Sign In| Join
Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Dec 21, 2012 08:51 PM by Terence10
Member
2 Points
14 Posts
Sep 04, 2012 07:06 AM|LINK
Hi Experts,
In my asp.net application using C#, I am using (Cookieless) Role Based Forms Authentication. After giving the username and password, the application is not redirecting to the page requested, it is still showing the Login.aspx page.
Here is my sample code. (Login.aspx)
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, uname, DateTime.Now, DateTime.Now.AddMinutes(40), true, string.Empty, string.Empty); string hash = FormsAuthentication.Encrypt(ticket); FormsAuthentication.SetAuthCookie(uname, false); string returnUrl = Request.QueryString["ReturnUrl"]; if (role == "client") { returnUrl="./Client_Pages/Client.aspx"; } else if (role == "Admin" || role == "admin") { returnUrl="./Admin_Pages/AdminPage.aspx"; } Response.Redirect(Response.ApplyAppPathModifier(returnUrl)); }
The setting I used in web.config is
<sessionState mode="InProc" cookieless="true" timeout="20"/>
<authentication mode="Forms"> <forms loginUrl="Home.aspx" requireSSL="false" cookieless="UseUri" path="/" name=".ASPXAUTH" slidingExpiration="true" enableCrossAppRedirects="true"/> </authentication>
<location path="Admin_Pages"> <system.web> <authorization> <allow roles="Admin,admin"/> <deny users="*"/> </authorization> </system.web> </location>
The code in Global.asax is
protected void Application_AuthenticateRequest(object sender, EventArgs e) { if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity is FormsIdentity) { FormsIdentity identity = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = identity.Ticket; // get the roles stored as UserData into the ticket string[] roles = ticket.UserData.Split(','); HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(identity, roles); } } } }
But if I am trying to redirect to a page in the applications root folder that does not require admin or user previlege, IT IS POSSIBLE
Please provide a valid solution to sort it out.
Contributor
6119 Points
1167 Posts
Sep 04, 2012 07:33 AM|LINK
Check this link for step wise learning of Cookieless forms authentication
http://www.asp.net/web-forms/videos/authentication/how-to-setup-and-use-cookie-less-authentication-in-an-aspnet-application
http://www.codeproject.com/Articles/2796/Cookieless-ASP-NET-forms-authentication
Sep 05, 2012 09:34 AM|LINK
I tried using the above links but that is not working for me. Can you refer the code i posted and give any solution?
4 Points
3 Posts
Dec 21, 2012 08:51 PM|LINK
I am having the same problem and cannot find a solution.
When entering the website directly, the user is sent to login.aspx instead of the default page of default.aspx.
He can enter the full path in the url www.website.com/defaultpage.aspx and have no problem - no requirement to login.
All works on my development machine but when published to discountasp.net if fails. They are using IIS7, ASP.NET 4.
I am using Visual Studio 2010, ASP.NET 4.
Microsoft published this 'Fast Publish' article on this issue back in March 2011 but there is not follow up and none of the fixes work for me.
http://support.microsoft.com/kb/2526854
I am using Telerik Ajax components but nothing else unusual.
Anyone else? Thanks for the feedback
Vishnu.Y
Member
2 Points
14 Posts
Cookieless Forms Authentication.
Sep 04, 2012 07:06 AM|LINK
Hi Experts,
In my asp.net application using C#, I am using (Cookieless) Role Based Forms Authentication. After giving the username and password, the application is not redirecting to the page requested, it is still showing the Login.aspx page.
Here is my sample code. (Login.aspx)
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
uname,
DateTime.Now,
DateTime.Now.AddMinutes(40),
true,
string.Empty,
string.Empty);
string hash = FormsAuthentication.Encrypt(ticket);
FormsAuthentication.SetAuthCookie(uname, false);
string returnUrl = Request.QueryString["ReturnUrl"];
if (role == "client")
{
returnUrl="./Client_Pages/Client.aspx";
}
else if (role == "Admin" || role == "admin")
{
returnUrl="./Admin_Pages/AdminPage.aspx";
}
Response.Redirect(Response.ApplyAppPathModifier(returnUrl));
}
The setting I used in web.config is
<sessionState mode="InProc" cookieless="true" timeout="20"/>
<authentication mode="Forms">
<forms loginUrl="Home.aspx" requireSSL="false" cookieless="UseUri" path="/"
name=".ASPXAUTH" slidingExpiration="true" enableCrossAppRedirects="true"/>
</authentication>
<location path="Admin_Pages">
<system.web>
<authorization>
<allow roles="Admin,admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
The code in Global.asax is
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity)
{
FormsIdentity identity = (FormsIdentity)HttpContext.Current.User.Identity;
FormsAuthenticationTicket ticket = identity.Ticket;
// get the roles stored as UserData into the ticket
string[] roles = ticket.UserData.Split(',');
HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(identity, roles);
}
}
}
}
But if I am trying to redirect to a page in the applications root folder that does not require admin or user previlege, IT IS POSSIBLE
Please provide a valid solution to sort it out.
SohailShaikh
Contributor
6119 Points
1167 Posts
Re: Cookieless Forms Authentication.
Sep 04, 2012 07:33 AM|LINK
Check this link for step wise learning of Cookieless forms authentication
http://www.asp.net/web-forms/videos/authentication/how-to-setup-and-use-cookie-less-authentication-in-an-aspnet-application
http://www.codeproject.com/Articles/2796/Cookieless-ASP-NET-forms-authentication
Sohail Shaikh
Vishnu.Y
Member
2 Points
14 Posts
Re: Cookieless Forms Authentication.
Sep 05, 2012 09:34 AM|LINK
I tried using the above links but that is not working for me. Can you refer the code i posted and give any solution?
Terence10
Member
4 Points
3 Posts
Re: Cookieless Forms Authentication.
Dec 21, 2012 08:51 PM|LINK
I am having the same problem and cannot find a solution.
When entering the website directly, the user is sent to login.aspx instead of the default page of default.aspx.
He can enter the full path in the url www.website.com/defaultpage.aspx and have no problem - no requirement to login.
All works on my development machine but when published to discountasp.net if fails. They are using IIS7, ASP.NET 4.
I am using Visual Studio 2010, ASP.NET 4.
Microsoft published this 'Fast Publish' article on this issue back in March 2011 but there is not follow up and none of the fixes work for me.
http://support.microsoft.com/kb/2526854
I am using Telerik Ajax components but nothing else unusual.
Anyone else? Thanks for the feedback