Link to home
Start Free TrialLog in
Avatar of woodje
woodjeFlag for United States of America

asked on

Login problems with forms authentication

I am using forms authentication and a login form. I am entering the credentials correctly. However when I press the login button it seems to act like it is logging in however it doesn't go to the default.aspx page. I get this in the url "http://localhost/fv2/fv2/login.aspx?ReturnUrl=%2ffv2%2ffv2%2fdefault.aspx". I am including the code for the login page and the code behind. As well as the web.config contents. Any help you can give me would be great. Thanks in advance.
login form***
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="login.aspx.vb" Inherits="_Default" %>
<%@ mastertype virtualpath="fud.master" %>
<%@ import namespace="System.Data" %>
<%@ import namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Web.Security" %>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>FUD Login</title>
     <link rel="stylesheet" href="scr/coolstyle.css" type="text/css" />
</head>
<body>
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <form id="frmlogin" method="post" runat="server" >
        <asp:SqlDataSource ID="ds_login" runat="server" ConnectionString="<%$ ConnectionStrings:fss_caoConnectionString %>" SelectCommand="sp_loginvalidator" SelectCommandType="StoredProcedure">
            <SelectParameters>
                <asp:FormParameter DefaultValue="" FormField="txtuserid" Name="UserID" Type="String" />
                <asp:FormParameter FormField="txtpassword" Name="Password" Type="String" DefaultValue="" />
            </SelectParameters>
        </asp:SqlDataSource>
        <asp:Label ID="lblMessage" runat="server" Width="149px"></asp:Label>&nbsp;<asp:Label ID="lblMessage2" runat="server" Width="157px"></asp:Label><div>
        <asp:Table ID="tblloginheader" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">
        <asp:TableRow runat="server" HorizontalAlign="Center">
        <asp:TableCell runat="server">
        <asp:Label runat="server" CssClass="largetitle" Text="F U D Login" Width="550px" ID="lblloginheader" ></asp:Label>
        </asp:TableCell>        
        </asp:TableRow>        
        </asp:Table>
        <br />
        <asp:Table Id="tblloginbody" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">            
        <asp:TableRow>
        <asp:TableCell Width="50"></asp:TableCell>
        <asp:TableCell Width="120" HorizontalAlign="Right"><asp:Label runat="server" Text="User ID:" ID="lbluserid"></asp:Label></asp:TableCell>
        <asp:TableCell Width="120"><asp:TextBox runat="server" ID="txtuserid" MaxLength="12" Width="120" TabIndex="1"></asp:TextBox></asp:TableCell>
        <asp:TableCell Width="180"><asp:RequiredFieldValidator runat="server" ID="useridreq" ControlToValidate="txtuserid" ValidationGroup="fud_login"> * User ID is Required</asp:RequiredFieldValidator> </asp:TableCell>
        </asp:TableRow>
        <asp:TableRow>
        <asp:TableCell Width="50"></asp:TableCell>
        <asp:TableCell Width="120" HorizontalAlign="Right"><asp:Label runat="server" Text="Passowrd:" ID="lblpassword"></asp:Label></asp:TableCell>
        <asp:TableCell Width="120"><asp:TextBox CssClass="pwd" runat="server" ID="txtpassword" MaxLength="12" TextMode="Password" Width="120" TabIndex="2"></asp:TextBox></asp:TableCell>
        <asp:TableCell Width="180"><asp:RequiredFieldValidator runat="server" ID="RequiredFieldValidator1" ControlToValidate="txtpassword" ValidationGroup="fud_login"> * Password is Required</asp:RequiredFieldValidator> </asp:TableCell>
        </asp:TableRow>
        </asp:Table>
        <asp:Table ID="tbllogincontrols" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">
        <asp:TableRow>
        <asp:TableCell Width="100"></asp:TableCell>
        <asp:TableCell Width="300" HorizontalAlign="Center"><asp:Button ID="btnlogin" runat="server" OnClick="btnlogin_OnClick" Text="Login" TabIndex="3" ValidationGroup="fud_login"></asp:Button> <asp:Button ID="btncancel" runat="server" OnClick="btncancel_OnClick" Text="Cancel" TabIndex="4"></asp:Button></asp:TableCell>
        <asp:TableCell Width="150"></asp:TableCell>
        </asp:TableRow>
        </asp:Table>
        <br />
        <asp:Table ID="tbllogindisclaimer" runat="server" HorizontalAlign="Center" borderstyle="None">
        <asp:TableRow HorizontalAlign="Center">
        <asp:TableCell runat="server">
        <asp:Label runat="server" Text="This system is intended to be used solely by authorized users in the 	course of legitimate corporate business." Width="550px" ID="lbllogindisclaimer" ></asp:Label>
        </asp:TableCell>        
        </asp:TableRow>        
        </asp:Table>        
    </div>
    </form>
</body>
</html>
 
login code behind ***
Imports System.Web.Security '   |||||   Required Class for Authentication
Imports System.Data '   |||||   DB Accessing Import
Imports System.Data.SqlClient   '   ||||||  SQL Database Required Import!
Imports System.Configuration    '   ||||||  Required for Web.Config appSettings |||||
Imports System.Security.Cryptography
Partial Class _Default
    Inherits System.Web.UI.Page
    Dim objConn As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("fss_caoConnectionString").ConnectionString)
    Dim objCmd As SqlCommand
    Dim objDR As SqlDataReader
    Dim intMaxLoginAttempts As String
    Sub btnLogin_OnClick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnlogin.Click
        If Page.IsValid Then    '   ||||| Meaning the Control Validation was successful!
            '   |||||   Connect to Database for User Validation |||||
            If (CheckCredentials(txtuserid.Text, txtpassword.Text) = True) Then
                Dim aCookie As New HttpCookie("fud_info")
                aCookie.Values("userid") = txtuserid.Text
                'aCookie.Values("userid") = "@userid"
                'aCookie.Values("accessid") = "@raccessid"
                'aCookie.Values("email") = "@remail"
                'aCookie.Values("lastVisit") = DateTime.Now.ToString()
                aCookie.Expires = DateTime.Now.AddHours(4)
                Response.Cookies.Add(aCookie)
                Response.Redirect("default.aspx")
            Else
                Response.Redirect("failed.aspx")
            End If
 
            '   |||||   Credentials are Invalid
            '   |||||   Increment the LoginCount (attempts)
            Session("LoginCount") = CInt(Session("LoginCount")) + 1
            ' ||||| Determine the Number of Tries
            If Session("LoginCount").Equals(intMaxLoginAttempts) Then
                Response.Redirect("denied.aspx")
            End If
 
            If CInt(Session("LoginCount")) > 2 Then ' ||||| If Exceeds then Deny!
                Response.Redirect("denied.aspx")
            End If
 
        End If
    End Sub
    Sub btncancel_OnClick(ByVal Src As Object, ByVal E As EventArgs)
        txtuserid.Text = ""
        txtpassword.Text = ""
        txtuserid.Focus()
    End Sub
    Function CheckCredentials(ByVal Username As String, ByVal Password As String) As Boolean
        objConn.Open()
        objCmd = New SqlCommand("SELECT salt, pwd_hash FROM tblSecurity1 WHERE userid=@userid", objConn)
        objCmd.Parameters.AddWithValue("@userid", txtuserid.Text)
 
        objDR = objCmd.ExecuteReader
        If Not objDR.Read Then
            Return False
        Else
            Dim strSalt As String = objDR("salt")
            Dim strStoredPassword As String = objDR("pwd_hash")
            Dim strGivenPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(strSalt.Trim & txtPassword.Text, "SHA1")
            Response.Write(strGivenPassword)
            Return strStoredPassword = strGivenPassword
        End If
    End Function
    Protected Sub Page_LoadComplete(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.LoadComplete
        txtuserid.Focus()
    End Sub
End Class
 
web.config ***
<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
	<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections><appSettings/>
	<connectionStrings>
		<add name="fss_caoConnectionString" connectionString="Data Source=***;Initial Catalog=***;Persist Security Info=True;User ID=***;Password=***" providerName="System.Data.SqlClient"/>
	</connectionStrings>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
 
            Visual Basic options:
            Set strict="true" to disallow all data type conversions 
            where data loss can occur. 
            Set explicit="true" to force declaration of all variables.
        -->
		<compilation debug="true" strict="false" explicit="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
		<pages>
			<namespaces>
				<clear/>
				<add namespace="System"/>
				<add namespace="System.Collections"/>
				<add namespace="System.Collections.Specialized"/>
				<add namespace="System.Configuration"/>
				<add namespace="System.Text"/>
				<add namespace="System.Text.RegularExpressions"/>
				<add namespace="System.Web"/>
				<add namespace="System.Web.Caching"/>
				<add namespace="System.Web.SessionState"/>
				<add namespace="System.Web.Security"/>
				<add namespace="System.Web.Profile"/>
				<add namespace="System.Web.UI"/>
				<add namespace="System.Web.UI.WebControls"/>
				<add namespace="System.Web.UI.WebControls.WebParts"/>
				<add namespace="System.Web.UI.HtmlControls"/>
        <add namespace="System.Net.Mail"/>
			</namespaces>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <authentication mode="Forms">
      <forms loginUrl="login.aspx" defaultUrl="default.aspx" protection="All" timeout="30" path="/">
      </forms>
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
 
        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    <machineKey decryption="AES" validation="SHA1" decryptionKey="52A52F89D307B288A9C835F6CB19FBDDDDEBA5D1E3EDC672D4BCD5187CDB4831" validationKey="C1DEE58DA256BAA6E9952D93C09AEB7B3E6E981D4764C3A95E6EEEA4965E4855"/>
    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>
    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>
  </system.web>
  <system.net>
    <mailSettings>
      <smtp from="noreply@domain.com">
        <network host="***" password="" userName=""/>
      </smtp>
    </mailSettings>
  </system.net>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="OptionInfer" value="true"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
    </compilers>
  </system.codedom>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>
    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </handlers>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
<location path="change_pwd.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="failed.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="denied.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>  
</configuration>

Open in new window

Avatar of Craig Wagner
Craig Wagner
Flag of United States of America image

It's been a while since I did anything with Forms authentication, but if I recall correctly you can't just create any old cookie, you need to create a cookie that the FormAuth infrastructure knows about.

I seem to remember having to call a FormsAuthentication.RedirectFromLoginPage() method in there somewhere that will create the login cookie that allows the FormsAuth infrastructure to detect that the user has gone through the correct login sequence.
Avatar of woodje

ASKER

Thanks for the response. I have been able to validate that my database lookup is working. And the redirection is working. It looks to be somehthing in the web.config that is not letting it see me as logged in. So it keeps sending me back to the login page. It will redirect to the pages that are outlined in the location section of the web.config file but none that are not listed there. Do I need to put an entry for all other possiblities and lock them down?
<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
	<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections><appSettings/>
	<connectionStrings>
		<add name="fss_caoConnectionString" connectionString="Data Source=***;Initial Catalog=***;Persist Security Info=True;User ID=***;Password=***" providerName="System.Data.SqlClient"/>
	</connectionStrings>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
 
            Visual Basic options:
            Set strict="true" to disallow all data type conversions 
            where data loss can occur. 
            Set explicit="true" to force declaration of all variables.
        -->
		<compilation debug="true" strict="false" explicit="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
		<pages>
			<namespaces>
				<clear/>
				<add namespace="System"/>
				<add namespace="System.Collections"/>
				<add namespace="System.Collections.Specialized"/>
				<add namespace="System.Configuration"/>
				<add namespace="System.Text"/>
				<add namespace="System.Text.RegularExpressions"/>
				<add namespace="System.Web"/>
				<add namespace="System.Web.Caching"/>
				<add namespace="System.Web.SessionState"/>
				<add namespace="System.Web.Security"/>
				<add namespace="System.Web.Profile"/>
				<add namespace="System.Web.UI"/>
				<add namespace="System.Web.UI.WebControls"/>
				<add namespace="System.Web.UI.WebControls.WebParts"/>
				<add namespace="System.Web.UI.HtmlControls"/>
        <add namespace="System.Net.Mail"/>
			</namespaces>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <authentication mode="Forms">
      <forms loginUrl="login.aspx" protection="All" timeout="30" path="/">
      </forms>
    </authentication>
    <authorization>
      <deny users="*"/>
    </authorization>
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
 
        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    <machineKey decryption="AES" validation="SHA1" decryptionKey="52A52F89D307B288A9C835F6CB19FBDDDDEBA5D1E3EDC672D4BCD5187CDB4831" validationKey="C1DEE58DA256BAA6E9952D93C09AEB7B3E6E981D4764C3A95E6EEEA4965E4855"/>
    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>
    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>
  </system.web>
  <system.net>
    <mailSettings>
      <smtp from="noreply@verizonwireless.com">
        <network host="gaalpexmb25.uswin.ad.vzwcorp.com" password="" userName=""/>
      </smtp>
    </mailSettings>
  </system.net>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="OptionInfer" value="true"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
    </compilers>
  </system.codedom>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>
    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </handlers>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
<location path="change_pwd.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="failed.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="denied.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>  
</configuration>

Open in new window

You need to call FormsAuthentication.RedirectFromLoginPage() in order to ensure the authCookie is created. There's nothing wrong with your web.config, you are not creating the cookie needed by the FormsAuth infrastructure.
Avatar of woodje

ASKER

I have tried FormsAuthentication.RedirectFromLoginPage(txtusername.Text, False) and it did nothing to my problem.
ASKER CERTIFIED SOLUTION
Avatar of Craig Wagner
Craig Wagner
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial