viking Posted July 2, 2003 Posted July 2, 2003 (edited) Hello everyone I just came across this forum on Google search, and thought of registering rightaway. Can anyone here advice me on how to implement forms authentication for my website. It should be something like in this 'vbulletin' software..if a user tries to access any page on my website without loggin in, he/she should be redirected back to the login page. I have put in the following code in the web.config page <authentication mode="Forms" > <forms name="AuthCookie" loginUrl="Login.aspx">:D <credentials passwordFormat="Clear"> <user name = "sandra" password="bullock"/> </credentials> </forms> </authentication> How do I go about doing things further from here? Is there a page attribute that I need to include in every page? or is there some code that I need to include on every page? Thanks in advance! Viking Edited July 2, 2003 by viking Quote
JABE Posted July 2, 2003 Posted July 2, 2003 In InvalidLogin.aspx, you should provide input textboxes for the user to enter username and password. In the submit button, you have to do the ff: If FormsAuthentication.Authenticate(userName, password) Then FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, <True | False for persistent cookie>) Else '-Unauthorized user .... End If By the way, InvalidLogin.aspx is a pessimistic term for a login form :) Quote
sukesh Posted July 2, 2003 Posted July 2, 2003 Refer the link ! Try the following link... http://www.dotnetbips.com/toc.aspx?technology=aspnetsecurity Hope this will help you to solve your doubts... Quote
viking Posted July 2, 2003 Author Posted July 2, 2003 Guys, Thanks much for your suggestions so far:up: What I found out was that I need to put the following into the web.config file as well.. <authorization> <deny users="?"/> </authorization> After adding the above tags..the users are redirected to the login page. Then I added this into the click event for the login button If FormsAuthentication.Authenticate(txtUserName.Text,txtPassword.Text) Then Dim myurl As String myurl = FormsAuthentication.GetRedirectUrl(txtUserName.Text, False) If Not (myurl = "/MySecurity/default.aspx") Then 'The method below takes you back to the page you wanted to go in the first place FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False) Else lblMsg.Visible = True lblMsg.Text = "You Are Authenticated" EndIf End If But now I have something else on hand.. If I were to go to the login page first to get authenticated (without going to any other page). Then the following function bombs.. FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False) so..I did a workaround by putting in a check... myurl = FormsAuthentication.GetRedirectUrl(txtUserName.Text, False) If Not (myurl = "/MySecurity/default.aspx") Then .... .... .... But now after succesfully logging in I want to take my user to a welcome page which will have a kind of a site map. How do I do this?Mind you response.redirect("welcome.aspx") does not work!:( Quote
*Gurus* Derek Stone Posted July 2, 2003 *Gurus* Posted July 2, 2003 Call SetAuthCookie() prior to using Response.Redirect. Quote Posting Guidelines
viking Posted July 3, 2003 Author Posted July 3, 2003 Call SetAuthCookie() prior to using Response.Redirect. :confused: Nope! could'nt get it..could you explain a lil further? Thanks Quote
sukesh Posted July 3, 2003 Posted July 3, 2003 Here is the reply ! 'Check for login here..... Dim userId As String = CheckLogin(email.Text, password.Text) If Not (userId Is Nothing) And userId <> "" Then ' Use security system to set the UserID within a client-side Cookie FormsAuthentication.SetAuthCookie(email.Text, RememberCheckbox.Checked) Response.Redirect("/mypage.aspx") Else lblError.Text = "Login Failed!" End If and in other pages you can put the following line in Page_Load If not Request.IsAuthenticated Then Response.Redirect("~/Admin/Accessdenied.aspx") End If I hope this answers ur query... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.