Forms Authentication in Visual Web developer
I have created a username /password using forms authentication for a web application. Usernames and password are in sql server database and I use a "for next loop" to determine validity. Everyhtings works fine until a user enters an invalid username or password and when they enter the correct ones, the page wont let them in. Unless you close the brower and re-open this continues to happen. The web config is correct and am using forms etc.
Any ideas why?
Any ideas why?
Web Config
<authentication mode="Forms">
<forms loginUrl="logon.aspx"
protection="All"
timeout="30"
name=".ASPXFORMSAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="welcome.aspx)"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false"
></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
Logon Page Source:
<%@ Page Title="" Language="VB"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
Sub Logon_Click(ByVal sender As Object, ByVal e As EventArgs)
Dim rowcount = UserInfoGrid.Rows.Count
rowcount = rowcount - 1
For x = 0 To rowcount
TextBox1.Text = Convert.ToString(UserInfoGrid.Rows(x).Cells(0).Text)
TextBox2.Text = Convert.ToString(UserInfoGrid.Rows(x).Cells(1).Text)
If UserEmail.Text.TrimEnd = TextBox1.Text.TrimEnd And UserPass.Text.TrimEnd = TextBox2.Text.TrimEnd Then
'TextBox1.Text = Convert.ToString(UserInfoGrid.Rows(0).Cells(0).Text)
'TextBox2.Text = Convert.ToString(UserInfoGrid.Rows(0).Cells(1).Text)
Session("LogName") = UserEmail.Text
Session("Security") = Convert.ToString(UserInfoGrid.Rows(x).Cells(2).Text)
Session("AcctID") = Convert.ToString(UserInfoGrid.Rows(x).Cells(10).Text)
Label1.Text = Session("Security")
'Call LogRecord()
FormsAuthentication.RedirectFromLoginPage _
(UserEmail.Text, Persist.Checked)
End If
Next x
'Request.Cookies.Clear()
'Response.Redirect("goodbye.aspx")
UserEmail.Focus()
End Sub
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)
End Sub
Protected Sub UserEmail_TextChanged(ByVal sender As Object, ByVal e As System.EventArgs)
End Sub
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs)
End Sub
Public Sub LogRecord()
Dim UserId = Session("LogName")
Dim UserHost = Request.UserHostAddress
Dim UserName = Request.UserHostName
Dim Created = DateAndTime.Now
Dim LogonDataSource As New SqlDataSource
LogonDataSource.ConnectionString = ConfigurationManager.ConnectionStrings("ConnectionString2").ToString
LogonDataSource.InsertCommand = "INSERT INTO LoginRecord(LoginDate,UserName,HostAddress,HostName) Values(@LoginDate,@UserName,@HostAddress,@HostName)"
LogonDataSource.InsertParameters.Add("LoginDate", Created)
LogonDataSource.InsertParameters.Add("UserName", UserId)
LogonDataSource.InsertParameters.Add("HostAddress", UserHost)
LogonDataSource.InsertParameters.Add("HostName", UserName)
Dim rowsaffected As Integer = 0
rowsaffected = LogonDataSource.Insert()
End Sub
</script>
<link rel="shortcut icon" href="<%=ResolveUrl("~/favicon.ico")%>"/>
<html>
<head id="Head1" runat="server">
<title>Forms Authentication - Login</title>
<style type="text/css">
.style1
{
width: 94%;
}
.style5
{
width: 1174px;
text-align: center;
}
.style6
{
color: #FFFFFF;
}
.style8
{
text-align: center;
}
.style9
{
font-family: Arial;
font-size: small;
}
.style10
{
width: 601px;
font-family: Arial;
text-align: left;
}
.style11
{
font-size: xx-small;
font-family: Arial, Helvetica, sans-serif;
text-align: left;
}
.style12
{
font-size: xx-small;
font-family: Arial;
}
.style13
{
font-size: xx-small;
}
.style14
{
font-size: xx-small;
}
.style16
{
font-family: Arial;
}
.style17
{
width: 322px;
font-family: Arial;
font-size: small;
}
.style18
{
width: 543px;
font-family: Arial;
font-size: small;
}
.style19
{
width: 601px;
font-family: Arial;
text-align: center;
font-size: small;
}
.style20
{
width: 543px;
font-family: Arial;
font-size: small;
text-align: center;
}
.style21
{
text-align: left;
}
.style22
{
width: 322px;
font-family: Arial;
font-size: small;
text-align: center;
}
.style23
{
text-align: center;
}
.style24
{
width: 543px;
font-family: Arial;
font-size: small;
color: #339966;
}
.style25
{
width: 322px;
font-family: Arial;
font-size: small;
text-align: left;
}
.style26
{
font-size: x-small;
}
.style27
{
width: 543px;
font-family: Arial;
font-size: small;
color: #009900;
}
.style28
{
color: #0000CC;
}
.style30
{
font-size: 8pt;
}
.style31
{
color: #0000CC;
font-size: 8pt;
}
.style32
{
color: #FF3300;
}
</style>
</head>
<body>
<form id="form1" runat="server">
<h3>
<table class="style1">
<tr>
<td style="background-color: #E62614; text-align: left;" class="style5">
<br />
<span class="style6">Carel USA Welcomes
You! </span><br />
<br />
</td>
</tr>
<tr>
<td class="style5">
<table class="style1">
<tr>
<td class="style22">
<asp:Image ID="Image1" runat="server" Height="112px"
ImageUrl="~/Pics1/3_wath-new-MCE.bmp" Width="216px" ImageAlign="Middle" />
</td>
<td class="style20">
<span class="style6">
<asp:Image ID="Image2" runat="server" CssClass="style23" Height="95px"
ImageUrl="~/Pics1/logo_ovale.bmp" Width="109px" />
</span></td>
<td class="style19">
<span class="style28">We Welcome You To Our Humidification Web Portal. </span>
<br class="style28" />
<span class="style31">If you have a Username and Password enter it below or be
our guest as </span>
<br class="style31" />
<span class="style30"><span class="style28">UserName: guest</span><br
class="style28" />
</span>
<span class="style28">
<span class="style30">Password: guest</span><span class="style26"><br />
Note: As a guest you will have access to all areas except pricing.Please contact
a Carel Sales Agent For Prices.</span></span></td>
</tr>
<tr>
<td class="style25">
<p class="style21">
</p>
</td>
<td class="style24">
Build Your Carel Humidifier Here</td>
<td class="style10">
<span class="style11">Username:</span><asp:TextBox ID="UserEmail" runat="server"
ontextchanged="UserEmail_TextChanged" Height="16px" Width="128px" />
<asp:RequiredFieldValidator ID="RequiredFieldValidator1"
ControlToValidate="UserEmail"
Display="Dynamic"
ErrorMessage="Enter UserName"
runat="server" CssClass="style11" ForeColor="#3333FF" />
</td>
</tr>
<tr>
<td class="style17">
<asp:HyperLink ID="HyperLink1" runat="server"
NavigateUrl="http://www.carelusa.com/usa_locator_start.htm" TabIndex="4">Need To Speak With a Carel Authorized Sales Agent?</asp:HyperLink>
</td>
<td class="style18">
</td>
<td class="style10">
<span class="style12">Password:</span><asp:TextBox ID="UserPass" TextMode="Password"
runat="server" Height="16px" Width="128px" CssClass="style16" />
<asp:RequiredFieldValidator ID="RequiredFieldValidator2"
ControlToValidate="UserPass"
ErrorMessage="Enter Password"
runat="server" CssClass="style12" ForeColor="#3333FF" />
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
</td>
<td class="style10">
<span class="style11">Remember me:</span><asp:CheckBox ID="Persist"
runat="server" CssClass="style13" /></td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style27">
Get Instant Load Calculations and Build Your Humidifcation System Here. It's
Easy With Carel Online!</td>
<td class="style10">
<asp:Button ID="Submit1" OnClick="Logon_Click" Text="Humidify Now!"
runat="server" style="text-align: center; font-size: xx-small;" Width="132px" Font-Names="Arial"
BackColor="#339966" ForeColor="White" Height="18px" TabIndex="3" />
<asp:Label ID="Msg" ForeColor="red" runat="server" CssClass="style14" />
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
</td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
</td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
</td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
<span class="style32">N</span><span class="style13"><span class="style32">ote:
Incorrect Entry of Credentials may limit your access. If this occurs please
close & re-open your browers and/or delete history files.We are working on this
problem.</span><br class="style32" />
<span class="style32">Thank you</span></span></td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
</td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
</td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
</td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
</td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
</td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
</td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
<asp:Label ID="Label1" runat="server" CssClass="style9"></asp:Label>
<asp:TextBox ID="TextBox1" runat="server" Visible="False" TabIndex="1"></asp:TextBox>
<asp:TextBox ID="TextBox2" runat="server" Visible="False" TabIndex="2"></asp:TextBox>
</td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
</td>
<td class="style10">
</td>
</tr>
<tr>
<td class="style17">
</td>
<td class="style18">
<asp:GridView ID="UserInfoGrid" runat="server" AutoGenerateColumns="False"
DataKeyNames="ID" DataSourceID="SqlDataSource1"
EmptyDataText="There are no data records to display." Visible="False">
<Columns>
<asp:BoundField DataField="UserId" HeaderText="UserId"
SortExpression="UserId" />
<asp:BoundField DataField="PWord" HeaderText="PWord" SortExpression="PWord" />
<asp:BoundField DataField="Security" HeaderText="Security"
SortExpression="Security" />
<asp:BoundField DataField="Address" HeaderText="Address"
SortExpression="Address" />
<asp:BoundField DataField="City" HeaderText="City" SortExpression="City" />
<asp:BoundField DataField="State" HeaderText="State" SortExpression="State" />
<asp:BoundField DataField="Zip" HeaderText="Zip" SortExpression="Zip" />
<asp:BoundField DataField="Tel" HeaderText="Tel" SortExpression="Tel" />
<asp:BoundField DataField="Fax" HeaderText="Fax" SortExpression="Fax" />
<asp:BoundField DataField="Email" HeaderText="Email" SortExpression="Email" />
<asp:BoundField DataField="ID" HeaderText="ID" ReadOnly="True"
SortExpression="ID" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:ConnectionString2 %>"
DeleteCommand="DELETE FROM [UserInfo] WHERE [ID] = @ID"
InsertCommand="INSERT INTO [UserInfo] ([UserId], [PWord], [Security], [Address], [City], [State], [Zip], [Tel], [Fax], [Email]) VALUES (@UserId, @PWord, @Security, @Address, @City, @State, @Zip, @Tel, @Fax, @Email)"
ProviderName="<%$ ConnectionStrings:ConnectionString2.ProviderName %>"
SelectCommand="SELECT [UserId], [PWord], [Security], [Address], [City], [State], [Zip], [Tel], [Fax], [Email], [ID] FROM [UserInfo] WHERE (([UserId] = @UserId) AND ([PWord] = @PWord))"
UpdateCommand="UPDATE [UserInfo] SET [UserId] = @UserId, [PWord] = @PWord, [Security] = @Security, [Address] = @Address, [City] = @City, [State] = @State, [Zip] = @Zip, [Tel] = @Tel, [Fax] = @Fax, [Email] = @Email WHERE [ID] = @ID">
<SelectParameters>
<asp:FormParameter FormField="UserEmail" Name="UserId" Type="String" />
<asp:FormParameter FormField="UserPass" Name="PWord" Type="String" />
</SelectParameters>
<DeleteParameters>
<asp:Parameter Name="ID" Type="Int32" />
</DeleteParameters>
<InsertParameters>
<asp:Parameter Name="UserId" Type="String" />
<asp:Parameter Name="PWord" Type="String" />
<asp:Parameter Name="Security" Type="String" />
<asp:Parameter Name="Address" Type="String" />
<asp:Parameter Name="City" Type="String" />
<asp:Parameter Name="State" Type="String" />
<asp:Parameter Name="Zip" Type="String" />
<asp:Parameter Name="Tel" Type="String" />
<asp:Parameter Name="Fax" Type="String" />
<asp:Parameter Name="Email" Type="String" />
</InsertParameters>
<UpdateParameters>
<asp:Parameter Name="UserId" Type="String" />
<asp:Parameter Name="PWord" Type="String" />
<asp:Parameter Name="Security" Type="String" />
<asp:Parameter Name="Address" Type="String" />
<asp:Parameter Name="City" Type="String" />
<asp:Parameter Name="State" Type="String" />
<asp:Parameter Name="Zip" Type="String" />
<asp:Parameter Name="Tel" Type="String" />
<asp:Parameter Name="Fax" Type="String" />
<asp:Parameter Name="Email" Type="String" />
<asp:Parameter Name="ID" Type="Int32" />
</UpdateParameters>
</asp:SqlDataSource>
</td>
<td class="style10">
</td>
</tr>
</table>
</td>
</tr>
</table>
</h3>
<p class="style8">
</p>
</form>
</body>
</html>
ASKER
Dim rowcount = UserInfoGrid.Rows.Count
rowcount = rowcount - 1
For x = 0 To rowcount
rowcount = rowcount - 1
For x = 0 To rowcount
After failing for the first time when user enters correct values , does it go inside the for loop and executes the IF condition?
Please debug your application & let me know
Anurag
Please debug your application & let me know
Anurag
ASKER
It doesnt fail when the right conditions are entered, only when the wrongs are
I mean when user enters wrong conditions it will fail. now after failure if user again enters the right conditions then check whether the execution go inside the for loop and it executes the IF condition or not?
Please debug your application & let me know
Anurag
Please debug your application & let me know
Anurag
ASKER
Can you suggest where to put the break points?
It would seem that it must entering again because it is a button click command?
It would seem that it must entering again because it is a button click command?
put the breakpoints on line 38 & 44 & 45 in the code you pasted above.
Then let me know which all breakpoints are hit.
Anurag
Then let me know which all breakpoints are hit.
Anurag
ASKER
This is what I got on a fail
It goes yellow on the dim rowcount
Not sure on the break points how to tell sorry
It goes yellow on the dim rowcount
Not sure on the break points how to tell sorry
Try this:
Change
defaultUrl="welcome.aspx)"
to
defaultUrl="welcome.aspx"
Change
defaultUrl="welcome.aspx)"
to
defaultUrl="welcome.aspx"
ASKER
chnaged it thanks...but did not help...I think I have looping issues, even when the loop is ended, it does not go to the next statement.
I made a new testlogon.aspx page and changed the web config, and added a label on the logon page so that the variable y would prove the routine so my vb source would be separate, but that still doesnt help when the two boxes dont match. What I get now is the code disappears in the user and passowrd textboxes, but it wont do a response.redirect///
**************************
Dim rowcount = UserInfoGrid.Rows.Count
Dim y As Double
rowcount = rowcount - 1
For x = 0 To rowcount
TextBox1.Text = Convert.ToString(UserInfoG
TextBox2.Text = Convert.ToString(UserInfoG
If UserEmail.Text.TrimEnd = TextBox1.Text.TrimEnd And UserPass.Text.TrimEnd = TextBox2.Text.TrimEnd Then
'TextBox1.Text = Convert.ToString(UserInfoG
'TextBox2.Text = Convert.ToString(UserInfoG
Session("LogName") = UserEmail.Text
Session("Security") = Convert.ToString(UserInfoG
Session("AcctID") = Convert.ToString(UserInfoG
Label1.Text = Session("Security")
y = x = 1
Label2.Text = y
FormsAuthentication.Redire
(UserEmail.Text, Persist.Checked)
End If
Next x
'Call LogRecord()
If Session("LogName") <> UserEmail.Text Then
'Request.Cookies.Clear()
Response.Redirect("goodbye
'FormsAuthentication.Redir
End If
I made a new testlogon.aspx page and changed the web config, and added a label on the logon page so that the variable y would prove the routine so my vb source would be separate, but that still doesnt help when the two boxes dont match. What I get now is the code disappears in the user and passowrd textboxes, but it wont do a response.redirect///
**************************
Dim rowcount = UserInfoGrid.Rows.Count
Dim y As Double
rowcount = rowcount - 1
For x = 0 To rowcount
TextBox1.Text = Convert.ToString(UserInfoG
TextBox2.Text = Convert.ToString(UserInfoG
If UserEmail.Text.TrimEnd = TextBox1.Text.TrimEnd And UserPass.Text.TrimEnd = TextBox2.Text.TrimEnd Then
'TextBox1.Text = Convert.ToString(UserInfoG
'TextBox2.Text = Convert.ToString(UserInfoG
Session("LogName") = UserEmail.Text
Session("Security") = Convert.ToString(UserInfoG
Session("AcctID") = Convert.ToString(UserInfoG
Label1.Text = Session("Security")
y = x = 1
Label2.Text = y
FormsAuthentication.Redire
(UserEmail.Text, Persist.Checked)
End If
Next x
'Call LogRecord()
If Session("LogName") <> UserEmail.Text Then
'Request.Cookies.Clear()
Response.Redirect("goodbye
'FormsAuthentication.Redir
End If
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
okay first tested with correct user id
For x = 0 To rowcount ' rowcount =0
User email = right name
FormsAuthentication.Redire
(UserEmail.Text, Persist.Checked) ' Persist check false ( did not check the box)
If Session("LogName") <> UserEmail.Text Then ' was correct name
It skipped the response.redirect command because the user name was correct
next ran it with bad userid
For x = 0 To rowcount ' rowcount =0 ' rwocount was -1....this is not good
It then skipped next debugs and stopped at
If Session("LogName") <> UserEmail.Text Then 'username was incorrect as it was supposed to be
then jumped to redirect page.
I changed the code as follows:
Dim rowcount As Double
rowcount = UserInfoGrid.Rows.Count
rowcount = rowcount - 1
and ran it with out debug and it took me the redirect page and when I went back to home and added the correct id and password it worked!!
ASKER
well it almost worked..after the bad user name the userid and password boxes went blank, so I re-entered it correctly and then it took me to the re-direct page, i then went to the login page again and entered the correct stuff and it worked...so I seem to have two steps in here instead of one..
Anurag