iNetBlazer
asked on
Form Authentication and Session Problem
Hello Experts,
I have a form login with password change I've been working on for days and I can't get it right. My job is on the line for this solution. Here the problem:
First time users are to login and be forced to change their password. The user is then taken to a confirmation page. On the confirmation page is a button that will take them to their profile page where they are to update their profile.
My problem appears to be the form is not authenticating the user, the sessions are not passing, and once they click button on the confirmation page the app take the user back to the login vs going to the profile page. Below are my codes. Your help is greatly appreciated. Thank you.
LOGIN ASPX.CS PAGE
protected void LoginOnAuthenticate(object sender, AuthenticateEventArgs e)
{
TextBox userName = (TextBox)LoginUser.FindCon trol("User Name");
TextBox userPassword = (TextBox)LoginUser.FindCon trol("Pass word");
string username = userName.Text;
string password = FormsAuthentication.HashPa sswordForS toringInCo nfigFile(u serPasswor d.Text, "SHA1");
if (Membership.ValidateUser(u sername, password))
{
Session["UserName"] = username;
FirstTimeLoginChecker userInfo = new FirstTimeLoginChecker(user name);
int userId = userInfo.UserId;
int daysSincePwdChange = Convert.ToInt32(DateTime.N ow.Subtrac t(userInfo .LastPassw ordChanged Date).Tota lDays);
if (daysSincePwdChange > SecurityUtility.DefaultPas swordExpir yInDays || userInfo.CreationDate == userInfo.LastPasswordChang edDate || userInfo.CreationDate == DateTime.Now)
{
FormsAuthentication.Redire ctFromLogi nPage(user name, false);
Response.Redirect("~/Accou nt/ChangeP assword.as px");
}
else
{
e.Authenticated = true;
}
CHANGE PASSWORD ASPX.CS PAGE
protected void SubmitButton_Click(object sender, ImageClickEventArgs e)
{
if (Request.QueryString["uid" ] == null || Session["UserName"] != null && Session["UserId"] != null)
{
string userName = Session["UserName"].ToStri ng();
UserPasswordChanger userPswrdChanger = new UserPasswordChanger();
userPswrdChanger.CurrentPa ssword = FormsAuthentication.HashPa sswordForS toringInCo nfigFile(C urrentPass wordTextBo x.Text, "SHA1");
userPswrdChanger.UserName = userName;
//userPswrdChanger.NewPass word = NewPasswordTextBox.Text;
userPswrdChanger.NewPasswo rd = FormsAuthentication.HashPa sswordForS toringInCo nfigFile(N ewPassword TextBox.Te xt, "SHA1");
userPswrdChanger.UserChang ePassword( );
string username = userName;
FirstTimeLoginChecker userInfo = new FirstTimeLoginChecker(user name);
int userId = userInfo.UserId;
if (userPswrdChanger.ErrorMes sage == "")
{
UserRoleRetreiver userRole = new UserRoleRetreiver();
userRole.UserName = userName;
userRole.Administrator = false;
userRole.GetUserRole();
Session["UserId"] = userRole.UserId;
if (userRole.Administrator == false)
{
string whdUser = "WhdUser";
Session["WhdUser"] = whdUser;
}
else
{
string admin = "Admin";
Session["Admin"] = admin;
}
FormsAuthentication.Redire ctFromLogi nPage(user Name, false);
Response.Redirect("ChangeP asswordCon firmation. aspx");
}
}
}
CONFIRMATION ASPX.CS PAGE
protected void Page_Load(object sender, EventArgs e)
{
if (Session["WhdUser"] != null && Session["UserId"] != null || Session["Admin"] != null && Session["UserId"] != null)
{
string username = Session["UserName"].ToStri ng();
FirstTimeLoginChecker userInfo = new FirstTimeLoginChecker(user name);
int userId = userInfo.UserId;
ProfileUpdateChecker checkUserLoginProfile = new ProfileUpdateChecker(userI d, username);
if (checkUserLoginProfile.Upd ateProfile == true)
{
ProfileMsgLabel.Visible = true;
GoToProfileButton.Visible = true;
UserRoleRetreiver userRole = new UserRoleRetreiver();
userRole.UserName = username;
userRole.Administrator = false;
userRole.GetUserRole();
Session["UserId"] = userRole.UserId;
if (userRole.Administrator == false)
{
string whdUser = "WhdUser";
Session["WhdUser"] = whdUser;
}
else
{
string admin = "Admin";
Session["Admin"] = admin;
}
FormsAuthentication.Redire ctFromLogi nPage(user name, false);
}
else
{
////Session.Abandon();
string redirectToLogin = "Login.aspx";
//redirectToLogin = "../Presentation/AdminDefa ult.aspx";
Response.AppendHeader("REF RESH", "5; URL=" + redirectToLogin);
}
}
}
protected void GoToProfileButton_Click(ob ject sender, EventArgs e)
{
Response.Redirect("~/Prese ntation/Mo difyUser.a spx");
}
I have a form login with password change I've been working on for days and I can't get it right. My job is on the line for this solution. Here the problem:
First time users are to login and be forced to change their password. The user is then taken to a confirmation page. On the confirmation page is a button that will take them to their profile page where they are to update their profile.
My problem appears to be the form is not authenticating the user, the sessions are not passing, and once they click button on the confirmation page the app take the user back to the login vs going to the profile page. Below are my codes. Your help is greatly appreciated. Thank you.
LOGIN ASPX.CS PAGE
protected void LoginOnAuthenticate(object
{
TextBox userName = (TextBox)LoginUser.FindCon
TextBox userPassword = (TextBox)LoginUser.FindCon
string username = userName.Text;
string password = FormsAuthentication.HashPa
if (Membership.ValidateUser(u
{
Session["UserName"] = username;
FirstTimeLoginChecker userInfo = new FirstTimeLoginChecker(user
int userId = userInfo.UserId;
int daysSincePwdChange = Convert.ToInt32(DateTime.N
if (daysSincePwdChange > SecurityUtility.DefaultPas
{
FormsAuthentication.Redire
Response.Redirect("~/Accou
}
else
{
e.Authenticated = true;
}
CHANGE PASSWORD ASPX.CS PAGE
protected void SubmitButton_Click(object sender, ImageClickEventArgs e)
{
if (Request.QueryString["uid"
{
string userName = Session["UserName"].ToStri
UserPasswordChanger userPswrdChanger = new UserPasswordChanger();
userPswrdChanger.CurrentPa
userPswrdChanger.UserName = userName;
//userPswrdChanger.NewPass
userPswrdChanger.NewPasswo
userPswrdChanger.UserChang
string username = userName;
FirstTimeLoginChecker userInfo = new FirstTimeLoginChecker(user
int userId = userInfo.UserId;
if (userPswrdChanger.ErrorMes
{
UserRoleRetreiver userRole = new UserRoleRetreiver();
userRole.UserName = userName;
userRole.Administrator = false;
userRole.GetUserRole();
Session["UserId"] = userRole.UserId;
if (userRole.Administrator == false)
{
string whdUser = "WhdUser";
Session["WhdUser"] = whdUser;
}
else
{
string admin = "Admin";
Session["Admin"] = admin;
}
FormsAuthentication.Redire
Response.Redirect("ChangeP
}
}
}
CONFIRMATION ASPX.CS PAGE
protected void Page_Load(object sender, EventArgs e)
{
if (Session["WhdUser"] != null && Session["UserId"] != null || Session["Admin"] != null && Session["UserId"] != null)
{
string username = Session["UserName"].ToStri
FirstTimeLoginChecker userInfo = new FirstTimeLoginChecker(user
int userId = userInfo.UserId;
ProfileUpdateChecker checkUserLoginProfile = new ProfileUpdateChecker(userI
if (checkUserLoginProfile.Upd
{
ProfileMsgLabel.Visible = true;
GoToProfileButton.Visible = true;
UserRoleRetreiver userRole = new UserRoleRetreiver();
userRole.UserName = username;
userRole.Administrator = false;
userRole.GetUserRole();
Session["UserId"] = userRole.UserId;
if (userRole.Administrator == false)
{
string whdUser = "WhdUser";
Session["WhdUser"] = whdUser;
}
else
{
string admin = "Admin";
Session["Admin"] = admin;
}
FormsAuthentication.Redire
}
else
{
////Session.Abandon();
string redirectToLogin = "Login.aspx";
//redirectToLogin = "../Presentation/AdminDefa
Response.AppendHeader("REF
}
}
}
protected void GoToProfileButton_Click(ob
{
Response.Redirect("~/Prese
}
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
My web config is set as follows;
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login. aspx" timeout ="15" defaultUrl="~/Presentation /AdminDefa ult.aspx" slidingExpiration="true" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
You will have to make changes as suggested in #2 of my last comment.
ASKER
ok, I'll make the change and test. Give me a little time to get back to you because the PM put me on another part of the project for a quick fix.
ASKER
guru_sami,
I apologize for the delay in getting back to you. The project is in testing and my PM pulled me away to correct testing errors. All is well. Now back to this problem. Your solution works. I appreciate your help. Again, sorry about the delayed response.
I apologize for the delay in getting back to you. The project is in testing and my PM pulled me away to correct testing errors. All is well. Now back to this problem. Your solution works. I appreciate your help. Again, sorry about the delayed response.
ASKER
Thank You.
ASKER
In regards to my earlier post I also tried the below and the page continue to send back to the login page. see below.
protected void GoToProfileButton_Click(ob
{
string username = Session["UserName"].ToStri
string whdUser = "WhdUser";
Session["WhdUser"] = whdUser;
string admin = "Admin";
Session["Admin"] = admin;
FirstTimeLoginChecker userInfo = new FirstTimeLoginChecker(user
int userId = userInfo.UserId;
Session["UserId"] = userId;
FormsAuthentication.Redire
Response.Redirect("~/Prese
}
I also set the web config to below;
<location path="Presentation/ModifyU
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
Need help, please.