Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

form authentication using web.config

Status
Not open for further replies.
Govnor

Govnor

Technical User
Sep 3, 2002
55
GB
Hi,

I am trying to use the following code to make a form


<form name="Frm_login" method="post" runat="server">
<P align="center">Login Page</P>
<P align="center">
<TABLE id="Table1" cellSpacing="1" cols="2" cellPadding="1" width="300" align="center"
border="0">
<TR>
<TD>Username</TD>
<TD><asp:textbox id="Txt_userName" runat="server"></asp:textbox></TD>
</TR>
<TR>
<TD>Password
</TD>
<TD>
<asp:TextBox id="Txt_passWord" runat="server" TextMode="Password"></asp:TextBox></TD>
</TR>
</TABLE>
</P>
<P align="center"><asp:button id="Submit" runat="server" Text="Submit"></asp:button></P>
<P align="center">&nbsp;</P>
<P align="center">
<asp:Label id="Lbl_info" runat="server" Width="218px"></asp:Label></P>
</form>




then use the web.config file to make validation and redirect work work using the following code

<authentication mode="Forms">
<forms name="Frm_login" loginUrl="admin.aspx"
protection="All" timeout="60" />
</authentication>


but it does not work can anyone see my error...

Thanks
 
Sort by date Sort by votes
sorry more info

Private Sub Submit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Submit.Click
Dim ConnectionString As String
ConnectionString = System.Configuration.ConfigurationSettings.AppSettings("ConnectionString")
Connection = New SqlConnection(ConnectionString)
Connection.Open()

Dim CmdCommand As SqlCommand
're copy this - enter select statment or "sp" here into a string or run sp straight
Dim strSQL As String = "select password from login where username ='" & Txt_userName.Text & "'"
CmdCommand = New SqlCommand(strSQL, Connection)
Dim dr As SqlDataReader = CmdCommand.ExecuteReader(CommandBehavior.CloseConnection)
If dr.Read() Then
If dr("password").ToString = Txt_passWord.Text Then
'FormsAuthentication.RedirectFromLoginPage(Txt_userName.Text, False)
Lbl_info.Text = "correct pass and user"
Else
Lbl_info.Text = "invalid password"
End If
Else
Lbl_info.Text = "invalid username"
End If
dr.Close()


Connection.Close()
End Sub
End Class
 
Upvote 0 Downvote
what exactly doesn't work? do you get an error? is the sql command correct with respect to your database?


--------------------------
"two wrongs don't make a right, but three lefts do" - the unknown sage
 
Upvote 0 Downvote
Hi,

Well when I Login using the form “Frm_login” It checks my username and password against the database, which works successfully.

What I want is the Web.Config file to do the redirect and make my page work with SSL i.e. I can type https:// for the URL

What happens is when I login successfully using the http:// it redirects be to a default.aspx page but I want to redirect to the admin.aspx also when I type in https:// it gives me a page cannot be displayed.

So hence SSL does not work, and the redirect in the web.config file does not work.

This is the login.aspx page (I have cut out the unnecessary code so it is easier to read)

<form name="Frm_login" method="post" runat="server">
<asp:textbox id="Txt_userName" runat="server"></asp:textbox>
<asp:TextBox id="Txt_passWord" runat="server" TextMode="Password"></asp:TextBox
<asp:button id="Submit" runat="server" Text="Submit"></asp:button>
<asp:Label id="Lbl_info" runat="server" Width="218px"></asp:Label>
</form>

This is the login.aspx.vb page (I have cut out the unnecessary code so it is easier to read)

Private Sub Submit_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Submit.Click

Dim strSQL As String = "select password from login where username ='" & Txt_userName.Text & "'"
CmdCommand = New SqlCommand(strSQL, Connection)
Dim dr As SqlDataReader = CmdCommand.ExecuteReader(CommandBehavior.CloseConnection)
If dr.Read() Then
If dr("password").ToString = Txt_passWord.Text Then
FormsAuthentication.RedirectFromLoginPage(Txt_userName.Text, False)
Else
Lbl_info.Text = "invalid password"
End If
Else
Lbl_info.Text = "invalid username"
End If
dr.Close()

End Sub

This is the web.config page (I have cut out the unnecessary code so it is easier to read)

<authentication mode="Forms">
<forms name="Frm_login" loginUrl="admin.aspx"
protection="All" timeout="60"
requireSSL="true"/>
</authentication>
 
Upvote 0 Downvote
so what you basically want to do is to redirect to a secure site (SSL) ?

--------------------------
"two wrongs don't make a right, but three lefts do" - the unknown sage
 
Upvote 0 Downvote
I want users to login using a secure webpage (SSL webpage) and all the config file to redirect on a successful login
 
Upvote 0 Downvote
then you need to configure IIS to use a secure port for the login page and this alone should do

--------------------------
"two wrongs don't make a right, but three lefts do" - the unknown sage
 
Upvote 0 Downvote
Hello...

Im also trying to understand forms authentication, i have susses out using the web.config file to store the usernames / passwords...but this is obviosuly not the soloution, cant create a registration page etc...

I do not have access to an SQL database, only simple access .mdb files

Is there anyway to store the usernames / passwords in an access database, and use this to store credentials...


i only know VB ASP.NET and very new to this, so be gentle :p

Mark
 
Upvote 0 Downvote
Hi,

Dazzled thanks for your help a little config on the iis server worked!

Mark:

try this --

if you configure your web.config like shown below

the Login\Login.aspx is the location of your login page

<authentication mode="Forms">
<forms name=".AISlogin" loginUrl="Login\Login.aspx"
protection="All" timeout="20">
</forms>
</authentication>

the the apsx.vb code should look like this on the button_click code

' declare all you variable here i.e
Dim strSQL As String
Dim dr As SqlDataReader

'connect to the db here

strSQL = "select password from (your table name here) where username ='" & Txt_userName.Text & "'"

CmdCommand = New SqlCommand(strSQL, 'your connection name)

dr = CmdCommand.ExecuteReader(CommandBehavior.CloseConnection)

If dr.Read() Then

If dr("password").ToString = Txt_passWord.Text Then
FormsAuthentication.RedirectFromLoginPage(Txt_userName.Text, False)

Else
Lbl_info.Text = "invalid password"
End If
Else
Lbl_info.Text = "invalid username"
End If

dr.Close()

here you will look in your database table that holds the user creditials and see's if the username exists if it does it will compare the username against the password, if it is correct it will redirect to the page the user was tring to get to (or will default to the default.aspx page if the user had just entered the site)

hope this helps
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
864
Makumbi256
Makumbi256
Moregelen
  • Locked
  • Question
Domain Authentication
Replies
0
Views
894
Moregelen
Moregelen
G12Consult
  • Locked
  • Question
Forms authentication not working
Replies
4
Views
704
Rajkumarrrrr
Rajkumarrrrr
G12Consult
  • Locked
  • Question
Importing Excel to SQL Server using EPPlus
Replies
3
Views
673
jbenson001
jbenson001
NoCoolHandle
  • Locked
  • Question
Integrate Facebook (social) logins with Forms authentication..
Replies
0
Views
302
NoCoolHandle
NoCoolHandle

Part and Inventory Search

Sponsor

Back
Top