Cannot get Forms authentication to work.

I'm using ASP.NET 2.0 and have opted to not use the membership and roles provider as the application will only have 2-3 users that actually need to look in.  So I'm trying to use the old FormAuthenticate method and am having trouble.  Here's what I have (the key details):

Login.aspx: (in the root directory)

    <form id="form1" runat="server">
    <div>
        <br />
        <asp:TextBox ID="txtUserName" runat="server"></asp:TextBox><br />
        <asp:TextBox ID="txtPassword" runat="server" TextMode="Password"></asp:TextBox>
        <asp:Button ID="btnAuthenticate" runat="server" OnClick="btnAuthenticate_Click" Text="Button" />
    </div>
    </form>

Login.aspx.cs:

    protected void btnAuthenticate_Click(object sender, EventArgs e)
    {
        if ( FormsAuthentication.Authenticate( txtUserName.Text, txtPassword.Text ))
        {
             FormsAuthentication.RedirectFromLoginPage( txtUserName.Text, false);
        }
        else
            Response.Write( "You are not allowed to view that page with he credentials you've supplied." );
    }

Web.config (root):  

  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="Login.aspx" name="DHWebAuth" timeout="15">
        <credentials>
          <user name="admin" password="admin123" />
        </credentials>
      </forms>  
    </authentication>

    <sessionState mode="Off" />
    <compilation debug="true"/>

    <customErrors mode="Off" defaultRedirect="~/CatchAllErrorPage.aspx">
        <error statusCode="404" redirect="~/FileNotFound.aspx" />
    </customErrors>
  </system.web>  

Web.config (Admin directory, the admin directory is contained in the root directory):

<?xml version="1.0"?>

<configuration>
    <system.web>
      <authorization>
        <allow users="admin" />
        <deny users="*" />
      </authorization>
    </system.web>
</configuration>  


Every time I try to access a web page in the admin directory, it sends me to Login.aspx, which is good.  When I type in the credentials, the else statement always executes.  I've debugged and stepped through and Forms.Authenticate( txtUserName.Text, txtPassword.Text ) always returns false.  

Can anyone assist?  Thanks in advance!      
LA_Code_PoetAsked:
Who is Participating?
 
sandip132Connect With a Mentor Commented:
REmove your authentication and authorization Tags from Web.Config and add the followwing....

<authentication mode="Forms">
            <forms name="DHWebAuth" path="/" loginUrl="Login.aspx" protection="All" timeout="15">
                <credentials passwordFormat="Clear">
                   <user name="admin" password="admin123" />
                </credentials>
            </forms>
        </authentication>

        <authorization>
            <deny users="?" />
          <allow users="admin" />
        </authorization>

Regards,
Sandip.
0
 
deanvanrooyenConnect With a Mentor Commented:
try something like so

<configuration>
    <system.web>
        <customErrors mode="Off"/>
        <authentication mode="Forms">
            <forms name="appNameAuth" path="/" loginUrl="login.aspx" protection="All" timeout="30">
                <credentials passwordFormat="Clear">
                    <user name="jeff" password="test" />
                    <user name="mike" password="test" />
                </credentials>
            </forms>
        </authentication>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>
0
 
LA_Code_PoetAuthor Commented:
The thing that makes it work is passwordFormat.  That's the only thing I changed and now it works perfectly.

I looked it up after I got the fix and discoved the default is SHA1, which was what was causing the problem.  I'll have to look using that mode up in MD5 when I get some free time .

Thanks.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.