Solved

Login problems with forms authentication

Posted on 2009-04-03
5
9,174 Views
Last Modified: 2013-11-07
I am using forms authentication and a login form. I am entering the credentials correctly. However when I press the login button it seems to act like it is logging in however it doesn't go to the default.aspx page. I get this in the url "http://localhost/fv2/fv2/login.aspx?ReturnUrl=%2ffv2%2ffv2%2fdefault.aspx". I am including the code for the login page and the code behind. As well as the web.config contents. Any help you can give me would be great. Thanks in advance.
login form***
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="login.aspx.vb" Inherits="_Default" %>
<%@ mastertype virtualpath="fud.master" %>
<%@ import namespace="System.Data" %>
<%@ import namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Web.Security" %>
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>FUD Login</title>
     <link rel="stylesheet" href="scr/coolstyle.css" type="text/css" />
</head>
<body>
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <br />
    <form id="frmlogin" method="post" runat="server" >
        <asp:SqlDataSource ID="ds_login" runat="server" ConnectionString="<%$ ConnectionStrings:fss_caoConnectionString %>" SelectCommand="sp_loginvalidator" SelectCommandType="StoredProcedure">
            <SelectParameters>
                <asp:FormParameter DefaultValue="" FormField="txtuserid" Name="UserID" Type="String" />
                <asp:FormParameter FormField="txtpassword" Name="Password" Type="String" DefaultValue="" />
            </SelectParameters>
        </asp:SqlDataSource>
        <asp:Label ID="lblMessage" runat="server" Width="149px"></asp:Label>&nbsp;<asp:Label ID="lblMessage2" runat="server" Width="157px"></asp:Label><div>
        <asp:Table ID="tblloginheader" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">
        <asp:TableRow runat="server" HorizontalAlign="Center">
        <asp:TableCell runat="server">
        <asp:Label runat="server" CssClass="largetitle" Text="F U D Login" Width="550px" ID="lblloginheader" ></asp:Label>
        </asp:TableCell>        
        </asp:TableRow>        
        </asp:Table>
        <br />
        <asp:Table Id="tblloginbody" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">            
        <asp:TableRow>
        <asp:TableCell Width="50"></asp:TableCell>
        <asp:TableCell Width="120" HorizontalAlign="Right"><asp:Label runat="server" Text="User ID:" ID="lbluserid"></asp:Label></asp:TableCell>
        <asp:TableCell Width="120"><asp:TextBox runat="server" ID="txtuserid" MaxLength="12" Width="120" TabIndex="1"></asp:TextBox></asp:TableCell>
        <asp:TableCell Width="180"><asp:RequiredFieldValidator runat="server" ID="useridreq" ControlToValidate="txtuserid" ValidationGroup="fud_login"> * User ID is Required</asp:RequiredFieldValidator> </asp:TableCell>
        </asp:TableRow>
        <asp:TableRow>
        <asp:TableCell Width="50"></asp:TableCell>
        <asp:TableCell Width="120" HorizontalAlign="Right"><asp:Label runat="server" Text="Passowrd:" ID="lblpassword"></asp:Label></asp:TableCell>
        <asp:TableCell Width="120"><asp:TextBox CssClass="pwd" runat="server" ID="txtpassword" MaxLength="12" TextMode="Password" Width="120" TabIndex="2"></asp:TextBox></asp:TableCell>
        <asp:TableCell Width="180"><asp:RequiredFieldValidator runat="server" ID="RequiredFieldValidator1" ControlToValidate="txtpassword" ValidationGroup="fud_login"> * Password is Required</asp:RequiredFieldValidator> </asp:TableCell>
        </asp:TableRow>
        </asp:Table>
        <asp:Table ID="tbllogincontrols" runat="server" HorizontalAlign="Center" Width="550" BorderStyle="None">
        <asp:TableRow>
        <asp:TableCell Width="100"></asp:TableCell>
        <asp:TableCell Width="300" HorizontalAlign="Center"><asp:Button ID="btnlogin" runat="server" OnClick="btnlogin_OnClick" Text="Login" TabIndex="3" ValidationGroup="fud_login"></asp:Button> <asp:Button ID="btncancel" runat="server" OnClick="btncancel_OnClick" Text="Cancel" TabIndex="4"></asp:Button></asp:TableCell>
        <asp:TableCell Width="150"></asp:TableCell>
        </asp:TableRow>
        </asp:Table>
        <br />
        <asp:Table ID="tbllogindisclaimer" runat="server" HorizontalAlign="Center" borderstyle="None">
        <asp:TableRow HorizontalAlign="Center">
        <asp:TableCell runat="server">
        <asp:Label runat="server" Text="This system is intended to be used solely by authorized users in the 	course of legitimate corporate business." Width="550px" ID="lbllogindisclaimer" ></asp:Label>
        </asp:TableCell>        
        </asp:TableRow>        
        </asp:Table>        
    </div>
    </form>
</body>
</html>
 
login code behind ***
Imports System.Web.Security '   |||||   Required Class for Authentication
Imports System.Data '   |||||   DB Accessing Import
Imports System.Data.SqlClient   '   ||||||  SQL Database Required Import!
Imports System.Configuration    '   ||||||  Required for Web.Config appSettings |||||
Imports System.Security.Cryptography
Partial Class _Default
    Inherits System.Web.UI.Page
    Dim objConn As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("fss_caoConnectionString").ConnectionString)
    Dim objCmd As SqlCommand
    Dim objDR As SqlDataReader
    Dim intMaxLoginAttempts As String
    Sub btnLogin_OnClick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnlogin.Click
        If Page.IsValid Then    '   ||||| Meaning the Control Validation was successful!
            '   |||||   Connect to Database for User Validation |||||
            If (CheckCredentials(txtuserid.Text, txtpassword.Text) = True) Then
                Dim aCookie As New HttpCookie("fud_info")
                aCookie.Values("userid") = txtuserid.Text
                'aCookie.Values("userid") = "@userid"
                'aCookie.Values("accessid") = "@raccessid"
                'aCookie.Values("email") = "@remail"
                'aCookie.Values("lastVisit") = DateTime.Now.ToString()
                aCookie.Expires = DateTime.Now.AddHours(4)
                Response.Cookies.Add(aCookie)
                Response.Redirect("default.aspx")
            Else
                Response.Redirect("failed.aspx")
            End If
 
            '   |||||   Credentials are Invalid
            '   |||||   Increment the LoginCount (attempts)
            Session("LoginCount") = CInt(Session("LoginCount")) + 1
            ' ||||| Determine the Number of Tries
            If Session("LoginCount").Equals(intMaxLoginAttempts) Then
                Response.Redirect("denied.aspx")
            End If
 
            If CInt(Session("LoginCount")) > 2 Then ' ||||| If Exceeds then Deny!
                Response.Redirect("denied.aspx")
            End If
 
        End If
    End Sub
    Sub btncancel_OnClick(ByVal Src As Object, ByVal E As EventArgs)
        txtuserid.Text = ""
        txtpassword.Text = ""
        txtuserid.Focus()
    End Sub
    Function CheckCredentials(ByVal Username As String, ByVal Password As String) As Boolean
        objConn.Open()
        objCmd = New SqlCommand("SELECT salt, pwd_hash FROM tblSecurity1 WHERE userid=@userid", objConn)
        objCmd.Parameters.AddWithValue("@userid", txtuserid.Text)
 
        objDR = objCmd.ExecuteReader
        If Not objDR.Read Then
            Return False
        Else
            Dim strSalt As String = objDR("salt")
            Dim strStoredPassword As String = objDR("pwd_hash")
            Dim strGivenPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(strSalt.Trim & txtPassword.Text, "SHA1")
            Response.Write(strGivenPassword)
            Return strStoredPassword = strGivenPassword
        End If
    End Function
    Protected Sub Page_LoadComplete(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.LoadComplete
        txtuserid.Focus()
    End Sub
End Class
 
web.config ***
<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
	<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections><appSettings/>
	<connectionStrings>
		<add name="fss_caoConnectionString" connectionString="Data Source=***;Initial Catalog=***;Persist Security Info=True;User ID=***;Password=***" providerName="System.Data.SqlClient"/>
	</connectionStrings>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
 
            Visual Basic options:
            Set strict="true" to disallow all data type conversions 
            where data loss can occur. 
            Set explicit="true" to force declaration of all variables.
        -->
		<compilation debug="true" strict="false" explicit="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
		<pages>
			<namespaces>
				<clear/>
				<add namespace="System"/>
				<add namespace="System.Collections"/>
				<add namespace="System.Collections.Specialized"/>
				<add namespace="System.Configuration"/>
				<add namespace="System.Text"/>
				<add namespace="System.Text.RegularExpressions"/>
				<add namespace="System.Web"/>
				<add namespace="System.Web.Caching"/>
				<add namespace="System.Web.SessionState"/>
				<add namespace="System.Web.Security"/>
				<add namespace="System.Web.Profile"/>
				<add namespace="System.Web.UI"/>
				<add namespace="System.Web.UI.WebControls"/>
				<add namespace="System.Web.UI.WebControls.WebParts"/>
				<add namespace="System.Web.UI.HtmlControls"/>
        <add namespace="System.Net.Mail"/>
			</namespaces>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <authentication mode="Forms">
      <forms loginUrl="login.aspx" defaultUrl="default.aspx" protection="All" timeout="30" path="/">
      </forms>
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
 
        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    <machineKey decryption="AES" validation="SHA1" decryptionKey="52A52F89D307B288A9C835F6CB19FBDDDDEBA5D1E3EDC672D4BCD5187CDB4831" validationKey="C1DEE58DA256BAA6E9952D93C09AEB7B3E6E981D4764C3A95E6EEEA4965E4855"/>
    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>
    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>
  </system.web>
  <system.net>
    <mailSettings>
      <smtp from="noreply@domain.com">
        <network host="***" password="" userName=""/>
      </smtp>
    </mailSettings>
  </system.net>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="OptionInfer" value="true"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
    </compilers>
  </system.codedom>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>
    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </handlers>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
<location path="change_pwd.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="failed.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="denied.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>  
</configuration>

Open in new window

0
Comment
Question by:woodje
  • 3
  • 2
5 Comments
 
LVL 21

Expert Comment

by:Craig Wagner
ID: 24062099
It's been a while since I did anything with Forms authentication, but if I recall correctly you can't just create any old cookie, you need to create a cookie that the FormAuth infrastructure knows about.

I seem to remember having to call a FormsAuthentication.RedirectFromLoginPage() method in there somewhere that will create the login cookie that allows the FormsAuth infrastructure to detect that the user has gone through the correct login sequence.
0
 

Author Comment

by:woodje
ID: 24063231
Thanks for the response. I have been able to validate that my database lookup is working. And the redirection is working. It looks to be somehthing in the web.config that is not letting it see me as logged in. So it keeps sending me back to the login page. It will redirect to the pages that are outlined in the location section of the web.config file but none that are not listed there. Do I need to put an entry for all other possiblities and lock them down?
<?xml version="1.0"?>
<!-- 
    Note: As an alternative to hand editing this file you can use the 
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in 
    machine.config.comments usually located in 
    \Windows\Microsoft.Net\Framework\v2.x\Config 
-->
<configuration>
	<configSections>
		<sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
			<sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
				<section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
				<sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35">
					<section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/>
					<section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/>
					<section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/></sectionGroup></sectionGroup></sectionGroup></configSections><appSettings/>
	<connectionStrings>
		<add name="fss_caoConnectionString" connectionString="Data Source=***;Initial Catalog=***;Persist Security Info=True;User ID=***;Password=***" providerName="System.Data.SqlClient"/>
	</connectionStrings>
	<system.web>
		<!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
 
            Visual Basic options:
            Set strict="true" to disallow all data type conversions 
            where data loss can occur. 
            Set explicit="true" to force declaration of all variables.
        -->
		<compilation debug="true" strict="false" explicit="true">
			<assemblies>
				<add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
				<add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies></compilation>
		<pages>
			<namespaces>
				<clear/>
				<add namespace="System"/>
				<add namespace="System.Collections"/>
				<add namespace="System.Collections.Specialized"/>
				<add namespace="System.Configuration"/>
				<add namespace="System.Text"/>
				<add namespace="System.Text.RegularExpressions"/>
				<add namespace="System.Web"/>
				<add namespace="System.Web.Caching"/>
				<add namespace="System.Web.SessionState"/>
				<add namespace="System.Web.Security"/>
				<add namespace="System.Web.Profile"/>
				<add namespace="System.Web.UI"/>
				<add namespace="System.Web.UI.WebControls"/>
				<add namespace="System.Web.UI.WebControls.WebParts"/>
				<add namespace="System.Web.UI.HtmlControls"/>
        <add namespace="System.Net.Mail"/>
			</namespaces>
			<controls>
				<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
				<add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/></controls></pages>
		<!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <authentication mode="Forms">
      <forms loginUrl="login.aspx" protection="All" timeout="30" path="/">
      </forms>
    </authentication>
    <authorization>
      <deny users="*"/>
    </authorization>
		<!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
 
        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
    <machineKey decryption="AES" validation="SHA1" decryptionKey="52A52F89D307B288A9C835F6CB19FBDDDDEBA5D1E3EDC672D4BCD5187CDB4831" validationKey="C1DEE58DA256BAA6E9952D93C09AEB7B3E6E981D4764C3A95E6EEEA4965E4855"/>
    <httpHandlers>
      <remove verb="*" path="*.asmx"/>
      <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add verb="GET,HEAD" path="ScriptResource.axd" validate="false" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpHandlers>
    <httpModules>
      <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </httpModules>
  </system.web>
  <system.net>
    <mailSettings>
      <smtp from="noreply@verizonwireless.com">
        <network host="gaalpexmb25.uswin.ad.vzwcorp.com" password="" userName=""/>
      </smtp>
    </mailSettings>
  </system.net>
  <system.codedom>
    <compilers>
      <compiler language="c#;cs;csharp" extension=".cs" type="Microsoft.CSharp.CSharpCodeProvider,System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
      <compiler language="vb;vbs;visualbasic;vbscript" extension=".vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" warningLevel="4">
        <providerOption name="CompilerVersion" value="v3.5"/>
        <providerOption name="OptionInfer" value="true"/>
        <providerOption name="WarnAsError" value="false"/>
      </compiler>
    </compilers>
  </system.codedom>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules>
      <remove name="ScriptModule"/>
      <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </modules>
    <handlers>
      <remove name="WebServiceHandlerFactory-Integrated"/>
      <remove name="ScriptHandlerFactory"/>
      <remove name="ScriptHandlerFactoryAppServices"/>
      <remove name="ScriptResource"/>
      <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </handlers>
  </system.webServer>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/>
        <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/>
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
<location path="change_pwd.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="failed.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>
<location path="denied.aspx">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
</location>  
</configuration>

Open in new window

0
 
LVL 21

Expert Comment

by:Craig Wagner
ID: 24063812
You need to call FormsAuthentication.RedirectFromLoginPage() in order to ensure the authCookie is created. There's nothing wrong with your web.config, you are not creating the cookie needed by the FormsAuth infrastructure.
0
 

Author Comment

by:woodje
ID: 24063849
I have tried FormsAuthentication.RedirectFromLoginPage(txtusername.Text, False) and it did nothing to my problem.
0
 
LVL 21

Accepted Solution

by:
Craig Wagner earned 500 total points
ID: 24063942
Referring back to the original code, where did you put the RedirectFromLoginPage call? It should have replaced the Response.Redirect at line 100.

The following might also be causing you a problem. You're telling the system to deny access to everyone.

    <authorization>
      <deny users="*"/>
    </authorization>

I think it should be:

    <authorization>
      <deny users="?"/>
    </authorization>

The ? will deny access to anonymous (unauthenticated) users.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

IP addresses can be stored in a database in any of several ways.  These ways may vary based on the volume of the data.  I was dealing with quite a large amount of data for user authentication purpose, and needed a way to minimize the storage.   …
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question