Hello,

From my home page I click on a Product Maintenance link, this is stored in a SecurePages folder, so I am redirected to the login page. When I login, I'm not being redirected to the Product Maintenance page.

Any ideas ?

Thanks...

6foot7:

Any ideas ?

Have you added  Location tag to your secure folder properly as below?

<location path="register.aspx"> //path here is path to your register.aspx page e.g. it could be ~/publicpages/register.aspx

    <system.web>

        <authorization>

        <allow users="*"/> // this will allow access to everyone to register.aspx
        </authorization>

    </system.web>

</location>

Where are you being redirected after login ? Are you successfully logging-in?

something on your login page is causing it to redirect to some other page.

1: Do you have DestinationPageUrl set for your login control(if you are using asp.net login control)?

2: do you have any authentication Code in your login page's code-behind ? Can you share that ?

3: Do you see the ReturnUrl set to your maintanence page in the address bar when you are redirected to login page?

1) Yes I am successfully logging in, but I am not being redirected anywhere, its like it reloads the login page again.

2) Please see the authentication code below:

<authentication mode="Forms">
      <forms name=".ASPXAUTH"
             loginUrl="login.aspx"
             protection="Validation"
             timeout="999999"/>
    </authentication >

3) Return URL is set to the following:

ReturnUrl=%2fWeb+Project%2fSecurePages%2fProductMaintenance.aspx 

My location tags are as follows:

<location path="SecurePages/ProductMaintenance.aspx">
    <system.web >
      <authorization>
        <allow roles="AdminUser" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location >

6foot7:

<authentication mode="Forms">  

      <forms name=".ASPXAUTH"  

             loginUrl="login.aspx"  

             protection="Validation"  

             timeout="999999"/>  

    </authentication >  

Add DefaultUrl as below.

<authentication mode="Forms">
		
    <forms 
      loginUrl="login.aspx"
defaultUrl="<your Default page or productMaintenancePage" timeout="1440" slidingExpiration="true"/>
</authentication>

and you should have below in your code behind in Login button click event

 protected void LoginUser(object sender, EventArgs e)
        {
            try
            {
                if (Membership.ValidateUser(txtUsername.Text, txtPassword.Text))
                {
                    
//Here after successful authentication, user will be redirected to your default page //specified in your web.config authenticatin section
       FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, false);

Sukumarraju, 

I working in VB.NET and using the Login Control, so there is no login button click event. Could you post the code for VB.NET

Okay, I've made abit of progress....when I launch my homepage (Default.aspx) I click on the link 'Product Maintenance' it brings me directly to the Product maintenance page without asking me to logon. Not sure why this is happening, I only want admin users to able to access this page. Please see most recent code posted below:

<roleManager enabled="true" />
    <authentication mode="Forms">
      <forms name=".ASPXAUTH"
             loginUrl="login.aspx"
             defaultUrl="Default.aspx" timeout="1440" slidingExpiration="true"
             protection="Validation"/>
    </authentication >

</system.web>
  <location path="ProductMaintenance.aspx">
    <system.web >
      <authorization>
        <allow roles="Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location >

1: If you are using Login Control ....you don't need that RedirectFromLoginPage and other code at all.

2: Since "Earlier" you were able to login successfully and not being taken to your Maintenance Page...my doubt is your roles were not working.

3: Now you are being taken directly to Maintenance page and not asked for login is due to your location path...

if the page is still in your securePages folde it should be :  path="SecurePages/ProductMaintenance.aspx"

4: You did not share any roles provider info....is it enabled in your web.config  ? Can you share that.

guru_sarkar:

path="SecurePages/ProductMaintenance.aspx"

I changed the code to what you have here but now I get the following error when trying to log in:

'Your login attempt was not successful. Please try again.'

guru_sarkar:

You did not share any roles provider info....is it enabled in your web.config  ? Can you share that.

The only code I have related to roles is what I previously posted

<allow roles="Admin"/> 

Am I missing something ?

Pointing to your initial problem

Since you are using roles....do you have roleManager enabled in your root web.config?

i.e. <roleManager enabled="true"></roleManager>

To your login attempt problem... can you restore your login page to the state as you had when you started this thread and you had your logging working.

Also can you share your login.aspx markup, login.aspx.vb(i.e. code-behind) and entire web.config.

Guru, yes I have roleManager enabled set to True.

See Web.Config below:

<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
	<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				</sectionGroup>
			</sectionGroup>
		</sectionGroup>
	</configSections>
	<appSettings/>
	<connectionStrings>
  <add name="OfficeSuppliesConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename="C:\Documents and Settings\Stephen Connolly\My Documents\OfficeSupplies.mdf";Integrated Security=True;Connect Timeout=30;User Instance=True"
   providerName="System.Data.SqlClient" />
 </connectionStrings>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.

            Visual Basic options:
            Set strict="true" to disallow all data type conversions 
            where data loss can occur. 
            Set explicit="true" to force declaration of all variables.
        -->
    <!--
    The details below make the startup page whatever is specified in the loginUrl, otherwise
    login.apsx is used.
    -->
    
    <roleManager enabled="true" />
    <authentication mode="Forms">
      <forms name=".ASPXAUTH"
             loginUrl="login.aspx"
             defaultUrl="Default.aspx" timeout="1440" slidingExpiration="true"
             protection="Validation"/>
    </authentication >
    
    
  <compilation debug="true" strict="false" explicit="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
			</assemblies>
		</compilation>
		<pages theme="MyTheme" >
      <namespaces>
				<clear/>
				<add namespace="System"/>
				<add namespace="System.Collections"/>
				<add namespace="System.Collections.Generic"/>
				<add namespace="System.Collections.Specialized"/>
				<add namespace="System.Configuration"/>
				<add namespace="System.Text"/>
				<add namespace="System.Text.RegularExpressions"/>
				<add namespace="System.Linq"/>
				<add namespace="System.Xml.Linq"/>
				<add namespace="System.Web"/>
				<add namespace="System.Web.Caching"/>
				<add namespace="System.Web.SessionState"/>
				<add namespace="System.Web.Security"/>
				<add namespace="System.Web.Profile"/>
				<add namespace="System.Web.UI"/>
				<add namespace="System.Web.UI.WebControls"/>
				<add namespace="System.Web.UI.WebControls.WebParts"/>
				<add namespace="System.Web.UI.HtmlControls"/>
			</namespaces>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
			</controls>
    </pages>
    
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
  <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
		<httpHandlers>
			<remove verb="*" path="*.asmx"/>
			<add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
			<add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
			<add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/>
		</httpHandlers>
		<httpModules>
			<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
		</httpModules>
    
	</system.web>
  <location path="SecurePages/ProductMaintenance.aspx">
    <system.web >
      <authorization>
        <allow roles="Admin"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location >
	<system.codedom>
		<compilers>
			<compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5"/>
				<providerOption name="WarnAsError" value="false"/>
			</compiler>
			<compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" warningLevel="4" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
				<providerOption name="CompilerVersion" value="v3.5"/>
				<providerOption name="OptionInfer" value="true"/>
				<providerOption name="WarnAsError" value="false"/>
			</compiler>
		</compilers>
	</system.codedom>
	<!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
	<system.webServer>
		<validation validateIntegratedModeConfiguration="false"/>
		<modules>
			<remove name="ScriptModule"/>
			<add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
		</modules>
		<handlers>
			<remove name="WebServiceHandlerFactory-Integrated"/>
			<remove name="ScriptHandlerFactory"/>
			<remove name="ScriptHandlerFactoryAppServices"/>
			<remove name="ScriptResource"/>
			<add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
			<add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
			<add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
		</handlers>
	</system.webServer>
	<runtime>
		<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
			</dependentAssembly>
			<dependentAssembly>
				<assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
				<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
			</dependentAssembly>
		</assemblyBinding>
	</runtime>
</configuration>

See Login.aspx (Source), I have no code in login.aspx.vb:

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Login.aspx.vb" Inherits="Logon" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Login</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
    <link rel="stylesheet" type="text/css" href="App_Themes\MyTheme\Style_layout.css" />
</head>
<body>
    <form id="form1" runat="server">
            <div id="outer">
                <div id="header">
                <asp:Image ID="Image1" runat="server" ImageUrl="~/Images/Office Supplies.jpg" />
                </div>
            </div>
            <div id="cont">
                <div id="bodyblock">
            <asp:Login ID="Login1" runat="server" Height="163px" Width="243px" ForeColor="Black" 
                        DestinationPageUrl="~/SecurePages/ProductMaintenance.aspx">
            </asp:Login>
                </div>
            </div>
    <div id="footer">
    
        Copyright (C) Stephen Connolly 2009</div>
    </form>
</body>
</html>

6foot7:

roleManager enabled set to True

Membership, Roles and profile(if you are using) are missing in your web.config

<!--Note that connectionStirng name is from your connectionString section that pointing to your membership database-->

<membership defaultProvider="AspNetMembershipProvider">
<providers>
<add 
connectionStringName="your connectionString HERE" 
enablePasswordRetrieval="false" 
enablePasswordReset="true" 
requiresQuestionAndAnswer="true" 
applicationName="/<your application name>" 
requiresUniqueEmail="false" 
passwordFormat="Clear" 
maxInvalidPasswordAttempts="5" 
minRequiredPasswordLength="7" 
minRequiredNonalphanumericCharacters="0" 
passwordAttemptWindow="10" 
passwordStrengthRegularExpression="" 
name="AspNetMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, 
Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
	</membership>

<!-- RG: Role provider-->
<roleManager enabled="true" defaultProvider="AspNetRoleProvider">
<providers>
<add connectionStringName="your connectionString HERE" 
applicationName="/<your application name here>" 
name="AspNetRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</roleManager>

<profile>
<providers>
<add name="AspNetSqlProfileProvider" 
connectionStringName="<your connectionString HERE>" 
applicationName="/<YOUR APP NAME HERE" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</profile>

ok I don't see any membership information in your web.config. This means you are using default settings. So let me confirm few more things:

1: You have aspnetdb.mdf under App_Data folder in your VS Solution Explorer correct ?

2: You are not using OfficeSupplies.mdf for storing membership/roles information correct?

3: Were you able to move your site to a state where you are able to login?

4: you already said you don't have any code in .vb code-behind but to be sure....not even any empty method structure right (other than Page_Load)

5: do you mind creating a new user. Check if it is created in DB and is Active. See if you can login using that user credentials.

Guru,

Problem solved, I had the following code in login.aspx.vb:

Partial Class Logon
    Inherits System.Web.UI.Page

    Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate

    End Sub
End Class

I'm not sure how this code got here, I must have double clicked on the login control at some stage. But after commenting out:

Partial Class Logon
    Inherits System.Web.UI.Page

    'Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate

    'End Sub
End Class

the issue was solved, now only the admin users can gain access to the secure pages section.
 
Thanks for all the help.