Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470391847
Jumping from ASP to ASP.NET
Cover image for product 0470286652
ASP.NET AJAX Control Development with Visual Studio 2008 and .NET 3.5 Framework
View Code Camp Videos - Presentations by Wrox Authors
  Return to Index  

aspx thread: Cookie Authentication w/ Config.Web User/Passwords Question Answered

Message #1 by "Scott Guthrie" <scottgu@m...> on Thu, 22 Mar 2001 12:34:57 -0800
Origional Question

------------------------------



SG:



I noticed beta1 docs show a <credentials> subsection in the <security>

section of the config file.  If i place the <credentials> subsection

underneath the <cookie...> section, no error is thrown, but invalid

logins

(ones that don't meet the user/paasword pair) are not flagged and the

user

is forwarded to the secured page.



<security>

     <authentication mode=3D"[Windows/Cookie/Passport]">

          <cookie cookie=3D"[name]" loginurl=3D"[url]"

decryptionkey=3D"[key]">

               <credentials passwordformat=3D"[Clear, SHA1, MD5]">

                    <user name=3D"[UserName]" password=3D"[password]"/>

               </credentials>

           </cookie>

     </authentication>



     <authorization>

           <allow users=3D"[comma separated list of users]"

                  roles=3D"[comma separated list of roles]"/>

           <deny users=3D"[comma separated list of users]"

                  roles=3D"[comma separated list of roles]"/>

     </authorization>



     <identity>

          <impersonation enable=3D"[true/false]"/>

     </identity>

</security>





am i missing something?



MCA



ScottGu Answer:

------------------------------



Hi Mike,



There is some more information on this in the ASP.NET QuickStart (go to

www.aspnextgen.com/quickstart then visit the "ASP.NET" Quickstart

section -- then click on the "Forms Based Authentication" section under

the Security SubSection.



Basically, to do the actual user/password check against the

usernames/passwords in the config file (as opposed to going against a

database or other store), you should add some code within your

Login.aspx page (the one you set in the "loginurl" attribute on the

<cookie> tag within the config.web file).  This code should call the

"CookieAuthentication.Authenticate" method -- passing in the username

and password.  This static method will then return true or false

depending upon whether the username/password matches in the config file.

You then indicate success or failure of the login to the CookieAuth

system -- which will issue the appropriate cookie token ticket to allow

access to the authorized pages.



More details on the CookieAuthentication class can be found at:

http://www.gotdotnet.com/quickstart/aspplus/samples/classbrowser/vb/clas

sbrowser.aspx?namespace=3DSystem.Web.Security&class=3DCookieAuthenticatio

n



Hope this helps,



Scott

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy