Wrox Programmer Forums
|
ASP.NET 1.0 and 1.1 Professional For advanced ASP.NET 1.x coders. Beginning-level questions will be redirected to other forums. NOT for "classic" ASP 3 or the newer ASP.NET 2.0 and 3.5
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old September 9th, 2003, 03:31 AM
Authorized User
 
Join Date: Sep 2003
Posts: 41
Thanks: 0
Thanked 0 Times in 0 Posts
Default Authentication in ASPX(VB .NET)

I am wondering if anyone can help me.

I have designed a dynamic website using asp .NET and need to create a login for a secure area to access a database (using MSDE) I have got the thing to work locally (IE On the machine the website is stored) but when I try to test it out over my LAN, I can seem to get access to the secure data. I am a newbie at ASP, but no one on the beginners page seemed to be able to help so I thought I'd try here.


Below is the web.config code:
<configuration>

    <appSettings>

    </appSettings>

<system.web>
        <customErrors mode="Off" />
            <authentication mode="Forms">

                    <forms name=".ASPXAUTH"
                           loginUrl="login.aspx"
                           protection="Validation"
                           timeout="999999" />

             </authentication>




        <!--

            The <authorization> section enables developers/administrators to configure
            whether a user or role has access to a particular page or resource. This is
            accomplished by adding "<allow>" and "<deny>" sub-tags beneath the <authorization>
            section - specifically detailing the users/roles allowed or denied access.

            Note: The "?" character indicates "anonymous" users (ie: non authenticated users).
            The "*" character indicates "all" users.
        -->
            <authorization>
               <deny users="?" />
            </authorization>

    </system.web>
</configuration>

And below is the code for login.aspx

<%@ Page Language="VB" ContentType="text/html" ResponseEncoding="iso-8859-1" %>
<%@ Register TagPrefix="MM" Namespace="DreamweaverCtrls" Assembly="DreamweaverCtrls,version=1.0.0.0,publicK eyToken=836f606ede05d46a,culture=neutral" %>
<%@ Import Namespace="System.Web.Security"%>
<MM:DataSet
id="DataSet1"
runat="Server"
IsStoredProcedure="false"
ConnectionString='<%# System.Configuration.ConfigurationSettings.AppSett ings("MM_CONNECTION_STRING_Test") %>'
DatabaseType='<%# System.Configuration.ConfigurationSettings.AppSett ings("MM_CONNECTION_DATABASETYPE_Test") %>'
CommandText='<%# "SELECT * FROM dbo.USERS WHERE userName = @userName and password = @password" %>'
Expression='<%# IsPostBack %>'
Debug="true"
><Parameters>
  <Parameter Name="@userName" Value='<%# IIf((Request.Form("txt_user") <> Nothing), Request.Form("txt_user"), "") %>' Type="NVarChar" />
  <Parameter Name="@password" Value='<%# IIf((Request.Form("UserPass") <> Nothing), Request.Form("UserPass"), "") %>' Type="NVarChar" />
</Parameters></MM:DataSet>
<MM:PageBind runat="server" PostBackBind="true" />
<Script runat="server">
Sub Page_Load(Src As Object, E As EventArgs)
If Not IsPostBack Then
 Validate()
End If
End Sub

</Script>
<html>
<head>
<title>Login page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<%
  if DataSet1.recordcount > 0 then
    FormsAuthentication.RedirectFromLoginPage(txt_User .Text,true)
  else if ((Request.Form("UserPass"))) <> Nothing OR ((Request.Form("txt_user"))) <> Nothing
    response.Write("Login failed. Please try again.")
  end if
%>

rest of page here

Can anyone offer any suggestions?

Thanks in advance


---
David Thorne, Student
UK
__________________
---
David Thorne, Student
UK
 
Old September 9th, 2003, 08:31 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 1,110
Thanks: 0
Thanked 3 Times in 3 Posts
Default

"but when I try to test it out over my LAN, I can seem to get access to the secure data."

On your local machine it allows you to login and on any other machine it also allows you to log in as well?

If so, that's what it is supposed to be doing.
 
Old September 9th, 2003, 08:46 AM
planoie's Avatar
Friend of Wrox
 
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

David,

Your web.config looks ok. I'm a little thrown off by the format of the dreamweaver created code. Your login page looks an awful lot like classic ASP so it's not as easy to troubleshoot.

Does the whole website need to be protected? Or only a particular section of it?

Can you explain in more detail exactly what is and is not working between "localhost" access and remote access? Everything looks ok on the config, and you say that the page is working alright so we'll need more specifics on what you are experiencing to figure it out.

Peter
 
Old September 9th, 2003, 09:47 AM
Authorized User
 
Join Date: Sep 2003
Posts: 41
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The reason for the "classic asp" look is the fact the code came out of a magazine (".NET", if that helps, but I used dreamweaver for the database connection) and thats how it told me how to do it. Dreamweaver MX apparently likes classic asp (You should see what it does with php, sorry should swear like that here!;)) Only a Members directory needs to be protected. I tried <allow users="Members" /> <deny users="*" /> which is what a book my friend owns suggests. but that didn't allow me in on either localhost or via the LAN (I was left at the login page, regardless of correct username/password combos)

With regards to it working/not working, I can login fine on the under localhost (IE http://localhost/website_Directory/Members/login.aspx) and default.aspx diverts me to login.aspx if I haven't logged in (Or I have manually deleted the cookie!) however when I try and access it over the LAN (At http://My_laptop_name/Website_Direct...ers/login.aspx) I can not login. I just keep getting reverted back to login.aspx. The machine keeps me out of default.aspx as I believe it should (IE it rediverts me to login.aspx) the same happens if I try and access my desktop rather than my laptop (I stored the site on my desktop for a while to see if it was an IIS config problem)

I don't know how else to explain the situation!

---
David Thorne, Student
UK
 
Old September 9th, 2003, 09:58 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 1,110
Thanks: 0
Thanked 3 Times in 3 Posts
Default

Try using the ip address instead of localhost and it shouldn't be your laptop name. It should be the ip address of the machine with IIS on it.
 
Old September 9th, 2003, 10:58 AM
planoie's Avatar
Friend of Wrox
 
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
Default

Well, that makes no sense to me. It sounds like forms authentication is working correctly. Doesn't make any sense however that it would behave differently when you call the server by a different name. Calling it by IP address shouldn't make any difference. There isn't some data issue is there?

In all examples you are running the application on your laptop and you are calling the application from a browser on the laptop as well? You are just changing the name of the server.

Something I noticed that's unrelated but wanted to point out. There's a little cleaner way to write a line you have in your page:
...
ElseIf Request.Form("UserPass") Is Nothing OR Request.Form("txt_user") Is Nothing
...
I think I maintained the correct logic for you.

As far as how to authenticate the particular section:
Not sure if you have this figured out already. If you put the forms authentication in a web.config inside the "Members" directory which restricts it as you have in your web.config above, you'll get security on that directory. But leave the authentication settings as-is in the web.config that's in the root of the application to make the rest of the application accessible to anonymous users. Conversly you can do just the opposite: Make a whole site "private", but override the web.config settings in one directory to make some contents "public".

Peter





Similar Threads
Thread Thread Starter Forum Replies Last Post
Include Namespace in .aspx.vb?? mikedeepak Visual Studio 2005 6 June 1st, 2007 04:31 AM
How to know aspx or .vb name cbrknight1 Classic ASP Professional 2 April 26th, 2005 02:24 PM
ASPX role authentication digriz60 ASP.NET 1.0 and 1.1 Basics 3 November 5th, 2003 11:48 AM
Authentication in ASP .NET (VB) CFerthorney ASP.NET 1.0 and 1.1 Basics 1 September 25th, 2003 07:17 PM
SQL authentication is ASPX application saint SQL Server ASP 11 June 14th, 2003 04:19 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.