www.referringsite.com/mts.php?received_id=1[/url]
Try
Me.lblStatus.Visible = False
Dim id1 As String = Request.QueryString("randval")
Dim id2 As String = Request.QueryString("sess_id1")
Dim UserN As String = Request.QueryString("name")
Dim strQ As New SqlCommand
Dim i As Integer
Dim GID1 As New Guid
GID1 = NewGuid()
If id1 = "" Or id2 = "" Or UserN = "" Then
Exit Sub ' continue to display the login page if no variables are present
End If
If Len(id1) > 60 Or Len(id2) > 60 Or Len(UserN) > 60 Then
Hacker()
Response.Redirect("http://www.referringsite.com")
Exit Sub
End If
strQ.Connection = Me.cnStuff
strQ.CommandText = "SELECT * FROM IDSwitch WHERE ID1 = '" & id1 & "'"
Me.daSwitch.Fill(Me.DsSwitch1.IDSwitch)
i = Me.DsSwitch1.IDSwitch.Count
Select Case i
Case Is = 1
'found proper ID and send response back to the referrer
Dim URL As String = "http://www.referringsite.com/mts.php?received_id=" & id1.ToString
Dim Req As HttpWebRequest = CType(WebRequest.Create(URL), HttpWebRequest)
Dim Resp As WebResponse = Req.GetResponse
' log the entry and switch ids.
strQ.CommandText = "INSERT INTO Logger(TrackingKey, UserName, TrackingID, TrackingTime, TimeOut) VALUES('" & _
GID1.ToString & "', '" & UserN & "', '" & id1 & "', '" & Now().Today & "', '" & Now().Today & "')"
strQ.Connection = Me.cnStuff
strQ.Connection.Open()
strQ.ExecuteNonQuery()
strQ.Connection.Close()
Me.DsSwitch1.IDSwitch(0).ID1 = id2
Me.DsSwitch1.IDSwitch(0).ID2 = id1
Me.DsSwitch1.IDSwitch(0).Username = UserN
Me.DsSwitch1.IDSwitch(0).IDMaster = GID1
'Me.DsSwitch1.IDSwitch.AcceptChanges()
Me.daSwitch.Update(Me.DsSwitch1.IDSwitch)
'my problem is here
Response.RedirectLocation = "http://www.mysite.com/members/members.aspx"
FormsAuthentication.RedirectFromLoginPage(UserN, False)
Case Is = 0
Me.lblStatus.Text = "12523"
Me.lblStatus.Visible = True
End Select
Catch ex As Exception
Me.lblStatus.Visible = True
Me.lblStatus.Text = ex.Message.ToString & vbCrLf & ex.Source.ToString
Exit Sub
End Try
End Sub