Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Problem with ASP.NET Forms Authentication

Options
  • 15-10-2008 1:13pm
    #1
    Malice
    Registered Users Posts: 15,065 ✭✭✭✭


    This is something very strange that I haven't seen before. Hopefully someone can shed some light. Basically I have an ASP.NET application running without issues on it's own domain (let's say www.test.com). I am currently in the process of adding some functionality to it. I am not experiencing any issues with the version running locally on the development machine.

    The problem I am experiencing is that when I upload the application to a sub-folder (let's say www.test.com/update/), I have a problem with the forms authentication. I log in as a user and seem to be authenticated correctly but the code that changes one of the menu options from Login to Logout doesn't execute.

    The menu generation code looks like this:

    [PHP]public static string CreateTopMenu()
    {
    StringBuilder output = new StringBuilder();

    // ... Code omitted for clarity.
    if (IsUserLoggedIn())
    {
    output.Append("<li><a href=\"Logout.aspx\">Logout</a></li>");
    }
    else
    {
    output.Append("<li><a href=\"Login.aspx\">Login</a></li>");
    }

    // ... Code omitted for clarity.

    return output.ToString();
    }[/PHP]

    The IsUserLoggedIn code looks like this:

    [PHP]public static bool IsUserLoggedIn()
    {
    if (HttpContext.Current.User.Identity.IsAuthenticated)
    {
    return true;
    }
    else
    {
    return false;
    }
    }[/PHP]

    The login code looks like this:

    [PHP]private void cmdSubmit_Click(object sender, System.EventArgs e)
    {
    // ... Code omitted for clarity.

    if (ValidateUser(txtUserName.Text, txtUserPassword.Text))
    {
    FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);
    }

    // ... Code omitted for clarity.
    }[/PHP]

    CreateTopMenu() and IsUserLoggedIn() are static methods in a utility class as they are referenced in various places whereas cmdSubmit_Click() is part of a page called Login.aspx.

    When a user logs in successfully, I save some information about them to a Session variable. This information is being saved as expected in all versions of the application. Is there any reason why the HttpContext.Current.User.Identity.IsAuthenticated value should be false even after a user has logged in? Does this have anything to do with the fact that the application is running in a subfolder rather than the root of the domain?

    Any help with this is greatly appreciated as it has me quite confused.


Comments

  • Options
    #2
    nialo
    Registered Users Posts: 610 ✭✭✭nialo


    No sure if you have the complete code in but have you initialized the forum authentication? But from my understanding of things your missing a chunk in your validateUser if statement.

    something like :

    [PHP]FormsAuthentication.Initialize();
    String strRole = AssignRoles(txtUsername.Text);

    //The AddMinutes determines how long the user will be logged in after leaving
    //the site if he doesn't log off.
    FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
    txtUsername.Text, DateTime.Now,
    DateTime.Now.AddMinutes(30), false, strRole,
    FormsAuthentication.FormsCookiePath);
    Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
    FormsAuthentication.Encrypt(fat)));
    Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false));[/PHP]

    or take a look at this link. http://www.dotnetfunda.com/articles/article141.aspx


  • Options
    #3
    Malice
    Registered Users Posts: 15,065 ✭✭✭✭Malice


    nialo wrote: »
    No sure if you have the complete code in but have you initialized the forum authentication? But from my understanding of things your missing a chunk in your validateUser if statement.
    Sorry, I probably should have added that code into my post. All the ValidateUser() function does is validate the entered username and password against the database and return true or false.
    nialo wrote:
    something like :

    [PHP]FormsAuthentication.Initialize();
    String strRole = AssignRoles(txtUsername.Text);

    //The AddMinutes determines how long the user will be logged in after leaving
    //the site if he doesn't log off.
    FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1,
    txtUsername.Text, DateTime.Now,
    DateTime.Now.AddMinutes(30), false, strRole,
    FormsAuthentication.FormsCookiePath);
    Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName,
    FormsAuthentication.Encrypt(fat)));
    Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false));[/PHP]

    or take a look at this link. http://www.dotnetfunda.com/articles/article141.aspx
    I wasn't aware that FormsAuthentication.Initialize() had to be called. I'll take a look at that link and see if it helps.

    Thanks for your input!


Advertisement