Solved

Login problems with forms authentication

Posted on 2009-04-03
5
9,356 Views
Last Modified: 2013-11-07
I am using forms authentication and a login form. I am entering the credentials correctly. However when I press the login button it seems to act like it is logging in however it doesn't go to the default.aspx page. I get this in the url "http://localhost/fv2/fv2/login.aspx?ReturnUrl=%2ffv2%2ffv2%2fdefault.aspx". I am including the code for the login page and the code behind. As well as the web.config contents. Any help you can give me would be great. Thanks in advance.
login form***
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="login.aspx.vb" Inherits="_Default" %>
<%@ mastertype virtualpath="fud.master" %>
<%@ import namespace="System.Data" %>
<%@ import namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Web.Security" %>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>FUD Login</title>
     <link rel="stylesheet" href="scr/coolstyle.css" type="text/css" />
</head>
<body>
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <form id="frmlogin" method="post" runat="server" >
        <asp:SqlDataSource ID="ds_login" runat="server" ConnectionString="<%$ ConnectionStrings:fss_caoConnectionString %>" SelectCommand="sp_loginvalidator" SelectCommandType="StoredProcedure">
            <SelectParameters>
                <asp:FormParameter DefaultValue="" FormField="txtuserid" Name="UserID" Type="String" />
                <asp:FormParameter FormField="txtpassword" Name="Password" Type="String" DefaultValue="" />
            </SelectParameters>
        </asp:SqlDataSource>
        <asp:Label ID="lblMessage" runat="server" Width="149px"></asp:Label>&nbsp;<asp:Label ID="lblMessage2" runat="server" Width="157px"></asp:Label><div>
        <asp:Table ID="tblloginheader" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">
        <asp:TableRow runat="server" HorizontalAlign="Center">
        <asp:TableCell runat="server">
        <asp:Label runat="server" CssClass="largetitle" Text="F U D Login" Width="550px" ID="lblloginheader" ></asp:Label>
        </asp:TableCell>        
        </asp:TableRow>        
        </asp:Table>
        <br />
        <asp:Table Id="tblloginbody" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">            
        <asp:TableRow>
        <asp:TableCell Width="50"></asp:TableCell>
        <asp:TableCell Width="120" HorizontalAlign="Right"><asp:Label runat="server" Text="User ID:" ID="lbluserid"></asp:Label></asp:TableCell>
        <asp:TableCell Width="120"><asp:TextBox runat="server" ID="txtuserid" MaxLength="12" Width="120" TabIndex="1"></asp:TextBox></asp:TableCell>
        <asp:TableCell Width="180"><asp:RequiredFieldValidator runat="server" ID="useridreq" ControlToValidate="txtuserid" ValidationGroup="fud_login"> * User ID is Required</asp:RequiredFieldValidator> </asp:TableCell>
        </asp:TableRow>
        <asp:TableRow>
        <asp:TableCell Width="50"></asp:TableCell>
        <asp:TableCell Width="120" HorizontalAlign="Right"><asp:Label runat="server" Text="Passowrd:" ID="lblpassword"></asp:Label></asp:TableCell>
        <asp:TableCell Width="120"><asp:TextBox CssClass="pwd" runat="server" ID="txtpassword" MaxLength="12" TextMode="Password" Width="120" TabIndex="2"></asp:TextBox></asp:TableCell>
        <asp:TableCell Width="180"><asp:RequiredFieldValidator runat="server" ID="RequiredFieldValidator1" ControlToValidate="txtpassword" ValidationGroup="fud_login"> * Password is Required</asp:RequiredFieldValidator> </asp:TableCell>
        </asp:TableRow>
        </asp:Table>
        <asp:Table ID="tbllogincontrols" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">
        <asp:TableRow>
        <asp:TableCell Width="100"></asp:TableCell>
        <asp:TableCell Width="300" HorizontalAlign="Center"><asp:Button ID="btnlogin" runat="server" OnClick="btnlogin_OnClick" Text="Login" TabIndex="3" ValidationGroup="fud_login"></asp:Button> <asp:Button ID="btncancel" runat="server" OnClick="btncancel_OnClick" Text="Cancel" TabIndex="4"></asp:Button></asp:TableCell>
        <asp:TableCell Width="150"></asp:TableCell>
        </asp:TableRow>
        </asp:Table>
        <br />
        <asp:Table ID="tbllogindisclaimer" runat="server" HorizontalAlign="Center" borderstyle="None">
        <asp:TableRow HorizontalAlign="Center">
        <asp:TableCell runat="server">
        <asp:Label runat="server" Text="This system is intended to be used solely by authorized users in the 	course of legitimate corporate business." Width="550px" ID="lbllogindisclaimer" ></asp:Label>
        </asp:TableCell>        
        </asp:TableRow>        
        </asp:Table>        
    </div>
    </form>
</body>
</html>
 
login code behind ***
Imports System.Web.Security '   |||||   Required Class for Authentication
Imports System.Data '   |||||   DB Accessing Import
Imports System.Data.SqlClient   '   ||||||  SQL Database Required Import!
Imports System.Configuration    '   ||||||  Required for Web.Config appSettings |||||
Imports System.Security.Cryptography
Partial Class _Default
    Inherits System.Web.UI.Page
    Dim objConn As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("fss_caoConnectionString").ConnectionString)
    Dim objCmd As SqlCommand
    Dim objDR As SqlDataReader
    Dim intMaxLoginAttempts As String
    Sub btnLogin_OnClick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnlogin.Click
        If Page.IsValid Then    '   ||||| Meaning the Control Validation was successful!
            '   |||||   Connect to Database for User Validation |||||
            If (CheckCredentials(txtuserid.Text, txtpassword.Text) = True) Then
                Dim aCookie As New HttpCookie("fud_info")
                aCookie.Values("userid") = txtuserid.Text
                'aCookie.Values("userid") = "@userid"
                'aCookie.Values("accessid") = "@raccessid"
                'aCookie.Values("email") = "@remail"
                'aCookie.Values("lastVisit") = DateTime.Now.ToString()
                aCookie.Expires = DateTime.Now.AddHours(4)
                Response.Cookies.Add(aCookie)
                Response.Redirect("default.aspx")
            Else
                Response.Redirect("failed.aspx")
            End If
 
            '   |||||   Credentials are Invalid
            '   |||||   Increment the LoginCount (attempts)
            Session("LoginCount") = CInt(Session("LoginCount")) + 1
            ' ||||| Determine the Number of Tries
            If Session("LoginCount").Equals(intMaxLoginAttempts) Then
                Response.Redirect("denied.aspx")
            End If
 
            If CInt(Session("LoginCount")) > 2 Then ' ||||| If Exceeds then Deny!
                Response.Redirect("denied.aspx")
            End If
 
        End If
    End Sub
    Sub btncancel_OnClick(ByVal Src As Object, ByVal E As EventArgs)
        txtuserid.Text = ""
        txtpassword.Text = ""
        txtuserid.Focus()
    End Sub
    Function CheckCredentials(ByVal Username As String, ByVal Password As String) As Boolean
        objConn.Open()
        objCmd = New SqlCommand("SELECT salt, pwd_hash FROM tblSecurity1 WHERE userid=@userid", objConn)
        objCmd.Parameters.AddWithValue("@userid", txtuserid.Text)
 
        objDR = objCmd.ExecuteReader
        If Not objDR.Read Then
            Return False
        Else
            Dim strSalt As String = objDR("salt")
            Dim strStoredPassword As String = objDR("pwd_hash")
            Dim strGivenPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(strSalt.Trim & txtPassword.Text, "SHA1")
            Response.Write(strGivenPassword)
            Return strStoredPassword = strGivenPassword
        End If
    End Function
    Protected Sub Page_LoadComplete(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.LoadComplete
        txtuserid.Focus()
    End Sub
End Class
 
web.config ***
<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
	<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections><appSettings/>
	<connectionStrings>
		<add name="fss_caoConnectionString" connectionString="Data Source=***;Initial Catalog=***;Persist Security Info=True;User ID=***;Password=***" providerName="System.Data.SqlClient"/>
	</connectionStrings>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
 
            Visual Basic options:
            Set strict="true" to disallow all data type conversions 
            where data loss can occur. 
            Set explicit="true" to force declaration of all variables.
        -->
		<compilation debug="true" strict="false" explicit="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
		<pages>
			<namespaces>
				<clear/>
				<add namespace="System"/>
				<add namespace="System.Collections"/>
				<add namespace="System.Collections.Specialized"/>
				<add namespace="System.Configuration"/>
				<add namespace="System.Text"/>
				<add namespace="System.Text.RegularExpressions"/>
				<add namespace="System.Web"/>
				<add namespace="System.Web.Caching"/>
				<add namespace="System.Web.SessionState"/>
				<add namespace="System.Web.Security"/>
				<add namespace="System.Web.Profile"/>
				<add namespace="System.Web.UI"/>
				<add namespace="System.Web.UI.WebControls"/>
				<add namespace="System.Web.UI.WebControls.WebParts"/>
				<add namespace="System.Web.UI.HtmlControls"/>
        <add namespace="System.Net.Mail"/>
			</namespaces>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <authentication mode="Forms">
      <forms loginUrl="login.aspx" defaultUrl="default.aspx" protection="All" timeout="30" path="/">
      </forms>
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
 
        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    <machineKey decryption="AES" validation="SHA1" decryptionKey="52A52F89D307B288A9C835F6CB19FBDDDDEBA5D1E3EDC672D4BCD5187CDB4831" validationKey="C1DEE58DA256BAA6E9952D93C09AEB7B3E6E981D4764C3A95E6EEEA4965E4855"/>
    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>
    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>
  </system.web>
  <system.net>
    <mailSettings>
      <smtp from="noreply@domain.com">
        <network host="***" password="" userName=""/>
      </smtp>
    </mailSettings>
  </system.net>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="OptionInfer" value="true"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
    </compilers>
  </system.codedom>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>
    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </handlers>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
<location path="change_pwd.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="failed.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="denied.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>  
</configuration>

Open in new window

0
Comment
Question by:woodje
  • 3
  • 2
5 Comments
 
LVL 21

Expert Comment

by:Craig Wagner
ID: 24062099
It's been a while since I did anything with Forms authentication, but if I recall correctly you can't just create any old cookie, you need to create a cookie that the FormAuth infrastructure knows about.

I seem to remember having to call a FormsAuthentication.RedirectFromLoginPage() method in there somewhere that will create the login cookie that allows the FormsAuth infrastructure to detect that the user has gone through the correct login sequence.
0
 

Author Comment

by:woodje
ID: 24063231
Thanks for the response. I have been able to validate that my database lookup is working. And the redirection is working. It looks to be somehthing in the web.config that is not letting it see me as logged in. So it keeps sending me back to the login page. It will redirect to the pages that are outlined in the location section of the web.config file but none that are not listed there. Do I need to put an entry for all other possiblities and lock them down?
<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
	<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections><appSettings/>
	<connectionStrings>
		<add name="fss_caoConnectionString" connectionString="Data Source=***;Initial Catalog=***;Persist Security Info=True;User ID=***;Password=***" providerName="System.Data.SqlClient"/>
	</connectionStrings>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
 
            Visual Basic options:
            Set strict="true" to disallow all data type conversions 
            where data loss can occur. 
            Set explicit="true" to force declaration of all variables.
        -->
		<compilation debug="true" strict="false" explicit="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
		<pages>
			<namespaces>
				<clear/>
				<add namespace="System"/>
				<add namespace="System.Collections"/>
				<add namespace="System.Collections.Specialized"/>
				<add namespace="System.Configuration"/>
				<add namespace="System.Text"/>
				<add namespace="System.Text.RegularExpressions"/>
				<add namespace="System.Web"/>
				<add namespace="System.Web.Caching"/>
				<add namespace="System.Web.SessionState"/>
				<add namespace="System.Web.Security"/>
				<add namespace="System.Web.Profile"/>
				<add namespace="System.Web.UI"/>
				<add namespace="System.Web.UI.WebControls"/>
				<add namespace="System.Web.UI.WebControls.WebParts"/>
				<add namespace="System.Web.UI.HtmlControls"/>
        <add namespace="System.Net.Mail"/>
			</namespaces>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <authentication mode="Forms">
      <forms loginUrl="login.aspx" protection="All" timeout="30" path="/">
      </forms>
    </authentication>
    <authorization>
      <deny users="*"/>
    </authorization>
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
 
        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    <machineKey decryption="AES" validation="SHA1" decryptionKey="52A52F89D307B288A9C835F6CB19FBDDDDEBA5D1E3EDC672D4BCD5187CDB4831" validationKey="C1DEE58DA256BAA6E9952D93C09AEB7B3E6E981D4764C3A95E6EEEA4965E4855"/>
    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>
    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>
  </system.web>
  <system.net>
    <mailSettings>
      <smtp from="noreply@verizonwireless.com">
        <network host="gaalpexmb25.uswin.ad.vzwcorp.com" password="" userName=""/>
      </smtp>
    </mailSettings>
  </system.net>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="OptionInfer" value="true"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
    </compilers>
  </system.codedom>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>
    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </handlers>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
<location path="change_pwd.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="failed.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="denied.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>  
</configuration>

Open in new window

0
 
LVL 21

Expert Comment

by:Craig Wagner
ID: 24063812
You need to call FormsAuthentication.RedirectFromLoginPage() in order to ensure the authCookie is created. There's nothing wrong with your web.config, you are not creating the cookie needed by the FormsAuth infrastructure.
0
 

Author Comment

by:woodje
ID: 24063849
I have tried FormsAuthentication.RedirectFromLoginPage(txtusername.Text, False) and it did nothing to my problem.
0
 
LVL 21

Accepted Solution

by:
Craig Wagner earned 500 total points
ID: 24063942
Referring back to the original code, where did you put the RedirectFromLoginPage call? It should have replaced the Response.Redirect at line 100.

The following might also be causing you a problem. You're telling the system to deny access to everyone.

    <authorization>
      <deny users="*"/>
    </authorization>

I think it should be:

    <authorization>
      <deny users="?"/>
    </authorization>

The ? will deny access to anonymous (unauthenticated) users.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sending an input value from a view to a controller in MVC 3 27
Need syntax help building hyperlink 2 38
Input parameteres to DragOver 2 34
Why use this lambda? 12 60
Welcome my friends to the second instalment and follow-up to our Minify and Concatenate Your Scripts and Stylesheets (http://www.experts-exchange.com/Programming/Languages/.NET/ASP.NET/A_4334-Minify-and-Concatenate-Your-Scripts-and-Stylesheets.html)…
For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question