Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 246
  • Last Modified:

ASP.Net 2.2 Custom Forms Authentication Not Working

I am trying to get some very basic user authentication setup with Forms Authentication and a custom database.

(test.aspx)
Users.AuthenticateUser("admin", "admin", true);
Response.Redirect("test2.aspx");

(test2.aspx)
Response.Write(Users.IsAuthed());
Response.Write(Users.GetUserDetails());

------------------------------------------------------------------

AuthenticateUser() checks the database with a SELECT statement looking for a username/password match, then sets the AuthCookie. I've tried this both ways below, but neither works.

      //first try
      FormsAuthentication.SetAuthCookie(ds.Tables[0].Rows[0]["user_id"].ToString(), remember_login);
      
      //second try
      FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, username, DateTime.Now, DateTime.Now.AddYears(10), true, "", FormsAuthentication.FormsCookiePath);

      HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket).ToString());
      cookie.HttpOnly = true;
      cookie.Path = FormsAuthentication.FormsCookiePath;
      cookie.Secure = FormsAuthentication.RequireSSL;
      cookie.Expires = ticket.Expiration;

      System.Web.HttpContext.Current.Response.Cookies.Clear();
      System.Web.HttpContext.Current.Response.Cookies.Add(cookie);

------------------------------------------------------------------

IsAuthed() is getting the User.Identity.IsAuthenticated property, but it always returns false.

GetUserDetails() is also returning -1, meaning User.Identity.Name is not returning a correct value either.

------------------------------------------------------------------

In my Web.Config

<forms
      name="SqlAuthCookie"
      path="/login"
      domain="http://www.storytalers.com"
      defaultUrl="~/admin/default.aspx"
      loginUrl="~/admin/login.aspx"
      timeout="120"
      cookieless="UseCookies" />
0
stephen_rushing
Asked:
stephen_rushing
  • 4
1 Solution
 
raterusCommented:
Get rid of that path variable in web.config, unless EVERY page they could ever visit is under that directory.  Clear the cookies on the browser, and try again.
0
 
stephen_rushingAuthor Commented:
Thanks for the quick response!

The problem was the path and domain. I am developing locally, so neither should have been there. I added the path in the troubleshooting process, but just removing the domain would have saved me an hour or two and some frustration. Anyways, it all appears to be working perfectly now! Thanks again.
0
 
stephen_rushingAuthor Commented:
Thanks for bringing my attention to the path attribute.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
rafayaliCommented:
Are you using ASPNETDB.MDF as database?

I see that you mention custom database, so you probably are not using ASPNETDB. Ignore the q above. So, how are you accessing this custom database?

That is, did you extend MembershipProvider Class?

Or, Did you just create a new class Users and wrote all logic in AuthenticateUser?

What is the code for AuthenticateUser?

Is the SQL in AuthenticateUser() returning correct resultset?

I think the best approach in this case would be to extend the MembershipProvider or SQLMembershipProvider.

Let me know the answers to the questions above.
0
 
stephen_rushingAuthor Commented:
In case that wasn't 110% clear for future questioners, here's the resulting forms node in my web.config.

<forms name="SqlAuthCookie" defaultUrl="~test2.aspx" loginUrl="~test.aspx" timeout="120" cookieless="UseCookies"/>
0
 
stephen_rushingAuthor Commented:
Thanks for your answer, rafayali. The "correct" database access was the path I was headed down in troubleshooting, but just didn't seem to be yielding anything.

I had confirmed AuthenticateUser was returning a result row from the database matching the username/pw.

Users is a custom class, not an extension. I've done very little OOP coding, so this project is a big learning experience. The finished product will be a Flex interface, so my ultimate goal is to interact with these classes via Flex. I'm not sure what benefit i might get by extending MembershipProvider.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now