 |
| ASP.NET 1.1 As of 10/6/2005, this forum is locked as part of the reorganization described here: http://p2p.wrox.com/topic.asp?TOPIC_ID=35394. No posts have been deleted. Open ongoing discussions from the last week have been moved to either ASP.NET 1.0 and 1.1 Beginners http://p2p.wrox.com/asp-net-1-0-1-1-basics-60/ or ASP.NET 1.0 and 1.1 Professional. http://p2p.wrox.com/forum.asp?FORUM_ID=50. See my sticky post inside for more. |
Welcome to the p2p.wrox.com Forums.
You are currently viewing the ASP.NET 1.1 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|
|
April 18th, 2005, 04:45 PM
|
|
Authorized User
|
|
Join Date: Mar 2005
Posts: 66
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Apparently, I forgot to change the 'allow' to 'deny' in the authorization. But, I have now. The problem now is that I can't even get into the site. I'm still at the login page. What am I doing wrong?
|
|
April 18th, 2005, 05:52 PM
|
 |
Friend of Wrox
|
|
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
|
|
You need a tutorial that describes the details on how to set this up. In there you'll find the mention of the System.Web.Security.FormsAuthentication class which has the function RedirectFromLoginPage(). This is what actually performs the forms authentication login and sets the token in the cookie that forms authentication is looking for. Then you are logged in. Once this cookie expires your authentication fails and forms authentication sends you back to the login page. This function will automagically redirect you back to the page that triggered the failed authentication so you can "go back to where you were" to a certain extent (page state will be lost).
There is no association between session variables and the web.config file apart from configuring session management.
Having no URL in the meta refresh will simple refresh the current page.
|
|
April 19th, 2005, 10:00 AM
|
|
Authorized User
|
|
Join Date: Mar 2005
Posts: 66
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
I found a tutorial and have added the following to my codebehind button:
FormsAuthentication.RedirectFromLoginPage(txtLogin .Text, False)
I didn't add the if condition since it's not needed. However, it keeps on saying that 'FormsAuthentication' is not declared. At the very top I have:
Inherits System.Web.UI.Page
I tried to add "Inherits System.Web.Security.FormsAuthentication", but it wouldn't let me because it says it would only allow one inheritance. What am I missing here?
Other than this, I still have the stuff you told me to put in my web.config file. Can I change the RedirectFromLoginPage parameter from 'txtLogin.Text' to a session variable so that I know that it timed out? And hence would be redirected to the login page if it is empty.
Also, would this redirect it back to the login page if it went to other pages in the site and session timed out?
So, I really don't need the meta tag, is that correct?
|
|
April 19th, 2005, 10:23 AM
|
|
Friend of Wrox
|
|
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
|
|
Inherits System.Web.Security.FormsAuthentication is the class name. You want just the namespace in your imports:
Inherits System.Web.Security
|
|
April 19th, 2005, 10:26 AM
|
|
Authorized User
|
|
Join Date: Jan 2005
Posts: 35
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
hi, another way to accomplish this is to put the meta tag just in the way you did it, and put some code to dispose the session on the page load method of the page you are redirecting the user(in the url atribute of the meta tag). in that way you are simulating a session expiring and then a redirect, when you are really doing inverselly, but it works as it's doing in the right way for the user side... hope it helps...
|
|
April 19th, 2005, 10:41 AM
|
|
Friend of Wrox
|
|
Join Date: Aug 2003
Posts: 5,407
Thanks: 0
Thanked 16 Times in 16 Posts
|
|
I'm sorry, I responded to quick with the last one... Those shouldn't be inherits, they should be Imports...
Imports System.Web.Security
mh, you don't need to worry about checking whether something has timed out. That's the whole point of forms authentication. It does it for you. The problem is that when the authentication is lost, most likely so will your session, so you might need to check the session to see if the values you need are there depending on what you are doing.
Once you are no longer authenticated you have to log in. Usually, when you log in you set up the session values you are going to need. So your other pages don't need to check these because you'll never see those pages until you are authenticated and thus have the session values you need.
I think you need to do a bit of research on your own on how forms authentication and session state management works in ASP.NET. Me regurgitating what you'll find is much better articles on the subject is not the most efficient way to do this.
|
|
April 19th, 2005, 11:15 AM
|
|
Authorized User
|
|
Join Date: Mar 2005
Posts: 66
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Thanks, Ace. But, that would mean that I have to have a meta tag in all of my pages. Using the forms authentication allows me to use only 2 pages of code for this. But thanks again.
I put:
Inherits System.Web.Security in my codebehind and it says:
'"Inherits" can appear only once within a Class statement and can only specify one class."
My other original inheritance before this is:
Inherits System.Web.UI.Page
What should I do?
|
|
April 19th, 2005, 11:29 AM
|
|
Authorized User
|
|
Join Date: Mar 2005
Posts: 66
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Ok, this is what I have now:
Public Class Login
Inherits System.Web.UI.Page
Imports System.Web.Security
Dim role As String
Private Sub cmdSubmit_ServerClick(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdSubmit.ServerClick
If Session("role") <> "" Then
FormsAuthentication.RedirectFromLoginPage(txtLogin .Text, False)
End If
But, it says:
"The "Imports" statements must precede any declarations." Hence, I get the ""FormsAuthentication" is not declared."
Am I doing this wrong?
|
|
April 19th, 2005, 03:04 PM
|
|
Friend of Wrox
|
|
Join Date: Nov 2003
Posts: 1,348
Thanks: 0
Thanked 5 Times in 5 Posts
|
|
IMPORTS statements go before the class declaration
|
|
April 19th, 2005, 03:32 PM
|
|
Authorized User
|
|
Join Date: Mar 2005
Posts: 66
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Thanks, jbenson for that tip.
How do I set the timeout for the cookies? Isn't it here:
<authentication mode="Forms">
<forms
name=".Session_Auth"
loginUrl="login.aspx"
protection="All"
timeout="2"
path="/"
/>
</authentication>
or am I supposed to do something else? Because it's not timing out.
|
|
|
