Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Problem with ASP.NET Authentication

Tags:

c#

asp.net

I'm having problem with our login procedure.

Some customers complain that they can't login. I can see in our logs that their login is successful and that they are redirected from the login page to the member area. But there somehow the login isn't detected and they are bounced back to the login page.

I've asked customers to check if cookies are supported (http://www.html-kit.com/tools/cookietester/) but problem remains even if this test returns true.

This is how I've implemented the login procedure (simplyfied):

protected void Login(string email, string password)
{

FormsAuthentication.SignOut();


Guid clientId = /* Validate login by checking email and password, if fails display error otherwise get client id */


FormsAuthentication.SetAuthCookie(clientId.ToString(), true);

HttpContext.Current.Response.Redirect("~/Members.aspx");


}

On the member page I check for authentication by in Page_Load function:

public static void IsAuthenticated()
{
 if (!HttpContext.Current.User.Identity.IsAuthenticated)
 {
         HttpContext.Current.Response.Redirect("~/Login.aspx", true);
 }
}

Maybe I'm using FormsAuthentication completely wrong?

I've asked this before but still haven't been able to figure this out, I'd appreciate any help.

From my Web.Config:

<system.web>
    <compilation debug="false">
      <assemblies>
       ...
      </assemblies>
    </compilation>
    <authentication mode="Forms"/>
    <sessionState mode="InProc" cookieless="false" timeout="180"/>
    <customErrors mode="On"/>
    <httpHandlers>
    ...
    </httpHandlers>
    <httpModules>
    ...
    </httpModules>   </system.web>
like image 310
Niels Bosma Avatar asked Feb 25 '26 15:02

Niels Bosma

1 Answers

public static void IsAuthenticated() { if (!HttpContext.Current.User.Identity.IsAuthenticated) { HttpContext.Current.Response.Redirect("~/Login.aspx", true); } }

is not necessary when you use forms authentication.

When you specify the forms authentication in the web.config (in which you also specify the login page)

<authentication mode="Forms">
  <forms loginUrl="/Authorization/Login" timeout="60" />
</authentication>

and you deny all non-athenticated users access

<authorization>
          <deny users="?" />
      </authorization>

you don't have to check the authentication of a user yourself, the framework takes care of that.

I would place the FormsAuthentication.SignOut(); code behind a 'logout' link

like image 80
Michel Avatar answered Feb 28 '26 05:02

Michel
Sign in to Comment

Related questions

How to read file from specific position using StreamReader in C#?
Problematic behavior of Linq Union?
Does binarywriter.flush() also flush the underlying filestream object?
SqlException: User does not have permission to perform this action
Datagrid nested inside another datagrid's RowDetailsTemplate breaks mouse wheel scrolling
Why does setting a form's enabled property crash the application?
How do I count the number of bytes read by TextReader.ReadLine()?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!