laredo512 Posted May 7, 2004 Posted May 7, 2004 I got this aspx page in vb.net that verifies a querystring at the page_load event. The goal is to authenticate the user to pass trough the logon page and right in my members area without typing a word since he's being referred by another site. If a user comes direct to my page, they can logon... everything works. But when a user is referred by another site, the key exchange that I set up work perfect and the FormsAuthentication does not. here's the code to the problematic Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load 'Put user code to initialize the page here 'Put user code to initialize the page here 'sess_id1(new value), randval(existing value), name ' response is [url]http://www.referringsite.com/mts.php?received_id=1[/url] Try Me.lblStatus.Visible = False Dim id1 As String = Request.QueryString("randval") Dim id2 As String = Request.QueryString("sess_id1") Dim UserN As String = Request.QueryString("name") Dim strQ As New SqlCommand Dim i As Integer Dim GID1 As New Guid GID1 = NewGuid() If id1 = "" Or id2 = "" Or UserN = "" Then Exit Sub ' continue to display the login page if no variables are present End If If Len(id1) > 60 Or Len(id2) > 60 Or Len(UserN) > 60 Then Hacker() Response.Redirect("http://www.referringsite.com") Exit Sub End If strQ.Connection = Me.cnStuff strQ.CommandText = "SELECT * FROM IDSwitch WHERE ID1 = '" & id1 & "'" Me.daSwitch.Fill(Me.DsSwitch1.IDSwitch) i = Me.DsSwitch1.IDSwitch.Count Select Case i Case Is = 1 'found proper ID and send response back to the referrer Dim URL As String = "http://www.referringsite.com/mts.php?received_id=" & id1.ToString Dim Req As HttpWebRequest = CType(WebRequest.Create(URL), HttpWebRequest) Dim Resp As WebResponse = Req.GetResponse ' log the entry and switch ids. strQ.CommandText = "INSERT INTO Logger(TrackingKey, UserName, TrackingID, TrackingTime, TimeOut) VALUES('" & _ GID1.ToString & "', '" & UserN & "', '" & id1 & "', '" & Now().Today & "', '" & Now().Today & "')" strQ.Connection = Me.cnStuff strQ.Connection.Open() strQ.ExecuteNonQuery() strQ.Connection.Close() Me.DsSwitch1.IDSwitch(0).ID1 = id2 Me.DsSwitch1.IDSwitch(0).ID2 = id1 Me.DsSwitch1.IDSwitch(0).Username = UserN Me.DsSwitch1.IDSwitch(0).IDMaster = GID1 'Me.DsSwitch1.IDSwitch.AcceptChanges() Me.daSwitch.Update(Me.DsSwitch1.IDSwitch) 'my problem is here Response.RedirectLocation = "http://www.mysite.com/members/members.aspx" FormsAuthentication.RedirectFromLoginPage(UserN, False) Case Is = 0 Me.lblStatus.Text = "12523" Me.lblStatus.Visible = True End Select Catch ex As Exception Me.lblStatus.Visible = True Me.lblStatus.Text = ex.Message.ToString & vbCrLf & ex.Source.ToString Exit Sub End Try End Sub Quote Laredo512 * using VS.NET Pro 2003 *
Arch4ngel Posted May 7, 2004 Posted May 7, 2004 Web.Config Maybe you should take a look first at Web.config in your application directory. You'll be able to select many logging method. Be sure that everything is properly configured. Quote "If someone say : "Die mortal !"... don't stay to see if he isn't." - Unknown "Learning to program is like going out with a new girl friend. There's always something that wasn't mentioned in the documentation..." - Me "A drunk girl is like an animal... it scream at everything like a cat and roll in the grass like a dog." - Me after seeing my girlfriend drunk and some of her drunk friend. C# TO VB TRANSLATOR
laredo512 Posted May 7, 2004 Author Posted May 7, 2004 Maybe you should take a look first at Web.config in your application directory. You'll be able to select many logging method. Be sure that everything is properly configured. Ouin... I already configured the webconfig file so that it only uses login.aspx as the login page. It's also set to use formsAuthentication. Here's the code of the webconfig file: <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.web> <compilation defaultLanguage="vb" debug="true" /> <customErrors mode="RemoteOnly" defaultRedirect="error.html" /> <authentication mode="Forms"> <forms loginUrl="login.aspx" name = "SiteLog" timeout="90"/> </authentication> <authorization> <deny users="?" /> <!-- Allow all users --> </authorization> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" cookieless="false" timeout="20" /> <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> </system.web> <location path="members"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> </configuration> Quote Laredo512 * using VS.NET Pro 2003 *
Administrators PlausiblyDamp Posted May 7, 2004 Administrators Posted May 7, 2004 If you remove the Response.RedirectLocation = "http://www.mysite.com/members/members.aspx" from just before the FormsAuthentication.RedirectFromLoginPage(UserN, False) does it work then? Quote Posting Guidelines FAQ Post Formatting Intellectuals solve problems; geniuses prevent them. -- Albert Einstein
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.