Solved

Login problems with forms authentication

Posted on 2009-04-03
5
8,853 Views
Last Modified: 2013-11-07
I am using forms authentication and a login form. I am entering the credentials correctly. However when I press the login button it seems to act like it is logging in however it doesn't go to the default.aspx page. I get this in the url "http://localhost/fv2/fv2/login.aspx?ReturnUrl=%2ffv2%2ffv2%2fdefault.aspx". I am including the code for the login page and the code behind. As well as the web.config contents. Any help you can give me would be great. Thanks in advance.
login form***

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="login.aspx.vb" Inherits="_Default" %>

<%@ mastertype virtualpath="fud.master" %>

<%@ import namespace="System.Data" %>

<%@ import namespace="System.Data.SqlClient" %>

<%@ Import Namespace="System.Web.Security" %>
 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 

<html xmlns="http://www.w3.org/1999/xhtml" >

<head runat="server">

    <title>FUD Login</title>

     <link rel="stylesheet" href="scr/coolstyle.css" type="text/css" />

</head>

<body>

    <br />

    <br />

    <br />

    <br />

    <br />

    <br />

    <br />

    <br />

    <br />

    <br />

    <form id="frmlogin" method="post" runat="server" >

        <asp:SqlDataSource ID="ds_login" runat="server" ConnectionString="<%$ ConnectionStrings:fss_caoConnectionString %>" SelectCommand="sp_loginvalidator" SelectCommandType="StoredProcedure">

            <SelectParameters>

                <asp:FormParameter DefaultValue="" FormField="txtuserid" Name="UserID" Type="String" />

                <asp:FormParameter FormField="txtpassword" Name="Password" Type="String" DefaultValue="" />

            </SelectParameters>

        </asp:SqlDataSource>

        <asp:Label ID="lblMessage" runat="server" Width="149px"></asp:Label>&nbsp;<asp:Label ID="lblMessage2" runat="server" Width="157px"></asp:Label><div>

        <asp:Table ID="tblloginheader" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">

        <asp:TableRow runat="server" HorizontalAlign="Center">

        <asp:TableCell runat="server">

        <asp:Label runat="server" CssClass="largetitle" Text="F U D Login" Width="550px" ID="lblloginheader" ></asp:Label>

        </asp:TableCell>        

        </asp:TableRow>        

        </asp:Table>

        <br />

        <asp:Table Id="tblloginbody" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">            

        <asp:TableRow>

        <asp:TableCell Width="50"></asp:TableCell>

        <asp:TableCell Width="120" HorizontalAlign="Right"><asp:Label runat="server" Text="User ID:" ID="lbluserid"></asp:Label></asp:TableCell>

        <asp:TableCell Width="120"><asp:TextBox runat="server" ID="txtuserid" MaxLength="12" Width="120" TabIndex="1"></asp:TextBox></asp:TableCell>

        <asp:TableCell Width="180"><asp:RequiredFieldValidator runat="server" ID="useridreq" ControlToValidate="txtuserid" ValidationGroup="fud_login"> * User ID is Required</asp:RequiredFieldValidator> </asp:TableCell>

        </asp:TableRow>

        <asp:TableRow>

        <asp:TableCell Width="50"></asp:TableCell>

        <asp:TableCell Width="120" HorizontalAlign="Right"><asp:Label runat="server" Text="Passowrd:" ID="lblpassword"></asp:Label></asp:TableCell>

        <asp:TableCell Width="120"><asp:TextBox CssClass="pwd" runat="server" ID="txtpassword" MaxLength="12" TextMode="Password" Width="120" TabIndex="2"></asp:TextBox></asp:TableCell>

        <asp:TableCell Width="180"><asp:RequiredFieldValidator runat="server" ID="RequiredFieldValidator1" ControlToValidate="txtpassword" ValidationGroup="fud_login"> * Password is Required</asp:RequiredFieldValidator> </asp:TableCell>

        </asp:TableRow>

        </asp:Table>

        <asp:Table ID="tbllogincontrols" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">

        <asp:TableRow>

        <asp:TableCell Width="100"></asp:TableCell>

        <asp:TableCell Width="300" HorizontalAlign="Center"><asp:Button ID="btnlogin" runat="server" OnClick="btnlogin_OnClick" Text="Login" TabIndex="3" ValidationGroup="fud_login"></asp:Button> <asp:Button ID="btncancel" runat="server" OnClick="btncancel_OnClick" Text="Cancel" TabIndex="4"></asp:Button></asp:TableCell>

        <asp:TableCell Width="150"></asp:TableCell>

        </asp:TableRow>

        </asp:Table>

        <br />

        <asp:Table ID="tbllogindisclaimer" runat="server" HorizontalAlign="Center" borderstyle="None">

        <asp:TableRow HorizontalAlign="Center">

        <asp:TableCell runat="server">

        <asp:Label runat="server" Text="This system is intended to be used solely by authorized users in the 	course of legitimate corporate business." Width="550px" ID="lbllogindisclaimer" ></asp:Label>

        </asp:TableCell>        

        </asp:TableRow>        

        </asp:Table>        

    </div>

    </form>

</body>

</html>
 

login code behind ***

Imports System.Web.Security '   |||||   Required Class for Authentication

Imports System.Data '   |||||   DB Accessing Import

Imports System.Data.SqlClient   '   ||||||  SQL Database Required Import!

Imports System.Configuration    '   ||||||  Required for Web.Config appSettings |||||

Imports System.Security.Cryptography

Partial Class _Default

    Inherits System.Web.UI.Page

    Dim objConn As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("fss_caoConnectionString").ConnectionString)

    Dim objCmd As SqlCommand

    Dim objDR As SqlDataReader

    Dim intMaxLoginAttempts As String

    Sub btnLogin_OnClick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnlogin.Click

        If Page.IsValid Then    '   ||||| Meaning the Control Validation was successful!

            '   |||||   Connect to Database for User Validation |||||

            If (CheckCredentials(txtuserid.Text, txtpassword.Text) = True) Then

                Dim aCookie As New HttpCookie("fud_info")

                aCookie.Values("userid") = txtuserid.Text

                'aCookie.Values("userid") = "@userid"

                'aCookie.Values("accessid") = "@raccessid"

                'aCookie.Values("email") = "@remail"

                'aCookie.Values("lastVisit") = DateTime.Now.ToString()

                aCookie.Expires = DateTime.Now.AddHours(4)

                Response.Cookies.Add(aCookie)

                Response.Redirect("default.aspx")

            Else

                Response.Redirect("failed.aspx")

            End If
 

            '   |||||   Credentials are Invalid

            '   |||||   Increment the LoginCount (attempts)

            Session("LoginCount") = CInt(Session("LoginCount")) + 1

            ' ||||| Determine the Number of Tries

            If Session("LoginCount").Equals(intMaxLoginAttempts) Then

                Response.Redirect("denied.aspx")

            End If
 

            If CInt(Session("LoginCount")) > 2 Then ' ||||| If Exceeds then Deny!

                Response.Redirect("denied.aspx")

            End If
 

        End If

    End Sub

    Sub btncancel_OnClick(ByVal Src As Object, ByVal E As EventArgs)

        txtuserid.Text = ""

        txtpassword.Text = ""

        txtuserid.Focus()

    End Sub

    Function CheckCredentials(ByVal Username As String, ByVal Password As String) As Boolean

        objConn.Open()

        objCmd = New SqlCommand("SELECT salt, pwd_hash FROM tblSecurity1 WHERE userid=@userid", objConn)

        objCmd.Parameters.AddWithValue("@userid", txtuserid.Text)
 

        objDR = objCmd.ExecuteReader

        If Not objDR.Read Then

            Return False

        Else

            Dim strSalt As String = objDR("salt")

            Dim strStoredPassword As String = objDR("pwd_hash")

            Dim strGivenPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(strSalt.Trim & txtPassword.Text, "SHA1")

            Response.Write(strGivenPassword)

            Return strStoredPassword = strGivenPassword

        End If

    End Function

    Protected Sub Page_LoadComplete(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.LoadComplete

        txtuserid.Focus()

    End Sub

End Class
 

web.config ***

<?xml version="1.0"?>

<!-- 

    Note: As an alternative to hand editing this file you can use the 

    web admin tool to configure settings for your application. Use

    the Website->Asp.Net Configuration option in Visual Studio.

    A full list of settings and comments can be found in 

    machine.config.comments usually located in 

    \Windows\Microsoft.Net\Framework\v2.x\Config 

-->

<configuration>

	<configSections>

		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>

					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections><appSettings/>

	<connectionStrings>

		<add name="fss_caoConnectionString" connectionString="Data Source=***;Initial Catalog=***;Persist Security Info=True;User ID=***;Password=***" providerName="System.Data.SqlClient"/>

	</connectionStrings>

	<system.web>

		<!-- 

            Set compilation debug="true" to insert debugging 

            symbols into the compiled page. Because this 

            affects performance, set this value to true only 

            during development.
 

            Visual Basic options:

            Set strict="true" to disallow all data type conversions 

            where data loss can occur. 

            Set explicit="true" to force declaration of all variables.

        -->

		<compilation debug="true" strict="false" explicit="true">

			<assemblies>

				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>

		<pages>

			<namespaces>

				<clear/>

				<add namespace="System"/>

				<add namespace="System.Collections"/>

				<add namespace="System.Collections.Specialized"/>

				<add namespace="System.Configuration"/>

				<add namespace="System.Text"/>

				<add namespace="System.Text.RegularExpressions"/>

				<add namespace="System.Web"/>

				<add namespace="System.Web.Caching"/>

				<add namespace="System.Web.SessionState"/>

				<add namespace="System.Web.Security"/>

				<add namespace="System.Web.Profile"/>

				<add namespace="System.Web.UI"/>

				<add namespace="System.Web.UI.WebControls"/>

				<add namespace="System.Web.UI.WebControls.WebParts"/>

				<add namespace="System.Web.UI.HtmlControls"/>

        <add namespace="System.Net.Mail"/>

			</namespaces>

			<controls>

				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>

		<!--

            The <authentication> section enables configuration 

            of the security authentication mode used by 

            ASP.NET to identify an incoming user. 

        -->

    <authentication mode="Forms">

      <forms loginUrl="login.aspx" defaultUrl="default.aspx" protection="All" timeout="30" path="/">

      </forms>

    </authentication>

    <authorization>

      <deny users="?"/>

    </authorization>

		<!--

            The <customErrors> section enables configuration 

            of what to do if/when an unhandled error occurs 

            during the execution of a request. Specifically, 

            it enables developers to configure html error pages 

            to be displayed in place of a error stack trace.
 

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">

            <error statusCode="403" redirect="NoAccess.htm" />

            <error statusCode="404" redirect="FileNotFound.htm" />

        </customErrors>

        -->

    <machineKey decryption="AES" validation="SHA1" decryptionKey="52A52F89D307B288A9C835F6CB19FBDDDDEBA5D1E3EDC672D4BCD5187CDB4831" validationKey="C1DEE58DA256BAA6E9952D93C09AEB7B3E6E981D4764C3A95E6EEEA4965E4855"/>

    <httpHandlers>

      <remove verb="*" path="*.asmx"/>

      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </httpHandlers>

    <httpModules>

      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </httpModules>

  </system.web>

  <system.net>

    <mailSettings>

      <smtp from="noreply@domain.com">

        <network host="***" password="" userName=""/>

      </smtp>

    </mailSettings>

  </system.net>

  <system.codedom>

    <compilers>

      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">

        <providerOption name="CompilerVersion" value="v3.5"/>

        <providerOption name="WarnAsError" value="false"/>

      </compiler>

      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">

        <providerOption name="CompilerVersion" value="v3.5"/>

        <providerOption name="OptionInfer" value="true"/>

        <providerOption name="WarnAsError" value="false"/>

      </compiler>

    </compilers>

  </system.codedom>

  <system.webServer>

    <validation validateIntegratedModeConfiguration="false"/>

    <modules>

      <remove name="ScriptModule"/>

      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </modules>

    <handlers>

      <remove name="WebServiceHandlerFactory-Integrated"/>

      <remove name="ScriptHandlerFactory"/>

      <remove name="ScriptHandlerFactoryAppServices"/>

      <remove name="ScriptResource"/>

      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </handlers>

  </system.webServer>

  <runtime>

    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

      <dependentAssembly>

        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>

        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>

      </dependentAssembly>

      <dependentAssembly>

        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>

        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>

      </dependentAssembly>

    </assemblyBinding>

  </runtime>

<location path="change_pwd.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>

<location path="failed.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>

<location path="denied.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>  

</configuration>

Open in new window

0
Comment
Question by:woodje
  • 3
  • 2
5 Comments
 
LVL 21

Expert Comment

by:Craig Wagner
ID: 24062099
It's been a while since I did anything with Forms authentication, but if I recall correctly you can't just create any old cookie, you need to create a cookie that the FormAuth infrastructure knows about.

I seem to remember having to call a FormsAuthentication.RedirectFromLoginPage() method in there somewhere that will create the login cookie that allows the FormsAuth infrastructure to detect that the user has gone through the correct login sequence.
0
 

Author Comment

by:woodje
ID: 24063231
Thanks for the response. I have been able to validate that my database lookup is working. And the redirection is working. It looks to be somehthing in the web.config that is not letting it see me as logged in. So it keeps sending me back to the login page. It will redirect to the pages that are outlined in the location section of the web.config file but none that are not listed there. Do I need to put an entry for all other possiblities and lock them down?
<?xml version="1.0"?>

<!-- 

    Note: As an alternative to hand editing this file you can use the 

    web admin tool to configure settings for your application. Use

    the Website->Asp.Net Configuration option in Visual Studio.

    A full list of settings and comments can be found in 

    machine.config.comments usually located in 

    \Windows\Microsoft.Net\Framework\v2.x\Config 

-->

<configuration>

	<configSections>

		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">

					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>

					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>

					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections><appSettings/>

	<connectionStrings>

		<add name="fss_caoConnectionString" connectionString="Data Source=***;Initial Catalog=***;Persist Security Info=True;User ID=***;Password=***" providerName="System.Data.SqlClient"/>

	</connectionStrings>

	<system.web>

		<!-- 

            Set compilation debug="true" to insert debugging 

            symbols into the compiled page. Because this 

            affects performance, set this value to true only 

            during development.
 

            Visual Basic options:

            Set strict="true" to disallow all data type conversions 

            where data loss can occur. 

            Set explicit="true" to force declaration of all variables.

        -->

		<compilation debug="true" strict="false" explicit="true">

			<assemblies>

				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>

				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>

		<pages>

			<namespaces>

				<clear/>

				<add namespace="System"/>

				<add namespace="System.Collections"/>

				<add namespace="System.Collections.Specialized"/>

				<add namespace="System.Configuration"/>

				<add namespace="System.Text"/>

				<add namespace="System.Text.RegularExpressions"/>

				<add namespace="System.Web"/>

				<add namespace="System.Web.Caching"/>

				<add namespace="System.Web.SessionState"/>

				<add namespace="System.Web.Security"/>

				<add namespace="System.Web.Profile"/>

				<add namespace="System.Web.UI"/>

				<add namespace="System.Web.UI.WebControls"/>

				<add namespace="System.Web.UI.WebControls.WebParts"/>

				<add namespace="System.Web.UI.HtmlControls"/>

        <add namespace="System.Net.Mail"/>

			</namespaces>

			<controls>

				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>

		<!--

            The <authentication> section enables configuration 

            of the security authentication mode used by 

            ASP.NET to identify an incoming user. 

        -->

    <authentication mode="Forms">

      <forms loginUrl="login.aspx" protection="All" timeout="30" path="/">

      </forms>

    </authentication>

    <authorization>

      <deny users="*"/>

    </authorization>

		<!--

            The <customErrors> section enables configuration 

            of what to do if/when an unhandled error occurs 

            during the execution of a request. Specifically, 

            it enables developers to configure html error pages 

            to be displayed in place of a error stack trace.
 

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">

            <error statusCode="403" redirect="NoAccess.htm" />

            <error statusCode="404" redirect="FileNotFound.htm" />

        </customErrors>

        -->

    <machineKey decryption="AES" validation="SHA1" decryptionKey="52A52F89D307B288A9C835F6CB19FBDDDDEBA5D1E3EDC672D4BCD5187CDB4831" validationKey="C1DEE58DA256BAA6E9952D93C09AEB7B3E6E981D4764C3A95E6EEEA4965E4855"/>

    <httpHandlers>

      <remove verb="*" path="*.asmx"/>

      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </httpHandlers>

    <httpModules>

      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </httpModules>

  </system.web>

  <system.net>

    <mailSettings>

      <smtp from="noreply@verizonwireless.com">

        <network host="gaalpexmb25.uswin.ad.vzwcorp.com" password="" userName=""/>

      </smtp>

    </mailSettings>

  </system.net>

  <system.codedom>

    <compilers>

      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">

        <providerOption name="CompilerVersion" value="v3.5"/>

        <providerOption name="WarnAsError" value="false"/>

      </compiler>

      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">

        <providerOption name="CompilerVersion" value="v3.5"/>

        <providerOption name="OptionInfer" value="true"/>

        <providerOption name="WarnAsError" value="false"/>

      </compiler>

    </compilers>

  </system.codedom>

  <system.webServer>

    <validation validateIntegratedModeConfiguration="false"/>

    <modules>

      <remove name="ScriptModule"/>

      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </modules>

    <handlers>

      <remove name="WebServiceHandlerFactory-Integrated"/>

      <remove name="ScriptHandlerFactory"/>

      <remove name="ScriptHandlerFactoryAppServices"/>

      <remove name="ScriptResource"/>

      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

    </handlers>

  </system.webServer>

  <runtime>

    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">

      <dependentAssembly>

        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>

        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>

      </dependentAssembly>

      <dependentAssembly>

        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>

        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>

      </dependentAssembly>

    </assemblyBinding>

  </runtime>

<location path="change_pwd.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>

<location path="failed.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>

<location path="denied.aspx">

    <system.web>

      <authorization>

        <allow users="?"/>

      </authorization>

    </system.web>

</location>  

</configuration>

Open in new window

0
 
LVL 21

Expert Comment

by:Craig Wagner
ID: 24063812
You need to call FormsAuthentication.RedirectFromLoginPage() in order to ensure the authCookie is created. There's nothing wrong with your web.config, you are not creating the cookie needed by the FormsAuth infrastructure.
0
 

Author Comment

by:woodje
ID: 24063849
I have tried FormsAuthentication.RedirectFromLoginPage(txtusername.Text, False) and it did nothing to my problem.
0
 
LVL 21

Accepted Solution

by:
Craig Wagner earned 500 total points
ID: 24063942
Referring back to the original code, where did you put the RedirectFromLoginPage call? It should have replaced the Response.Redirect at line 100.

The following might also be causing you a problem. You're telling the system to deny access to everyone.

    <authorization>
      <deny users="*"/>
    </authorization>

I think it should be:

    <authorization>
      <deny users="?"/>
    </authorization>

The ? will deny access to anonymous (unauthenticated) users.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The object model of .Net can be overwhelming at times – so overwhelming that quite trivial tasks often take hours of research. In this case, the task at hand was to populate the datagrid from SQL Server database in Visual Studio 2008 Windows applica…
This document covers how to connect to SQL Server and browse its contents.  It is meant for those new to Visual Studio and/or working with Microsoft SQL Server.  It is not a guide to building SQL Server database connections in your code.  This is mo…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now