secure connection causing problems

Hi, I just modified my web.config file to set authorization to forms and only allow access to authenticated users.  Then I added this into the page_Load of my login.aspx page:

If Not Request.IsSecureConnection Then

Dim sURL As String

sURL = Request.Url.ToString.Replace("http:", "https:")

Response.Redirect(sURL)

End If

And now it can't even find my login.aspx page.  So I took that out to see if the rest of the code would work which includes this if the user is in my database:

FormsAuthentication.RedirectFromLoginPage(Email, False)

and that doesn't work either!  Can somebody please tell me what I'm doing wrong here?  Thanks

0
em23
4/7/2005 8:35:41 PM
asp.net.security 27051 articles. 1 followers. Follow

9 Replies
455 Views

Similar Articles

[PageSpeed] 23

are you using a digital certificate for your website?

you might be mistaking, restricting access to your website <> (SecureConnection = https)

0
wysiwyg
4/8/2005 2:04:45 AM

No I'm not.  Sorry about that.  All I did was in the code that I mentioned above.  I still can't figure this out.  Any ideas?

0
em23
4/8/2005 2:28:57 AM

You have to be more specific what is not working..... Put break point in the Page load event... Check if Authentication Ticket is getting created....Cookie is being added to response .... What is Url for ReturnUrl .....etc ....

If you are not geeting to the login page then what is the Authentication section read in web.config ...


ASP.Net Tips & Tricks - Jawad's Blog
0
JawadKhan
4/8/2005 2:58:12 AM
 em23 wrote:

No I'm not. 

 

You mean you are not using a digital certificate or you are not mistaking?

If you do not have a digital certificate, you do not have a secure connection and hence your login page can only be accessed via http and not https.

0
wysiwyg
4/8/2005 5:33:34 AM
Oh OK, I'm not using a digital certificate.  I guess I misunderstood the book that told me to use that code.  However, even though I'm not using a certificate, I'd still like to use the forms authentication class to log users in, however I couldn't get that working either using the code I mentioned above.  The other problem I had is:  In my web.config file, I set authentication to "forms", but users are only required to be logged in for one of my 5 forms.  But by setting authentication to "forms" it was redirecting users over to the login page whenever any of the 5 forms were accessed!  That's useless!  Any thoughts on these issues?  Thanks
0
em23
4/8/2005 11:54:06 AM

You have to use location tag in your web.config file. And set Authorization section to allow annonymous access to other 4 Forms. You have to move the other 4 forms to different folder.

Alternatively you can put another web.config file in that folder and set the authorization .


ASP.Net Tips & Tricks - Jawad's Blog
0
JawadKhan
4/8/2005 4:02:14 PM
Thanks.  Sorry to be a pain but the book I have doesn't cover what you mentioned - the location(?) tag.  Do you have any sample code on this?  Thanks
0
em23
4/8/2005 6:53:28 PM

<configuration>
  <system.web>
    <authentication mode="Forms">
      <forms name="TestAuthCookie" loginUrl="login.aspx" timeout="30">
        <credentials passwordFormat="Clear">
          <user name="user1" password="pass1"/>
          <user name="user2" password="pass2"/>
        </credentials>
      </forms>
    </authentication>
  </system.web>
  <location path="admin">
    <system.web>
      <authorization>
         <deny users="?" />
      </authorization>
    </system.web>
  </location>
</configuration>
Here is an example ....Offcourse you don't have to include user name and passwords ....

So in this case there is a folder under Application root called admin .... the admin folder disallows annonymous access so the form that requires login goes here the rest go in root.


ASP.Net Tips & Tricks - Jawad's Blog
0
JawadKhan
4/9/2005 4:53:13 AM
This is huge!  Thank you.  I'll try this out.
0
em23
4/9/2005 1:38:11 PM
Reply: