Solved

Login problems with forms authentication

Posted on 2009-04-03
5
8,293 Views
Last Modified: 2013-11-07
I am using forms authentication and a login form. I am entering the credentials correctly. However when I press the login button it seems to act like it is logging in however it doesn't go to the default.aspx page. I get this in the url "http://localhost/fv2/fv2/login.aspx?ReturnUrl=%2ffv2%2ffv2%2fdefault.aspx". I am including the code for the login page and the code behind. As well as the web.config contents. Any help you can give me would be great. Thanks in advance.
login form***

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="login.aspx.vb" Inherits="_Default" %>

<%@ mastertype virtualpath="fud.master" %>

<%@ import namespace="System.Data" %>

<%@ import namespace="System.Data.SqlClient" %>

<%@ Import Namespace="System.Web.Security" %>
 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 

<html xmlns="http://www.w3.org/1999/xhtml" >

<head runat="server">

    <title>FUD Login</title>

     <link rel="stylesheet" href="scr/coolstyle.css" type="text/css" />

</head>

<body>

    <br />

    <br />

    <br />

    <br />

    <br />

    <br />

    <br />

    <br />

    <br />

    <br />

    <form id="frmlogin" method="post" runat="server" >

        <asp:SqlDataSource ID="ds_login" runat="server" ConnectionString="<%$ ConnectionStrings:fss_caoConnectionString %>" SelectCommand="sp_loginvalidator" SelectCommandType="StoredProcedure">

            <SelectParameters>

                <asp:FormParameter DefaultValue="" FormField="txtuserid" Name="UserID" Type="String" />

                <asp:FormParameter FormField="txtpassword" Name="Password" Type="String" DefaultValue="" />

            </SelectParameters>

        </asp:SqlDataSource>

        <asp:Label ID="lblMessage" runat="server" Width="149px"></asp:Label>&nbsp;<asp:Label ID="lblMessage2" runat="server" Width="157px"></asp:Label><div>

        <asp:Table ID="tblloginheader" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">

        <asp:TableRow runat="server" HorizontalAlign="Center">

        <asp:TableCell runat="server">

        <asp:Label runat="server" CssClass="largetitle" Text="F U D Login" Width="550px" ID="lblloginheader" ></asp:Label>

        </asp:TableCell>        

        </asp:TableRow>        

        </asp:Table>

        <br />

        <asp:Table Id="tblloginbody" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">            

        <asp:TableRow>

        <asp:TableCell Width="50"></asp:TableCell>

        <asp:TableCell Width="120" HorizontalAlign="Right"><asp:Label runat="server" Text="User ID:" ID="lbluserid"></asp:Label></asp:TableCell>

        <asp:TableCell Width="120"><asp:TextBox runat="server" ID="txtuserid" MaxLength="12" Width="120" TabIndex="1"></asp:TextBox></asp:TableCell>

        <asp:TableCell Width="180"><asp:RequiredFieldValidator runat="server" ID="useridreq" ControlToValidate="txtuserid" ValidationGroup="fud_login"> * User ID is Required</asp:RequiredFieldValidator> </asp:TableCell>

        </asp:TableRow>

        <asp:TableRow>

        <asp:TableCell Width="50"></asp:TableCell>

        <asp:TableCell Width="120" HorizontalAlign="Right"><asp:Label runat="server" Text="Passowrd:" ID="lblpassword"></asp:Label></asp:TableCell>

        <asp:TableCell Width="120"><asp:TextBox CssClass="pwd" runat="server" ID="txtpassword" MaxLength="12" TextMode="Password" Width="120" TabIndex="2"></asp:TextBox></asp:TableCell>

        <asp:TableCell Width="180"><asp:RequiredFieldValidator runat="server" ID="RequiredFieldValidator1" ControlToValidate="txtpassword" ValidationGroup="fud_login"> * Password is Required</asp:RequiredFieldValidator> </asp:TableCell>

        </asp:TableRow>

        </asp:Table>

        <asp:Table ID="tbllogincontrols" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">

        <asp:TableRow>

        <asp:TableCell Width="100"></asp:TableCell>

        <asp:TableCell Width="300" HorizontalAlign="Center"><asp:Button ID="btnlogin" runat="server" OnClick="btnlogin_OnClick" Text="Login" TabIndex="3" ValidationGroup="fud_login"></asp:Button> <asp:Button ID="btncancel" runat="server" OnClick="btncancel_OnClick" Text="Cancel" TabIndex="4"></asp:Button></asp:TableCell>

        <asp:TableCell Width="150"></asp:TableCell>

        </asp:TableRow>

        </asp:Table>

        <br />

        <asp:Table ID="tbllogindisclaimer" runat="server" HorizontalAlign="Center" borderstyle="None">

        <asp:TableRow HorizontalAlign="Center">

        <asp:TableCell runat="server">

        <asp:Label runat="server" Text="This system is intended to be used solely by authorized users in the 	course of legitimate corporate business." Width="550px" ID="lbllogindisclaimer" ></asp:Label>

        </asp:TableCell>        

        </asp:TableRow>        

        </asp:Table>        

    </div>

    </form>

</body>

</html>
 

login code behind ***

Imports System.Web.Security '   |||||   Required Class for Authentication

Imports System.Data '   |||||   DB Accessing Import

Imports System.Data.SqlClient   '   ||||||  SQL Database Required Import!

Imports System.Configuration    '   ||||||  Required for Web.Config appSettings |||||

Imports System.Security.Cryptography

Partial Class _Default

    Inherits System.Web.UI.Page

    Dim objConn As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("fss_caoConnectionString").ConnectionString)

    Dim objCmd As SqlCommand

    Dim objDR As SqlDataReader

    Dim intMaxLoginAttempts As String

    Sub btnLogin_OnClick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnlogin.Click

        If Page.IsValid Then    '   ||||| Meaning the Control Validation was successful!

            '   |||||   Connect to Database for User Validation |||||

            If (CheckCredentials(txtuserid.Text, txtpassword.Text) = True) Then

                Dim aCookie As New HttpCookie("fud_info")

                aCookie.Values("userid") = txtuserid.Text

                'aCookie.Values("userid") = "@userid"

                'aCookie.Values("accessid") = "@raccessid"

                'aCookie.Values("email") = "@remail"

                'aCookie.Values("lastVisit") = DateTime.Now.ToString()

                aCookie.Expires = DateTime.Now.AddHours(4)

                Response.Cookies.Add(aCookie)

                Response.Redirect("default.aspx")

            Else

                Response.Redirect("failed.aspx")

            End If
 

            '   |||||   Credentials are Invalid

            '   |||||   Increment the LoginCount (attempts)

            Session("LoginCount") = CInt(Session("LoginCount")) + 1

            ' ||||| Determine the Number of Tries

            If Session("LoginCount").Equals(intMaxLoginAttempts) Then

                Response.Redirect("denied.aspx")

            End If
 

            If CInt(Session("LoginCount")) > 2 Then ' ||||| If Exceeds then Deny!

                Response.Redirect("denied.aspx")

            End If
 

        End If

    End Sub

    Sub btncancel_OnClick(ByVal Src As Object, ByVal E As EventArgs)

        txtuserid.Text = ""

        txtpassword.Text = ""

        txtuserid.Focus()

    End Sub

    Function CheckCredentials(ByVal Username As String, ByVal Password As String) As Boolean

        objConn.Open()

        objCmd = New SqlCommand("SELECT salt, pwd_hash FROM tblSecurity1 WHERE userid=@userid", objConn)

        objCmd.Parameters.AddWithValue("@userid", txtuserid.Text)
 

        objDR = objCmd.ExecuteReader

        If Not objDR.Read Then

            Return False

        Else

            Dim strSalt As String = objDR("salt")

            Dim strStoredPassword As String = objDR("pwd_hash")

            Dim strGivenPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(strSalt.Trim & txtPassword.Text, "SHA1")

            Response.Write(strGivenPassword)

            Return strStoredPassword = strGivenPassword

        End If

    End Function

    Protected Sub Page_LoadComplete(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.LoadComplete

        txtuserid.Focus()

    End Sub

End Class
 

web.config ***

<?xml version="1.0"?>

<!-- 

    Note: As an alternative to hand editing this file you can use the 

    web admin tool to configure settings for your application. Use

    the Website->Asp.Net Configuration option in Visual Studio.

    A full list of settings and comments can be found in 

    machine.config.comments usually located in 

    \Windows\Microsoft.Net\Framework\v2.x\Config 

-->

<configuration>

	<configSections>

		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>

					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections><appSettings/>

	<connectionStrings>

		<add name="fss_caoConnectionString" connectionString="Data Source=***;Initial Catalog=***;Persist Security Info=True;User ID=***;Password=***" providerName="System.Data.SqlClient"/>

	</connectionStrings>

	<system.web>

		<!-- 

            Set compilation debug="true" to insert debugging 

            symbols into the compiled page. Because this 

            affects performance, set this value to true only 

            during development.
 

            Visual Basic options:

            Set strict="true" to disallow all data type conversions 

            where data loss can occur. 

            Set explicit="true" to force declaration of all variables.

        -->

		<compilation debug="true" strict="false" explicit="true">

			<assemblies>

				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>

		<pages>

			<namespaces>

				<clear/>

				<add namespace="System"/>

				<add namespace="System.Collections"/>

				<add namespace="System.Collections.Specialized"/>

				<add namespace="System.Configuration"/>

				<add namespace="System.Text"/>

				<add namespace="System.Text.RegularExpressions"/>

				<add namespace="System.Web"/>

				<add namespace="System.Web.Caching"/>

				<add namespace="System.Web.SessionState"/>

				<add namespace="System.Web.Security"/>

				<add namespace="System.Web.Profile"/>

				<add namespace="System.Web.UI"/>

				<add namespace="System.Web.UI.WebControls"/>

				<add namespace="System.Web.UI.WebControls.WebParts"/>

				<add namespace="System.Web.UI.HtmlControls"/>

        <add namespace="System.Net.Mail"/>

			</namespaces>

			<controls>

				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>

		<!--

            The <authentication> section enables configuration 

            of the security authentication mode used by 

            ASP.NET to identify an incoming user. 

        -->

    <authentication mode="Forms">

      <forms loginUrl="login.aspx" defaultUrl="default.aspx" protection="All" timeout="30" path="/">

      </forms>

    </authentication>

    <authorization>

      <deny users="?"/>

    </authorization>

		<!--

            The <customErrors> section enables configuration 

            of what to do if/when an unhandled error occurs 

            during the execution of a request. Specifically, 

            it enables developers to configure html error pages 

            to be displayed in place of a error stack trace.
 

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">

            <error statusCode="403" redirect="NoAccess.htm" />

            <error statusCode="404" redirect="FileNotFound.htm" />

        </customErrors>

        -->

    <machineKey decryption="AES" validation="SHA1" decryptionKey="52A52F89D307B288A9C835F6CB19FBDDDDEBA5D1E3EDC672D4BCD5187CDB4831" validationKey="C1DEE58DA256BAA6E9952D93C09AEB7B3E6E981D4764C3A95E6EEEA4965E4855"/>

    <httpHandlers>

      <remove verb="*" path="*.asmx"/>

      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </httpHandlers>

    <httpModules>

      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </httpModules>

  </system.web>

  <system.net>

    <mailSettings>

      <smtp from="noreply@domain.com">

        <network host="***" password="" userName=""/>

      </smtp>

    </mailSettings>

  </system.net>

  <system.codedom>

    <compilers>

      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">

        <providerOption name="CompilerVersion" value="v3.5"/>

        <providerOption name="WarnAsError" value="false"/>

      </compiler>

      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">

        <providerOption name="CompilerVersion" value="v3.5"/>

        <providerOption name="OptionInfer" value="true"/>

        <providerOption name="WarnAsError" value="false"/>

      </compiler>

    </compilers>

  </system.codedom>

  <system.webServer>

    <validation validateIntegratedModeConfiguration="false"/>

    <modules>

      <remove name="ScriptModule"/>

      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </modules>

    <handlers>

      <remove name="WebServiceHandlerFactory-Integrated"/>

      <remove name="ScriptHandlerFactory"/>

      <remove name="ScriptHandlerFactoryAppServices"/>

      <remove name="ScriptResource"/>

      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </handlers>

  </system.webServer>

  <runtime>

    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

      <dependentAssembly>

        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>

        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>

      </dependentAssembly>

      <dependentAssembly>

        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>

        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>

      </dependentAssembly>

    </assemblyBinding>

  </runtime>

<location path="change_pwd.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>

<location path="failed.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>

<location path="denied.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>  

</configuration>

Open in new window

0
Comment
Question by:woodje
  • 3
  • 2
5 Comments
 
LVL 21

Expert Comment

by:Craig Wagner
ID: 24062099
It's been a while since I did anything with Forms authentication, but if I recall correctly you can't just create any old cookie, you need to create a cookie that the FormAuth infrastructure knows about.

I seem to remember having to call a FormsAuthentication.RedirectFromLoginPage() method in there somewhere that will create the login cookie that allows the FormsAuth infrastructure to detect that the user has gone through the correct login sequence.
0
 

Author Comment

by:woodje
ID: 24063231
Thanks for the response. I have been able to validate that my database lookup is working. And the redirection is working. It looks to be somehthing in the web.config that is not letting it see me as logged in. So it keeps sending me back to the login page. It will redirect to the pages that are outlined in the location section of the web.config file but none that are not listed there. Do I need to put an entry for all other possiblities and lock them down?
<?xml version="1.0"?>

<!-- 

    Note: As an alternative to hand editing this file you can use the 

    web admin tool to configure settings for your application. Use

    the Website->Asp.Net Configuration option in Visual Studio.

    A full list of settings and comments can be found in 

    machine.config.comments usually located in 

    \Windows\Microsoft.Net\Framework\v2.x\Config 

-->

<configuration>

	<configSections>

		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>

					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections><appSettings/>

	<connectionStrings>

		<add name="fss_caoConnectionString" connectionString="Data Source=***;Initial Catalog=***;Persist Security Info=True;User ID=***;Password=***" providerName="System.Data.SqlClient"/>

	</connectionStrings>

	<system.web>

		<!-- 

            Set compilation debug="true" to insert debugging 

            symbols into the compiled page. Because this 

            affects performance, set this value to true only 

            during development.
 

            Visual Basic options:

            Set strict="true" to disallow all data type conversions 

            where data loss can occur. 

            Set explicit="true" to force declaration of all variables.

        -->

		<compilation debug="true" strict="false" explicit="true">

			<assemblies>

				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>

		<pages>

			<namespaces>

				<clear/>

				<add namespace="System"/>

				<add namespace="System.Collections"/>

				<add namespace="System.Collections.Specialized"/>

				<add namespace="System.Configuration"/>

				<add namespace="System.Text"/>

				<add namespace="System.Text.RegularExpressions"/>

				<add namespace="System.Web"/>

				<add namespace="System.Web.Caching"/>

				<add namespace="System.Web.SessionState"/>

				<add namespace="System.Web.Security"/>

				<add namespace="System.Web.Profile"/>

				<add namespace="System.Web.UI"/>

				<add namespace="System.Web.UI.WebControls"/>

				<add namespace="System.Web.UI.WebControls.WebParts"/>

				<add namespace="System.Web.UI.HtmlControls"/>

        <add namespace="System.Net.Mail"/>

			</namespaces>

			<controls>

				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>

		<!--

            The <authentication> section enables configuration 

            of the security authentication mode used by 

            ASP.NET to identify an incoming user. 

        -->

    <authentication mode="Forms">

      <forms loginUrl="login.aspx" protection="All" timeout="30" path="/">

      </forms>

    </authentication>

    <authorization>

      <deny users="*"/>

    </authorization>

		<!--

            The <customErrors> section enables configuration 

            of what to do if/when an unhandled error occurs 

            during the execution of a request. Specifically, 

            it enables developers to configure html error pages 

            to be displayed in place of a error stack trace.
 

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">

            <error statusCode="403" redirect="NoAccess.htm" />

            <error statusCode="404" redirect="FileNotFound.htm" />

        </customErrors>

        -->

    <machineKey decryption="AES" validation="SHA1" decryptionKey="52A52F89D307B288A9C835F6CB19FBDDDDEBA5D1E3EDC672D4BCD5187CDB4831" validationKey="C1DEE58DA256BAA6E9952D93C09AEB7B3E6E981D4764C3A95E6EEEA4965E4855"/>

    <httpHandlers>

      <remove verb="*" path="*.asmx"/>

      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </httpHandlers>

    <httpModules>

      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </httpModules>

  </system.web>

  <system.net>

    <mailSettings>

      <smtp from="noreply@verizonwireless.com">

        <network host="gaalpexmb25.uswin.ad.vzwcorp.com" password="" userName=""/>

      </smtp>

    </mailSettings>

  </system.net>

  <system.codedom>

    <compilers>

      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">

        <providerOption name="CompilerVersion" value="v3.5"/>

        <providerOption name="WarnAsError" value="false"/>

      </compiler>

      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">

        <providerOption name="CompilerVersion" value="v3.5"/>

        <providerOption name="OptionInfer" value="true"/>

        <providerOption name="WarnAsError" value="false"/>

      </compiler>

    </compilers>

  </system.codedom>

  <system.webServer>

    <validation validateIntegratedModeConfiguration="false"/>

    <modules>

      <remove name="ScriptModule"/>

      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </modules>

    <handlers>

      <remove name="WebServiceHandlerFactory-Integrated"/>

      <remove name="ScriptHandlerFactory"/>

      <remove name="ScriptHandlerFactoryAppServices"/>

      <remove name="ScriptResource"/>

      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </handlers>

  </system.webServer>

  <runtime>

    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

      <dependentAssembly>

        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>

        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>

      </dependentAssembly>

      <dependentAssembly>

        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>

        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>

      </dependentAssembly>

    </assemblyBinding>

  </runtime>

<location path="change_pwd.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>

<location path="failed.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>

<location path="denied.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>  

</configuration>

Open in new window

0
 
LVL 21

Expert Comment

by:Craig Wagner
ID: 24063812
You need to call FormsAuthentication.RedirectFromLoginPage() in order to ensure the authCookie is created. There's nothing wrong with your web.config, you are not creating the cookie needed by the FormsAuth infrastructure.
0
 

Author Comment

by:woodje
ID: 24063849
I have tried FormsAuthentication.RedirectFromLoginPage(txtusername.Text, False) and it did nothing to my problem.
0
 
LVL 21

Accepted Solution

by:
Craig Wagner earned 500 total points
ID: 24063942
Referring back to the original code, where did you put the RedirectFromLoginPage call? It should have replaced the Response.Redirect at line 100.

The following might also be causing you a problem. You're telling the system to deny access to everyone.

    <authorization>
      <deny users="*"/>
    </authorization>

I think it should be:

    <authorization>
      <deny users="?"/>
    </authorization>

The ? will deny access to anonymous (unauthenticated) users.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Help with error message for ReportViewer in VS2015 4 26
Code enhancement 5 13
Check if number is currency 15 29
XML & .net 5 21
Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now