FormsAuthentication VB.NET

L

laredo512

Regular
Joined
Jan 6, 2004
Messages
88
Location
Far enough to see snow in winter
I got this aspx page in vb.net that verifies a querystring at the page_load event. The goal is to authenticate the user to pass trough the logon page and right in my members area without typing a word since he's being referred by another site.

If a user comes direct to my page, they can logon... everything works. But when a user is referred by another site, the key exchange that I set up work perfect and the FormsAuthentication does not.

here's the code to the problematic

Visual Basic: 
    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        'Put user code to initialize the page here
        'Put user code to initialize the page here
        'sess_id1(new value), randval(existing value), name
        ' response is [url]http://www.referringsite.com/mts.php?received_id=1[/url]
        Try
            Me.lblStatus.Visible = False
            Dim id1 As String = Request.QueryString("randval")
            Dim id2 As String = Request.QueryString("sess_id1")
            Dim UserN As String = Request.QueryString("name")
            Dim strQ As New SqlCommand
            Dim i As Integer
            Dim GID1 As New Guid
            
            GID1 = NewGuid()

            If id1 = "" Or id2 = "" Or UserN = "" Then
                Exit Sub ' continue to display the login page if no variables are present
            End If

            If Len(id1) > 60 Or Len(id2) > 60 Or Len(UserN) > 60 Then
                Hacker()
                Response.Redirect("http://www.referringsite.com")
                Exit Sub
            End If

            strQ.Connection = Me.cnStuff
            strQ.CommandText = "SELECT * FROM IDSwitch WHERE ID1 = '" & id1 & "'"
            Me.daSwitch.Fill(Me.DsSwitch1.IDSwitch)
            i = Me.DsSwitch1.IDSwitch.Count

            Select Case i
                Case Is = 1
                    
                    'found proper ID and send response back to the referrer
                    Dim URL As String = "http://www.referringsite.com/mts.php?received_id=" & id1.ToString
                    Dim Req As HttpWebRequest = CType(WebRequest.Create(URL), HttpWebRequest)
                    Dim Resp As WebResponse = Req.GetResponse

' log the entry and switch ids.
                    strQ.CommandText = "INSERT INTO Logger(TrackingKey, UserName, TrackingID, TrackingTime, TimeOut) VALUES('" & _
                    GID1.ToString & "', '" & UserN & "', '" & id1 & "', '" & Now().Today & "', '" & Now().Today & "')"

                    strQ.Connection = Me.cnStuff
                    strQ.Connection.Open()
                    strQ.ExecuteNonQuery()
                    strQ.Connection.Close()

                    Me.DsSwitch1.IDSwitch(0).ID1 = id2
                    Me.DsSwitch1.IDSwitch(0).ID2 = id1
                    Me.DsSwitch1.IDSwitch(0).Username = UserN
                    Me.DsSwitch1.IDSwitch(0).IDMaster = GID1
                    'Me.DsSwitch1.IDSwitch.AcceptChanges()
                    Me.daSwitch.Update(Me.DsSwitch1.IDSwitch)

'my problem is here
                    Response.RedirectLocation = "http://www.mysite.com/members/members.aspx"
                    FormsAuthentication.RedirectFromLoginPage(UserN, False)
                Case Is = 0
                    Me.lblStatus.Text = "12523"
                    Me.lblStatus.Visible = True

            End Select

        Catch ex As Exception
            Me.lblStatus.Visible = True
            Me.lblStatus.Text = ex.Message.ToString & vbCrLf & ex.Source.ToString
            Exit Sub
        End Try

    End Sub
 
Web.Config

Maybe you should take a look first at Web.config in your application directory. You'll be able to select many logging method.

Be sure that everything is properly configured.
 
Arch4ngel said:
Maybe you should take a look first at Web.config in your application directory. You'll be able to select many logging method.

Be sure that everything is properly configured.
Click to expand...

Ouin...

I already configured the webconfig file so that it only uses login.aspx as the login page. It's also set to use formsAuthentication.

Here's the code of the webconfig file:

Visual Basic: 
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    
  <system.web>

    <compilation defaultLanguage="vb" debug="true" />

    <customErrors mode="RemoteOnly" defaultRedirect="error.html" />
    
<authentication mode="Forms"> 
		<forms loginUrl="login.aspx" name = "SiteLog" timeout="90"/>
</authentication>

     <authorization>
        <deny users="?" /> <!-- Allow all users -->

    </authorization>


    <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" />


    <sessionState 
            mode="InProc"
            stateConnectionString="tcpip=127.0.0.1:42424"
            sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
            cookieless="false" 
            timeout="20" 
    />

    <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
   
  </system.web>
  	<location path="members">
		<system.web>     
			<authorization>
				<deny users="?" />
			</authorization>
		  </system.web>
	</location>
 </configuration>
 
If you remove the
Response.RedirectLocation = "http://www.mysite.com/members/members.aspx"
from just before the
FormsAuthentication.RedirectFromLoginPage(UserN, False)
does it work then?
 
Back
Top