Hello there fellas ...
I seem to have run into a problem , and no amount of Google Trolling or forum digging at many places seem to get me a solution.
Really feels like crap
Thus my desperate attempt at some form of help from you people here ..
Now that I have expressed my frustration, anger and what not , I will get on with the
Whats actually making my life difficult.
------------------------------------
end of rant------------------------------
I am trying to implement security for an already existing website. I am using ASP.NET along with Visual Studio 2005 for the purpose. After going through books like :
- Apress.Pro.ASP.NET.2.0.in.C.Sharp.2005
- Sams.ASP.NET.3.5.Unleashed
- For.Dummies.ASP.NET.2.0.All.In.One.Desk.Reference.For.Dummies
I thought I had pretty good grasp on what is and what nots of Authentication and Authorization using ASP.NET . Apparently not ! :cryinganime:
I am using Forms Authentication and Credentials Store in Web Config file to store the username and password. Following is how the authentication and authorization of my web config file looks like :-
<authentication mode="Forms">
<forms loginUrl="~/Default.aspx" protection="All" timeout="10">
<credentials passwordFormat="SHA1">
<user name="minigweek" password="849B563ED0CFA086B0C33D2772E26E098903A3F3"/>
<user name="kenshin" password="3A1CC647FFFCD2D717F03B4005A71395BD17731E" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
Which should basically allow any logged in user to browse any page and deny access to anonymous user.
Using C# here , so my
Default.aspx has a login control , code for which is placed in
Default.aspx.cs , as done by default by Visual Studio , and the login button raises an event "
Authenticate"which calls the function "
Login1_Authenticate1" which has the following code :-
protected void Login1_Authenticate1(object sender, AuthenticateEventArgs e)
{
Page.Validate();
if (!Page.IsValid) return;
if (FormsAuthentication.Authenticate(Login1.UserName,Login1.Password))
{
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false);
}
else
{
// User name and password are not correct
Login1.FailureText = "Invalid username or password!";
}
}
This should take care of authenticating a valid user.
Then there's the logout page .
Which has 3 controls.
1.Loginname.
2.Loginstatus.
3.Logoutbutton.
The Loginname control allows me to see who is logged in.
The LoginStatus Control shows me whether use is logged in , and shows a url with "Log out" link. If I click on that , its supposed to log me out.
The Login Button when clicked does the following :
protected void Button1_Click(object sender, EventArgs e)
{
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
}
hah ! Either of the loginstatus or the loginbutton should do the job of logging out the user and redirecting me to login page. Which it does. nice.
But here in lies a problem.
My Site has now 4 pages.
Login.aspx , Logout.aspx , Welcome.aspx and SeeItems.aspx.
When I manually type in the url to any of the site for the first time , i am redirected to Login page , as it should and all is fine. Now if I log in , I am taken to the page from where I was redirected to login page. neat eh ?
I once visit Welcome.aspx , SeeItems.aspx and then Logout.aspx , where I click either on Loginstatus control or the Logout button. I am redirected back to Login Page !
Bravo ! Which is all good , but !!! If now I manually type in the url to Welcome or Seeitems page I am still able to see these [pages !! how come ??
I noticed , if i hit refresh now , i am taken back to login page . applicable to both the pages. This is odd isn't it ?? If I am logged out ( which is true because immediately after logging out I am unable to visit the logout page anymore !!) , why can I still see those welcome and seeitems pages ? Its bugging the hell out of me and any help would be appreciated in resolving this
Thanks much in advance