Forms Authentication - ASP.NET (VB)

viking

Member
Joined
Jul 2, 2003
Messages
7
Hello everyone I just came across this forum on Google search, and thought of registering rightaway.

Can anyone here advice me on how to implement forms authentication for my website. It should be something like in this vbulletin software..if a user tries to access any page on my website without loggin in, he/she should be redirected back to the login page.

I have put in the following code in the web.config page

<authentication mode="Forms" >
<forms name="AuthCookie" loginUrl="Login.aspx">:D
<credentials passwordFormat="Clear">
<user name = "sandra" password="bullock"/>
</credentials>
</forms>
</authentication>


How do I go about doing things further from here? Is there a page attribute that I need to include in every page? or is there some code that I need to include on every page?

Thanks in advance!

Viking
 
Last edited by a moderator:
In InvalidLogin.aspx, you should provide input textboxes for the user to enter username and password. In the submit button, you have to do the ff:

[VB]
If FormsAuthentication.Authenticate(userName, password) Then
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, <True | False for persistent cookie>)
Else
-Unauthorized user ....
End If
[/VB]

By the way, InvalidLogin.aspx is a pessimistic term for a login form :)
 
Guys,

Thanks much for your suggestions so far:up:

What I found out was that I need to put the following into the web.config file as well..

<authorization>
<deny users="?"/>
</authorization>

After adding the above tags..the users are redirected to the login page.

Then I added this into the click event for the login button



If FormsAuthentication.Authenticate(txtUserName.Text,txtPassword.Text) Then
Dim myurl As String
myurl = FormsAuthentication.GetRedirectUrl(txtUserName.Text, False)
If Not (myurl = "/MySecurity/default.aspx") Then

The method below takes you back to the page you wanted to go in the first place

FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False)
Else
lblMsg.Visible = True
lblMsg.Text = "You Are Authenticated"
EndIf
End If

But now I have something else on hand..

If I were to go to the login page first to get authenticated (without going to any other page). Then the following function bombs..

FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, False)

so..I did a workaround by putting in a check...

myurl = FormsAuthentication.GetRedirectUrl(txtUserName.Text, False)
If Not (myurl = "/MySecurity/default.aspx") Then


....
....
....


But now after succesfully logging in I want to take my user to a welcome page which will have a kind of a site map.

How do I do this?Mind you response.redirect("welcome.aspx") does not work!:(
 
Here is the reply !

Code:
Check for login here.....
            Dim userId As String = CheckLogin(email.Text, password.Text)

            If Not (userId Is Nothing) And userId <> "" Then
                 Use security system to set the UserID within a client-side Cookie
                FormsAuthentication.SetAuthCookie(email.Text, RememberCheckbox.Checked)

                Response.Redirect("/mypage.aspx")
            Else
                lblError.Text = "Login Failed!"
            End If

and in other pages you can put the following line in Page_Load
Code:
            If not Request.IsAuthenticated  Then
                Response.Redirect("~/Admin/Accessdenied.aspx")
            End If

I hope this answers ur query...
 
Back
Top