[CLOSED] Forms authentication RedirectFromLoginPage not working

  1. #1

    [CLOSED] Forms authentication RedirectFromLoginPage not working

    Hi,

    New project, new problems :)

    I'm using forms authentication in this new project. The FormsAuthentication.RedirectFromLoginPage code, doesn't redirect me to the initial page , but when failure the messagebox opens.. so that works. Any idea ?

    These are my settings in the web.config:

    <authentication mode="Forms">
              <forms 
                     loginUrl="Login.aspx" 
                     defaultUrl="Default.aspx" 
                     slidingExpiration="true" 
                     timeout="60" 
                     name=".Auth" 
                     protection="All">
              </forms>
              
          </authentication>
        <authorization>
            <deny users="?"/>
        </authorization>
    I've added this to the global.asax

    protected void Application_AuthenticateRequest(object sender, System.EventArgs e)
        {
            string url = HttpContext.Current.Request.RawUrl.ToLower();
            if (url.Contains("ext.axd") || url.Contains(".css"))
            {
                HttpContext.Current.SkipAuthorization = true;
            }
        }
    and this is the login page (html)

    <%@ Page Language="C#" CodeFile="Login.aspx.cs" Inherits="Login" %>
    <%@ Register Assembly="Ext.Net" Namespace="Ext.Net" TagPrefix="ext" %>
    <!DOCTYPE html>
    <html>
    <head id="Head1" runat="server">
        <title>Inloggen CarWise Support</title>
        <link href="Style/StyleSheet.css" rel="stylesheet" type="text/css"/>
    </head>
    <body>
        <form id="Form1" runat="server">
            <ext:ResourceManager ID="ResourceManager1" runat="server" CleanResourceUrl="false"/>
            <ext:Window ID="winLogim" 
                runat="server" 
                Width="350"
                Height="120"
                Title="Inloggen CarWise Support"
                Icon="LockAdd"
                Closable="false"
                BodyPadding="5"
                Layout="Form">
                <Defaults>
                    <ext:Parameter Name="LabelWidth" Value="125" Mode="Raw" />
                </Defaults>
                <Items>
                    <ext:NumberField 
                        ID="nfLogin" 
                        runat="server"                    
                        FieldLabel="Login"
                        AnchorHorizontal="100%" 
                        HideTrigger="true"
                        />
                    <ext:TextField ID="tfPassword" 
                                   runat="server"                     
                                   Vtype="password"
                                   FieldLabel="Wachtwoord"
                                   InputType="Password"
                                   MsgTarget="Side"
                                   AnchorHorizontal="100%"/>     
    
    
                    <ext:Button ID="btnLogin" Text="Inloggen" runat="server">
                        <DirectEvents>
                            <Click OnEvent="Button_Click"/>
                        </DirectEvents>
                    </ext:Button>
                </Items>            
            </ext:Window>                
       </form>
    </body>
    </html>
    Codebehind

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Web.Security;
    using System.Web.Services;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using Ext.Net;
    
    
    
    
    public partial class Login : System.Web.UI.Page
    {
        protected void Button_Click(object sender, DirectEventArgs e)
        {
            String cDebiteurID = nfLogin.Text;
            String cPassword = tfPassword.Text;
           
            if (cDebiteurID="1" && cPassword="password")
            {
                FormsAuthentication.RedirectFromLoginPage(cDebiteurID, false);
            }
            else
            {
                ExtNet.Msg.Alert("Foute login", "De door u gekozen combinatie is bij ons niet bekend.").Show();
            }
        }
    }
    Last edited by Daniil; Jun 04, 2012 at 4:15 PM. Reason: [CLOSED]
  2. #2
    Standard redirect methods will not work with direct events
    Please use
    X.Redirect(FormsAuthentication.GetRedirectUrl(cDebiteurID, false));
    I've added this to the global.asax

    1
    2
    3
    4
    5
    6
    7
    8
    protected void Application_AuthenticateRequest(object sender, System.EventArgs e)
    {
    string url = HttpContext.Current.Request.RawUrl.ToLower();
    if (url.Contains("ext.axd") || url.Contains(".css"))
    {
    HttpContext.Current.SkipAuthorization = true;
    }
    }


    It is big security hole on your application. If i add the following query string to url then authorization will be skipped
    url?ext.axd
    May be this version is better
    protected void Application_AuthenticateRequest(object sender, System.EventArgs e)
            {
                string url = HttpContext.Current.Request.FilePath;
    
    
                if (url.EndsWith("ext.axd"))
                {
                    HttpContext.Current.SkipAuthorization = true;
                }
            }
  3. #3
    Also, try to update from SVN. Recently, we fixed one bug os related with forms authentication
  4. #4
    Quote Originally Posted by Vladimir View Post
    Also, try to update from SVN. Recently, we fixed one bug os related with forms authentication
    Thanks for the info Vladimir. I've copied and pasted the global.asa code from earliers posts.. so need to be more careful :)

    I will look into your remarks..

    Martin
  5. #5
    Quote Originally Posted by Vladimir View Post
    Standard redirect methods will not work with direct events
    Please use
    X.Redirect(FormsAuthentication.GetRedirectUrl(cDebiteurID, false));
    I needed one extra line of code above this one. Otherwise it was an endless loop login --> login ---> login: (although the validation was correct)

    FormsAuthentication.SetAuthCookie( Convert.ToString( DebiteurID ) , false );
    Now it works

    Regards,

    Martin
  6. #6
    Yes, that is correct.

Similar Threads

  1. FormsAuthentication.RedirectFromLoginPage
    By Daimon in forum 1.x Help
    Replies: 0
    Last Post: Nov 19, 2010, 10:06 PM
  2. [CLOSED] Caching issue when forms authentication is enabled
    By jskibo in forum 1.x Legacy Premium Help
    Replies: 10
    Last Post: Sep 22, 2009, 12:25 PM
  3. [CLOSED] AjaxMethod and Forms authentication
    By tdracz in forum 1.x Legacy Premium Help
    Replies: 3
    Last Post: Jul 20, 2009, 7:57 PM
  4. Replies: 4
    Last Post: May 07, 2009, 11:44 PM
  5. [CLOSED] Forms Authentication and Coolite (Ext)
    By reinout.mechant@imprss.be in forum 1.x Legacy Premium Help
    Replies: 2
    Last Post: Mar 04, 2009, 11:18 AM

Posting Permissions