Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 382
  • Last Modified:

FormsAuthentication.Authenticate authenticates but doesn't redirect

Hi,
I have an asp.net application in whose pages are free to view to every one however in it I have added a folder called "Demo" that needs protection and a login page.

In my web.config i have:

    <authentication mode="Forms" >
      <forms loginUrl="Admin.aspx" defaultUrl="DemoFolder/Demo.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
        <credentials passwordFormat="Clear">
          <user name="joe" password="test" />
        </credentials>
      </forms>
    </authentication>

In the location section I have:

  <location path="Demo">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

And in my login_click() event I have:

            if (FormsAuthentication.Authenticate(txtUserName.Text, txtPassword.Text))
            {
                Response.Redirect("~/DemoFolder/Demo.aspx");    
            }
            else
            {
                Msg.Text = "Login failed. Please check your user name and password and try again.";
            }

The Authenticate method definitely works because if I put the wrong passowrkd the Msg.Text will be executed. I have very similar code elsewhere and it works.

Any ideas welcome.
0
ilyrian
Asked:
ilyrian
1 Solution
 
YiogiCommented:
Everything looks ok to me, except from the fact that you don't set your authentication cookie anywhere. Since you have a set url to redirect to and you don't want to use RedirectFromLoginPage method you should manually set the cookie. So before Response.Redirect please add this line:

        FormsAuthentication.SetAuthCookie(userName, false);

You can replace false with true to persist the authentication cookie for 50 years. RedirectFromLoginPage sets the cookie for you but you are not using it.
0
 
ilyrianAuthor Commented:
Spot on Yiogi, I know it was something to do with the Authentication cookie but it was not doing it for me. You line of code was all that was missing.
Thanks
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now