[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 328
  • Last Modified:

Cannot get Forms authentication to work.

I'm using ASP.NET 2.0 and have opted to not use the membership and roles provider as the application will only have 2-3 users that actually need to look in.  So I'm trying to use the old FormAuthenticate method and am having trouble.  Here's what I have (the key details):

Login.aspx: (in the root directory)

    <form id="form1" runat="server">
    <div>
        <br />
        <asp:TextBox ID="txtUserName" runat="server"></asp:TextBox><br />
        <asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox>
        <asp:Button ID="btnAuthenticate" runat="server" OnClick="btnAuthenticate_Click" Text="Button" />
    </div>
    </form>

Login.aspx.cs:

    protected void btnAuthenticate_Click(object sender, EventArgs e)
    {
        if ( FormsAuthentication.Authenticate( txtUserName.Text, txtPassword.Text ))
        {
             FormsAuthentication.RedirectFromLoginPage( txtUserName.Text, false);
        }
        else
            Response.Write( "You are not allowed to view that page with he credentials you've supplied." );
    }

Web.config (root):  

  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="Login.aspx" name="DHWebAuth" timeout="15">
        <credentials>
          <user name="admin" password="admin123" />
        </credentials>
      </forms>  
    </authentication>

    <sessionState mode="Off" />
    <compilation debug="true"/>

    <customErrors mode="Off" defaultRedirect="~/CatchAllErrorPage.aspx">
        <error statusCode="404" redirect="~/FileNotFound.aspx" />
    </customErrors>
  </system.web>  

Web.config (Admin directory, the admin directory is contained in the root directory):

<?xml version="1.0"?>

<configuration>
    <system.web>
      <authorization>
        <allow users="admin" />
        <deny users="*" />
      </authorization>
    </system.web>
</configuration>  


Every time I try to access a web page in the admin directory, it sends me to Login.aspx, which is good.  When I type in the credentials, the else statement always executes.  I've debugged and stepped through and Forms.Authenticate( txtUserName.Text, txtPassword.Text ) always returns false.  

Can anyone assist?  Thanks in advance!      
0
LA_Code_Poet
Asked:
LA_Code_Poet
2 Solutions
 
sandip132Commented:
REmove your authentication and authorization Tags from Web.Config and add the followwing....

<authentication mode="Forms">
            <forms name="DHWebAuth" path="/" loginUrl="Login.aspx" protection="All" timeout="15">
                <credentials passwordFormat="Clear">
                   <user name="admin" password="admin123" />
                </credentials>
            </forms>
        </authentication>

        <authorization>
            <deny users="?" />
          <allow users="admin" />
        </authorization>

Regards,
Sandip.
0
 
deanvanrooyenCommented:
try something like so

<configuration>
    <system.web>
        <customErrors mode="Off"/>
        <authentication mode="Forms">
            <forms name="appNameAuth" path="/" loginUrl="login.aspx" protection="All" timeout="30">
                <credentials passwordFormat="Clear">
                    <user name="jeff" password="test" />
                    <user name="mike" password="test" />
                </credentials>
            </forms>
        </authentication>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>
0
 
LA_Code_PoetAuthor Commented:
The thing that makes it work is passwordFormat.  That's the only thing I changed and now it works perfectly.

I looked it up after I got the fix and discoved the default is SHA1, which was what was causing the problem.  I'll have to look using that mode up in MD5 when I get some free time .

Thanks.  
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now