Solved

Cannot get Forms authentication to work.

Posted on 2006-10-25
3
274 Views
Last Modified: 2008-01-09
I'm using ASP.NET 2.0 and have opted to not use the membership and roles provider as the application will only have 2-3 users that actually need to look in.  So I'm trying to use the old FormAuthenticate method and am having trouble.  Here's what I have (the key details):

Login.aspx: (in the root directory)

    <form id="form1" runat="server">
    <div>
        <br />
        <asp:TextBox ID="txtUserName" runat="server"></asp:TextBox><br />
        <asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox>
        <asp:Button ID="btnAuthenticate" runat="server" OnClick="btnAuthenticate_Click" Text="Button" />
    </div>
    </form>

Login.aspx.cs:

    protected void btnAuthenticate_Click(object sender, EventArgs e)
    {
        if ( FormsAuthentication.Authenticate( txtUserName.Text, txtPassword.Text ))
        {
             FormsAuthentication.RedirectFromLoginPage( txtUserName.Text, false);
        }
        else
            Response.Write( "You are not allowed to view that page with he credentials you've supplied." );
    }

Web.config (root):  

  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="Login.aspx" name="DHWebAuth" timeout="15">
        <credentials>
          <user name="admin" password="admin123" />
        </credentials>
      </forms>  
    </authentication>

    <sessionState mode="Off" />
    <compilation debug="true"/>

    <customErrors mode="Off" defaultRedirect="~/CatchAllErrorPage.aspx">
        <error statusCode="404" redirect="~/FileNotFound.aspx" />
    </customErrors>
  </system.web>  

Web.config (Admin directory, the admin directory is contained in the root directory):

<?xml version="1.0"?>

<configuration>
    <system.web>
      <authorization>
        <allow users="admin" />
        <deny users="*" />
      </authorization>
    </system.web>
</configuration>  


Every time I try to access a web page in the admin directory, it sends me to Login.aspx, which is good.  When I type in the credentials, the else statement always executes.  I've debugged and stepped through and Forms.Authenticate( txtUserName.Text, txtPassword.Text ) always returns false.  

Can anyone assist?  Thanks in advance!      
0
Comment
Question by:LA_Code_Poet
3 Comments
 
LVL 12

Accepted Solution

by:
sandip132 earned 400 total points
Comment Utility
REmove your authentication and authorization Tags from Web.Config and add the followwing....

<authentication mode="Forms">
            <forms name="DHWebAuth" path="/" loginUrl="Login.aspx" protection="All" timeout="15">
                <credentials passwordFormat="Clear">
                   <user name="admin" password="admin123" />
                </credentials>
            </forms>
        </authentication>

        <authorization>
            <deny users="?" />
          <allow users="admin" />
        </authorization>

Regards,
Sandip.
0
 
LVL 12

Assisted Solution

by:deanvanrooyen
deanvanrooyen earned 100 total points
Comment Utility
try something like so

<configuration>
    <system.web>
        <customErrors mode="Off"/>
        <authentication mode="Forms">
            <forms name="appNameAuth" path="/" loginUrl="login.aspx" protection="All" timeout="30">
                <credentials passwordFormat="Clear">
                    <user name="jeff" password="test" />
                    <user name="mike" password="test" />
                </credentials>
            </forms>
        </authentication>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>
0
 

Author Comment

by:LA_Code_Poet
Comment Utility
The thing that makes it work is passwordFormat.  That's the only thing I changed and now it works perfectly.

I looked it up after I got the fix and discoved the default is SHA1, which was what was causing the problem.  I'll have to look using that mode up in MD5 when I get some free time .

Thanks.  
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In this Article, I will provide a few tips in problem and solution manner. Opening an ASPX page in Visual studio 2003 is very slow. To make it fast, please do follow below steps:   Open the Solution/Project. Right click the ASPX file to b…
A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now