Solved

Unable to login using Forms authentication mode

Posted on 2009-05-07
11
601 Views
Last Modified: 2013-11-05
Hi experts,

I've a small website that required admin log in to manage the content. First deployment, the website put into the URL: www.abc.com/test/admin/login.aspx, this work correctly.

Then I create a sub-domain and put my code into, then brow the URL: test.abc.com/admin/login.aspx, same username/password, same database, but unable to login to the administration module.

The web.config content:

<authentication mode="Forms">
      <forms name="form1" loginUrl="admin/login.aspx" protection="All" path="/" requireSSL="false" slidingExpiration="true" cookieless="UseCookies"/>
    </authentication>

Please help me to resolve it.
D.
0
Comment
Question by:dungla
  • 6
  • 5
11 Comments
 
LVL 29

Expert Comment

by:David H.H.Lee
ID: 24333089
Hi dungla,
So what is the error returned? Can you post the detailed errors here?
Lastly, post your application hierarchy here if something is diver from the original domain.
0
 
LVL 13

Author Comment

by:dungla
ID: 24333104
There is no error, when I input the correct information (username/password) nothing happen to login form (still there)
0
 
LVL 29

Expert Comment

by:David H.H.Lee
ID: 24333123
Quick check, try register -aspnet_regiis -i or copy "aspnet_client" folder under your sub-domain. It could be that JS configurations file problem.
0
 
LVL 13

Author Comment

by:dungla
ID: 24333129
I can't, because permission from hosting server is not allow me to do that. But I will ask them to do that
0
 
LVL 29

Expert Comment

by:David H.H.Lee
ID: 24333139
Ok, ask them to grant same settings that perform under your main domain. That should did the trick.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 13

Author Comment

by:dungla
ID: 24333152
Thanks you x_com, I will. Feedback later
0
 
LVL 29

Expert Comment

by:David H.H.Lee
ID: 24333165
Ok, no problem dungla.
0
 
LVL 13

Author Comment

by:dungla
ID: 24363117
Hi x_com,

Your solution don't work. They said that maybe the problem is the code.

I attached the code as well for your reference.
-- Login.aspx

<form id="form1" runat="server"> 

                <table width="585px" border="0" cellspacing="0" cellpadding="0">

                    <tr>

                        <td style="font:bold 15px/35px tahoma; text-align:center;">ng nh­p</td>

                    </tr>

                    

                    <tr>

                        <td>

                            <div>

                                <asp:Login ID="Login1" runat="server" FailureText="Incorrect information"

                                    PasswordLabelText="Password:" PasswordRequiredErrorMessage="Password cannot be blank."

                                    RememberMeText="Remember" TitleText="" UserNameLabelText="Username:"

                                    UserNameRequiredErrorMessage="Username cannot be blank." OnAuthenticate="Login1_Authenticate" DisplayRememberMe="False" 

                                    LoginButtonText="Login" LoginButtonStyle-CssClass="admin_login_button">

                                </asp:Login>

                            </div>

                        </td>

                    </tr>

                    <tr>

                        <td></td>

                        <td>

                        <asp:Label ID="Label1" runat="server" Text="" ForeColor="red"></asp:Label></td>

                        <td></td>

                    </tr> 

                </table>

            </form>
 

-- Login.aspx.cs

public partial class Admin_Login : System.Web.UI.Page

{

    protected void Page_Load(object sender, EventArgs e)

    {

        string text2 = base.Request.QueryString["username"];

        string text3 = base.Request.QueryString["password"];

        if ((Request.QueryString["member"] != null)

            && (text2 != null) && (text3 != null))

        {

            CheckAuthenticateMember();

        }

        else if ((text2 != null) && (text3 != null))

        {

            CheckAuthenticate();

        }

    }
 

    protected void logoff()

    {

        FormsAuthentication.SignOut();

    }

    

    void CheckAuthenticate()

    {

        object[] objs = new object[] { Login1.UserName };

        DataTable dataTable1 = Common.List("SELECT * FROM [Memberships] where actived=1 and Username=? ", objs, "Memmberships");

        if (dataTable1.Rows.Count > 0)

        {

            if(dataTable1.Rows[0]["password"].ToString() != Login1.Password) return;

            

            string strMembershipsID = dataTable1.Rows[0]["MembershipsID"].ToString();

            string name = dataTable1.Rows[0]["Username"].ToString();

            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, name, DateTime.Now, DateTime.Now.AddMinutes(60), true, "admin");

            string text2 = FormsAuthentication.Encrypt(ticket);

            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, text2);

            base.Response.Cookies.Add(cookie);
 

            Session["UserID"] = strMembershipsID;

            Session["UserName"] = name.Trim().ToLower();

            //roles: new, product, infomation, membership, uploadfile, contact, ad

            Session["new"] = dataTable1.Rows[0]["new"] == DBNull.Value ? 0 : Convert.ToInt32(dataTable1.Rows[0]["new"]);

            Session["product"] = dataTable1.Rows[0]["product"] == DBNull.Value ? 0 : Convert.ToInt32(dataTable1.Rows[0]["product"]);

            Session["infomation"] = dataTable1.Rows[0]["infomation"] == DBNull.Value ? 0 : Convert.ToInt32(dataTable1.Rows[0]["infomation"]);

            Session["membership"] = dataTable1.Rows[0]["membership"] == DBNull.Value ? 0 : Convert.ToInt32(dataTable1.Rows[0]["membership"]);

            Session["uploadfile"] = dataTable1.Rows[0]["uploadfile"] == DBNull.Value ? 0 : Convert.ToInt32(dataTable1.Rows[0]["uploadfile"]);

            Session["contact"] = dataTable1.Rows[0]["contact"] == DBNull.Value ? 0 : Convert.ToInt32(dataTable1.Rows[0]["contact"]);

            Session["ad"] = dataTable1.Rows[0]["ad"] == DBNull.Value ? 0 : Convert.ToInt32(dataTable1.Rows[0]["ad"]);

            Session["fly"] = dataTable1.Rows[0]["fly"] == DBNull.Value ? 0 : Convert.ToInt32(dataTable1.Rows[0]["fly"]);

            Session["khoahoc"] = dataTable1.Rows[0]["khoahoc"] == DBNull.Value ? 0 : Convert.ToInt32(dataTable1.Rows[0]["khoahoc"]);

            Session["register"] = dataTable1.Rows[0]["register"] == DBNull.Value ? 0 : Convert.ToInt32(dataTable1.Rows[0]["register"]);

            Session["event"] = dataTable1.Rows[0]["event"] == DBNull.Value ? 0 : Convert.ToInt32(dataTable1.Rows[0]["event"]);

            

            string url = FormsAuthentication.GetRedirectUrl(name, true);

            if (url.EndsWith("default.aspx"))

            {

                url = "default.aspx";

            }

            Response.Redirect(url, true);

        }

        else

        {

            if (Request.QueryString["member"] == null)

            {

                Login1.FailureText = "Không úng thông tin ng nh­p. Hãy ng nh­p l¡i.";

            }

        }
 
 

    }
 

    void CheckAuthenticateMember()

    {

        object[] objs = new object[] { Login1.UserName, Login1.Password };

        DataTable dtmChk = Common.List("SELECT usersID,Username FROM [users] where actived=1 and Username=? and password=?", objs, "Memmberships");

        

        DataTable dataTable1 = Common.List("SELECT usersID,Username FROM [users] where actived=1 and Username=? and password=? and (ExpiredDate is not null) and (DATEDIFF(day,getdate(),ExpiredDate )>=0)", objs, "Memmberships");

        if (dtmChk.Rows.Count==1 && dataTable1.Rows.Count==0)

        {

            Login1.FailureText = "Expired";

            return;

        }

                if (dtmChk.Rows.Count == 1 && dataTable1.Rows.Count > 0)

        {

            string strusersID = dataTable1.Rows[0]["usersID"].ToString();

            string name = dataTable1.Rows[0]["Username"].ToString();

            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, name, DateTime.Now, DateTime.Now.AddMinutes(60), true, "admin");

            string text2 = FormsAuthentication.Encrypt(ticket);

            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, text2);

            base.Response.Cookies.Add(cookie);
 

            Session["UserID"] = strusersID;

            Session["UserName"] = name.Trim().ToLower();

            

            string url = FormsAuthentication.GetRedirectUrl(name, true);

            if (url.EndsWith("default.aspx"))

            {

                url = "../member/member_record.aspx?MenuSelected=member&UsersID=" + strusersID;

            }

            Response.Redirect(url, true);

        }

    }

    

    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)

    {

        if ((Request.QueryString["member"] != null))

        {

            CheckAuthenticateMember();

        }

        else 

        {

            CheckAuthenticate();

        }

    }

}

Open in new window

0
 
LVL 29

Accepted Solution

by:
David H.H.Lee earned 250 total points
ID: 24392352
Hi dungla,
Sorry for the delay reply.
Ok, try check these following steps to resolve this problem:
1. check their .net framework version that used
2. put the existing code intro try/catch block to inspect further errors.
eg:
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
       try{
 
      if ((Request.QueryString["member"] != null))
        {
            CheckAuthenticateMember();
        }
        else
        {
            CheckAuthenticate();
        }

       }catch (Exception e){
           Response.write("error: " + e.ToString());
        }  
    }
3. check any different configurations or permissions settings that not same with main domain?
4. try check if a simple Response.redirect() work in the application.
eg:
protected void Page_Load(object sender, EventArgs e)
  Response.redirect("http://google.com",false);
}
0
 
LVL 13

Author Comment

by:dungla
ID: 24392379
Hosting using asp.net 2.0. I'll try your way later when back to my desk
0
 
LVL 29

Expert Comment

by:David H.H.Lee
ID: 24392386
Ok, no problem.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
getting id from database 5 37
Asp.net mvc foreach 3 35
Allow space in this pattern 2 49
Error on Add method 1 38
Introduction HyperText Transfer Protocol (http://www.ietf.org/rfc/rfc2616.txt) or "HTTP" is the underpinning of internet communication.  As a teacher of web development I have heard many questions, mostly from my younger students who have come to t…
What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now