Solved

Cannot get Forms authentication to work.

Posted on 2006-10-25
3
309 Views
Last Modified: 2008-01-09
I'm using ASP.NET 2.0 and have opted to not use the membership and roles provider as the application will only have 2-3 users that actually need to look in.  So I'm trying to use the old FormAuthenticate method and am having trouble.  Here's what I have (the key details):

Login.aspx: (in the root directory)

    <form id="form1" runat="server">
    <div>
        <br />
        <asp:TextBox ID="txtUserName" runat="server"></asp:TextBox><br />
        <asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox>
        <asp:Button ID="btnAuthenticate" runat="server" OnClick="btnAuthenticate_Click" Text="Button" />
    </div>
    </form>

Login.aspx.cs:

    protected void btnAuthenticate_Click(object sender, EventArgs e)
    {
        if ( FormsAuthentication.Authenticate( txtUserName.Text, txtPassword.Text ))
        {
             FormsAuthentication.RedirectFromLoginPage( txtUserName.Text, false);
        }
        else
            Response.Write( "You are not allowed to view that page with he credentials you've supplied." );
    }

Web.config (root):  

  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="Login.aspx" name="DHWebAuth" timeout="15">
        <credentials>
          <user name="admin" password="admin123" />
        </credentials>
      </forms>  
    </authentication>

    <sessionState mode="Off" />
    <compilation debug="true"/>

    <customErrors mode="Off" defaultRedirect="~/CatchAllErrorPage.aspx">
        <error statusCode="404" redirect="~/FileNotFound.aspx" />
    </customErrors>
  </system.web>  

Web.config (Admin directory, the admin directory is contained in the root directory):

<?xml version="1.0"?>

<configuration>
    <system.web>
      <authorization>
        <allow users="admin" />
        <deny users="*" />
      </authorization>
    </system.web>
</configuration>  


Every time I try to access a web page in the admin directory, it sends me to Login.aspx, which is good.  When I type in the credentials, the else statement always executes.  I've debugged and stepped through and Forms.Authenticate( txtUserName.Text, txtPassword.Text ) always returns false.  

Can anyone assist?  Thanks in advance!      
0
Comment
Question by:LA_Code_Poet
3 Comments
 
LVL 12

Accepted Solution

by:
sandip132 earned 400 total points
ID: 17809151
REmove your authentication and authorization Tags from Web.Config and add the followwing....

<authentication mode="Forms">
            <forms name="DHWebAuth" path="/" loginUrl="Login.aspx" protection="All" timeout="15">
                <credentials passwordFormat="Clear">
                   <user name="admin" password="admin123" />
                </credentials>
            </forms>
        </authentication>

        <authorization>
            <deny users="?" />
          <allow users="admin" />
        </authorization>

Regards,
Sandip.
0
 
LVL 12

Assisted Solution

by:deanvanrooyen
deanvanrooyen earned 100 total points
ID: 17809159
try something like so

<configuration>
    <system.web>
        <customErrors mode="Off"/>
        <authentication mode="Forms">
            <forms name="appNameAuth" path="/" loginUrl="login.aspx" protection="All" timeout="30">
                <credentials passwordFormat="Clear">
                    <user name="jeff" password="test" />
                    <user name="mike" password="test" />
                </credentials>
            </forms>
        </authentication>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>
0
 

Author Comment

by:LA_Code_Poet
ID: 17809313
The thing that makes it work is passwordFormat.  That's the only thing I changed and now it works perfectly.

I looked it up after I got the fix and discoved the default is SHA1, which was what was causing the problem.  I'll have to look using that mode up in MD5 when I get some free time .

Thanks.  
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lots of people ask this question on how to extend the “MembershipProvider” to make use of custom authentication like using existing database or make use of some other way of authentication. Many blogs show you how to extend the membership provider c…
I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question