Authenticated users not getting access to secured pages????? What can I do?

Ok I have a simple login page using the login control. Once the user's name and password is found it should take them to main.aspx page. Only authorized users can access teh main.aspx page.

 Heres teh code for that:

Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
        Dim Authenticated As Boolean = False
        Authenticated = Authenticate(Login1.UserName, hashPwrd())
        e.Authenticated = Authenticated
        If Authenticated = True Then
            Session("user") = Login1.UserName
            Response.Redirect("main.aspx")
        Else
            'Response.Redirect("default.aspx")
        End If
    End Sub

    Private Function Authenticate(ByVal user As String, ByVal pwrd As Byte()) As Boolean
        Dim valid As Boolean = False

        Dim userConnStr As String = ConfigurationManager.ConnectionStrings("userConnStr").ConnectionString
        Dim userCon As New SqlConnection(userConnStr)
        Dim userStr As String = "SELECT userName FROM ikronUsers WHERE userPwrd=@pwrd"
        Dim userReader As SqlDataReader
        Dim userCmd As New SqlCommand(userStr, userCon)
        userCmd.Parameters.AddWithValue("@pwrd", pwrd)
        userCon.Open()
        userReader = userCmd.ExecuteReader()
        If userReader.HasRows Then
            valid = True
        End If
        userCon.Close()
        Return valid
    End Function

 

The web.config file has the following in it:

<authentication mode="Forms">
      <forms name="rdShow" loginUrl="default.aspx" protection="All" path="/" />
    </authentication>
    <authorization>
      <deny users="?" />
    </authorization>

 

So the problem is that after the user is authenticated he should be redirected to the main.aspx page. However all that happens is the user is still on the default.aspx page. What could be causing this???

0
loki70x7
5/1/2009 6:07:25 PM
asp.net.security 27051 articles. 1 followers. Follow

7 Replies
761 Views

Similar Articles

[PageSpeed] 58

 Did you try debugging. Is the Authenticated returning true?


Kumar Reddi
0
Kumar
5/1/2009 6:56:54 PM

 Well I wondered about that and changed the code to the below:

Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
        Dim Authenticated As Boolean = False
        Authenticated = Authenticate(Login1.UserName, hashPwrd())
        'e.Authenticated = Authenticated
        If Authenticated = True Then
            e.Authenticated = True
            Session("user") = Login1.UserName
            Response.Redirect("main.aspx")

        Else
            'Response.Redirect("default.aspx")
        End If
    End Sub

 

But still does not work.............

0
loki70x7
5/1/2009 7:01:00 PM

loki70x7:

        Authenticated = Authenticate(Login1.UserName, hashPwrd())

 

I meant to ask, if this function is returning True. Did you try debugging and see if your code is going into the If Authenticated .... loop


Kumar Reddi
0
Kumar
5/1/2009 7:05:34 PM

Yes after debugging the function did go into the If authenticated loop. and it is returning True.

 Any ideas?

0
loki70x7
5/1/2009 7:11:50 PM

 ok. Cant you use the asp.net function to redirect the user instead of calling the response.redirect

 FormsAuthentication.RedirectFromLoginPage(Login1.UserName, false)

 


Kumar Reddi
0
Kumar
5/1/2009 7:30:38 PM

Hmmm I added in the following:

Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
        Dim AuthenticUser As Boolean = False
        AuthenticUser = AuthenticateUser(Login1.UserName, hashPwrd())
        'e.Authenticated = Authenticated
        If AuthenticUser = True Then
            e.Authenticated = True
            FormsAuthentication.RedirectFromLoginPage(Login1.UserName, False)
            Session("user") = Login1.UserName
            Response.Redirect("main.aspx")
        Else
            'Response.Redirect("default.aspx")
        End If
    End Sub

 

It seems to be workign for now. Thanks for the advice.

0
loki70x7
5/1/2009 8:05:17 PM

loki70x7:

            Session("user") = Login1.UserName
            Response.Redirect("main.aspx")
     
 

By the way those two lines of code never executes. So, if you want to store the username in the session, move it up, before the RedirectFromLoginPage function call


Kumar Reddi
0
Kumar
5/1/2009 8:28:21 PM
Reply:

Similar Artilces:

Get Good Jobs In AUSTRALIA
Due to High Security Risk I have hidden the Videos in an Image In that Website on below Search Box Click on Image and Watch Videos. http://www.webinfoforall.be.tf ...

Accessing properties of a skinned tag programmatically
 Hey All...I am working on cleaning up some code in a web app and have been trying to manage image urls as cleanly as possible and so that they all remain specific to each theme. I have a situation where some images are changed programatically depending on conditions, such as enabling and disabling button images. So for example:Some Skins:<asp:ImageButton runat="server" SkinID="OKButtonEnabled" src="~/App_Themes/CoolTheme/Images/ButtonEnabled.png" /><asp:ImageButton runat="server" SkinID="OKButtonDisabled" src="~/App_Themes...

Multiple Proxy authentications
Name: Thomas Schnetzer Email: thomasdotschnetzeratbluewindotch Product: Shiretoko Summary: Multiple Proxy authentications Comments: We use an proxy whit authentications so when I open more than one tab “open all in tabs” or the automatic plug-in Update is activated than it received a proxy authentications box fore each tap or plug-in. We I had authenticated it works well. Exemple: I have 7 plugins so after the update to Firefox 3.1b1 the plug-in update process started and it open six proxy authentications boxes that I must approve. Regards Thomas Schnetzer Br...

Proxy into another users Archive?
I am assuming GW 7 & 8 doesn't offer this but if not I would like to add it to a GroupWise Wish list. I would like to be able to not only view individuals main email box but their archived email box as well. There have been many times in the past as well as just recently that we have needed to view an employees email box and archive because they had "forgetten" to save an important email to the proper location and went on vacation. I know theres probably software out that will keep all the archives like GWAVA Retain but they cost money and sometimes us small bus...

How can I place check marks on dw_1, datawindow object columns
Hi On my d_security_detail datawindow object I have ten columns with CheckBox selected on the Style Type on the Edit tab with Data Value for On = 1 and Data Value for Off = 0. What I want to do is if the first column is checked, that the rest of the nine column be checked also. When I place the following script on the clicked event on the dw_1, it work if I clicked for the second time. I tried different event but with no success. Below is the script on the click event of the dw_1. Thanks in advance. IF dw_1.object.data[1,4] = '1' THEN // Administrator dw_1...

creating user controls dynamically
hi,i have made a user control.i have to create this user control dynamically..I have a textbox where i will enter how many user controls that  I have to make..and I have to make that much usrcontrols in  the webpage.is there any way?thks in advance,  |__Roshan__| You can create control in OnInit() method and add to page control collection Control c = new Control. Page.Controls.Add(c); Hope this is what you want. You may put this code in to loopEverything is possible! As i understood you, you want to add your already created user control dynamically! Control uc = P...

Print page of thumbnails
Hi all, I'm looking for an application or utility that would allow me to print a page of thumbnails from multiple directories. I ordered several hundred prints online and when I got them they were all mixed up, so I would like to print out thumbnails so I can figure out where in the album they should go. Thanks for any suggestions. Cyclone In article <giu02a$1qfc$1@news.grc.com>, user@example.net says... > Hi all, > I'm looking for an application or utility that would allow me to > print a page of thumbnails from multiple directories. I ordered s...

Problems with AD Authentication
I am trying to get my web application to require login and authenticate against Active Directory.  I have tried every possible variation of step by step tutorials out there in an attempt to get this to work.  I am using Visual Studio 2005 and when I right click on my default.aspx and select open in a web browser, everything works perfectly! (I can login with my username and password) As soon as I post it to the intranet on a Windows 2003 server running IIS 6.0, It bombs out when I attempt to login.  I get this: Configuration Error Description: An error occurred duri...

Microsoft to beta test security updates on CD
Microsoft is considering a release of security updates on CD for users of its older operating systems who lack broadband connections to the Internet, according to an email sent to prospective beta testers on this week. The email invites beta testers who are using Windows 98, Windows 98 Second Edition, and Windows Millennium to join a test of a CD that will include aa pertinent critical security patches found on the WindowsUpdate website. http://www.itnews.com.au/storycontent.asp?ID=9&Art_ID=17272 -- Regard: Joh@nnes "If U know neither the enemy nor yourself,U will succumb i...

why parent page getting refreshed?
I have a simple anchor link on a page which opens another page Webform1.aspx in a new window. When i click on a link it opens webform1.aspx in a new window but it also refreshes Parent page and parent page becomes blank and parent page only shows [object]. I dont know why <a href="javascript:window.open('WebForm1.aspx','_blank','height=650,width=800,status=yes,toolbar=no,menubar=no,location=no')">test</a> Try this instead: Set the href to just = "#"  Add the onclick handler to execute the window.open code ...

Strongly typed names for other pages
I'm in the process of converting a VS2003 Web-project to a VS2005 project, and after the upgrade wizard gave so many errors regarding the way my previous site was written, I've decided to re-write the entire site. (The main reason was that I was using a hierarchy of inherited pages, with a base page for each directory inheriting from a main base page, which manually wrote out code. Each page that I had included just the 'content' for that page, however VS2005 doesn't like this, so I have to rewrite all pages to use Master pages, especially if I want to use design view). One thing ...

Grabbing a user controls HTML.
Is it possible to grab the html output of a user control and then transfer that string stream which then i can use to send an email with? I can't seem to find references if this is possible. Thanks. ..intrino. I figured it out...well I found my answer (again with 4guysfromrolla) Here is the tutorial ..intrino....

how to automatically "Save " a page after certain intervals without clicking "Save Page As..."
Hi, I want to save a web page automatically in my local memory after certain interval . Suppose I have opened my yahoo mail account in firefox . I want to save the opened page again and again after certain interval in my hard disk( i will refresh the page in the mean time using javascript) without any mouse click . I will overwrite the file again and again . I will supply the current url of my current session . Can you help me by giving hints or any code for this automatic "save page as..."? Regards Subhadip On Mar 28, 6:07 pm, "subhadip" <subh...

Authenticating and Redirecting between 2 sites
I built and ASP.NET web application for interfacing with a database.  This application uses Forms authentication.  Prior to building this, we had a traditional static HTML site which was and still is hosted elsewhere.  I placed a simple <form method="post"> form on this hosted site to accept login information and set the action to the ASP.NET application which is hosted on another machine.  This worked fine.  We have since moved the static HTML site to a host supporting ASP.NET and I am now porting the old static HTML site to ASP.NET.&...

[wxperl-users] [ANNOUNCE] wxPerl 0.12
A new version of wxPerl, the Perl bindings to wxWindows is out! You can download the source from CPAN. Binary packages for ActivePerl/Win32 6xx builds and Red Hat Linux are available along with documentation in HTML and MS HTML Help format from http://wxperl.sourceforge.net/ Changes since the last version: - new DEPRECATIONS section in README.txt, please read it - it is now possibile to get the native handle of a Wx::Window - implemented wxWizard and related classes - Document/View framework (thanks to Simon Flack) - Mostly completed wxSt...

Web resources about - Authenticated users not getting access to secured pages????? What can I do? - asp.net.security

Authenticated encryption - Wikipedia, the free encyclopedia
Authenticated Encryption ( AE ) or Authenticated Encryption with Associated Data ( AEAD ) is a block cipher mode of operation which simultaneously ...

Google Spam Report (Authenticated) - Flickr - Photo Sharing!
When you are logged into Google Webmaster Central, you can report any site that is spamming the SERPs through this tool. Post at Does Google ...

Authenticated electricity: Sony power outlets will charge you for charging
Sony is building a new kind of power outlet that raises a not entirely pleasant prospect—in the future, plugging a phone into a public wall socket ...

MLB Authenticated Game-Used Base Bar Stool
Like. From The Green Head: "If you love America's favorite pastime, now you can sit on an actual piece of it. These unique collectible bar stools ...

C-SPAN Moving to Authenticated TV Ch. Streaming
C-SPAN is launching a beta test of its migration of live online feeds of its TV channels—C-SPAN 1,2,3—to an authentication model starting Monday, ...

FDA "Corruption" Letter Authenticated: Lawyers, Start Your Engines!
The FDA's official recognition of the letter means that lawyers who want to use it to demonstrate that the FDA isn't perfect won't have to go ...

Buddy Rich's Authenticated and Complete 1960s Zildjian Cymbal Set Available on eBay for $29,995
Buddy Rich's complete 1960s Zildjian cymbal set is available for purchase on eBay. In the massive world of the Internet, anything is apparently ...

FileVault's authenticated restart has hardware requirements
If you use FileVault and wish to restart remotely, you can do so with the 'fdesetup' command; however, this does have some hardware limitations. ...

BREAKING: Michael Brown Audio Aired By CNN Authenticated
Video messaging service Glide has confirmed to the Washington Post the exact time and date the audio recording with gunshot sounds on it was ...

Sheriff: Brenham vet can't be charged with killing cat unless Facebook photo is authenticated
As a team investigated the image, the clinic where Kristen Lindsey worked said Friday that she'd been fired and condemned her post "in the strongest ...

resources last updated: 11/20/2015 12:57:54 AM