I have created Authentication as per the WroxUnited example in CH17.

It works fine if a) you "logout" using the button before closing the browser or b) you delete the cookies from the tools menu on the browser before loading the default.aspx page.

If you dont do either of these tasks then launching the page causes the error shown below.

Can anyone show me a solution for the problem or point out what I have done wrong. I also include the settings from web.congig, Navbar.ascx and login.aspx which is where I think the problem lies.

It must be something to do with the values stored in the .wroxUnited cookie and/or the UserNameCookie and/or the UserLevelCookie. What Code is missing that will resolve this?

*********Browser Error Details****************
Object reference not set to an instance of an object.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.

Source Error:


Line 23: pnlEdit.Visible = True
Line 24: pnlLogin.Visible = False
Line 25: lblStatus.Text = "<br>You are logged in as: " & Request.Cookies("UserNameCookie").Value
Line 26:
Line 27: if Request.cookies("UserLevelCookie").Value = "admin" and right$(Request.ServerVariables("APPL_PHYSICAL_PATH ") ,14)="WroxUnitedSQL\" Then


Source File: C:\BegASPNet11\WroxUnitedSQL\Navbar.ascx Line: 25

Stack Trace:


[NullReferenceException: Object reference not set to an instance of an object.]
   ASP.Navbar_ascx.Page_Load() in C:\BegASPNet11\WroxUnitedSQL\Navbar.ascx:25
   System.Web.Util.ArglessEventHandlerDelegateProxy.C allback(Object sender, EventArgs e) +10
   System.Web.UI.Control.OnLoad(EventArgs e) +55
   System.Web.UI.Control.LoadRecursive() +27
   System.Web.UI.Control.LoadRecursive() +90
   System.Web.UI.Control.LoadRecursive() +90
   System.Web.UI.Page.ProcessRequestMain() +731
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET Version:1.1.4322.573
************************************************** ********

*******************Web.Config Settings*****************************
<?xml version="1.0" encoding="UTF-8" ?>

<configuration>

        <appSettings>
            <add key="connectionString" value="server=(local)\WroxUnited; database=WroxUnited; Trusted_Connection=true"/>
        </appSettings>



    <system.web>
        <customErrors mode="Off" />
        <compilation debug="true" />
        <authentication mode="Forms">
            <forms name=".WroxUnited"
                           loginUrl="admin\login.aspx"
                           protection="Validation"
                           timeout="1" />
        </authentication>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
    <location path="admin">
        <system.web>
            <authorization>
                <allow users="*" />
                <deny users="*" />
            </authorization>
        </system.web>
    </location>

</configuration>
************************************************** **************
*****************Navbar.ascx********************** **************
    Sub btnApplyTheme_Click(sender As Object, e As EventArgs)

        Session("SelectedCss") = ddlTheme.SelectedItem.Value

        If ChkRememberStylePref.Checked Then
            Dim CssCookie as new HttpCookie("PreferredCss")
            CssCookie.Value = ddlTheme.SelectedItem.Value
            CssCookie.Expires = now.AddSeconds(20)
            Response.Cookies.Add(CssCookie)
        End if

    End Sub

    Sub Page_Load()

        If (Request.IsAuthenticated = true) Then

                pnlEdit.Visible = True
                pnlLogin.Visible = False
                lblStatus.Text = "<br>You are logged in as: " & Request.Cookies("UserNameCookie").Value

                if Request.cookies("UserLevelCookie").Value = "admin" and right$(Request.ServerVariables("APPL_PHYSICAL_PATH ") ,14)="WroxUnitedSQL\" Then
                    lblStatus.Text &= "<br><br><a href='\admin\playeradmin.aspx'>Player Admin Page</a><br>"
                    lblStatus.Text &= "<br><br><a href='\admin\teamadmin.aspx'>Team Admin Page</a><br>"
                    lblStatus.Text &= "<br><br><a href='\admin\gamesadmin.aspx'>Games Admin Page</a><br>"
                Else If Request.Cookies("UserLevelCookie").Value = "admin" and right$(Request.ServerVariables("APPL_PHYSICAL_PATH ") ,6)="admin\" Then
                    lblStatus.Text &= "<br><br><a href='\admin\playeradmin.aspx'>Player Admin Page</a><br>"
                    lblStatus.Text &= "<br><br><a href='\admin\teamadmin.aspx'>Team Admin Page</a><br>"
                    lblStatus.Text &= "<br><br><a href='\admin\gamesadmin.aspx'>Games Admin Page</a><br>"
                End If
        End if


    End Sub

    Sub btn_Logout(Sender as Object, e as EventArgs)

        FormsAuthentication.Signout
        pnlLogin.visible = True
        pnlEdit.Visible = False
        If right$(Request.ServerVariables("PATH_INFO"),10)="a dmin.aspx" Then
            Response.Redirect("..\default.aspx")
        Else
            Response.Redirect("default.aspx")
        End If

    End Sub
************************************************** *****************
************************login.aspx**************** *****************
Sub LoginBtn_Click(Sender as Object, E as EventArgs)
    Dim PlayersDB as System.Data.iDataReader
    PlayersDB=Players()
    While PlayersDB.Read()

        Dim PlayerLogin as String = PlayersDB("SiteLogin")
        Dim PlayerPassword as String = PlayersDB("SitePassword")
        Dim AdminLevel as String = PlayersDB("AdminLevel")

        If (UserName.Text = PlayerLogin And UserPass.Text = PlayerPassword) Then

            Dim UserNameCookie as new HttpCookie("UserNameCookie")
            UserNameCookie.Value = UserName.Text
            Response.Cookies.Add(UserNameCookie)

            Dim UserLevelCookie as New HttpCookie("UserLevelCookie")
            UserLevelCookie.Value = AdminLevel
            Response.Cookies.Add(UserLevelCookie)

            FormsAuthentication.RedirectFromLoginPage(UserName .Text, True)
        Else
                Msg.Text = "Invalid Credentials: Please try again"
        End if
    End While

    PlayersDB.Close
End Sub

Function Players() as System.Data.IDataReader
    Dim connectionString As String = ConfigurationSettings.AppSettings("ConnectionStrin g")
    Dim dbConnection As System.Data.IDbConnection = New System.Data.SqlClient.SqlConnection(connectionStri ng)
    Dim queryString as String = "Select [Players].[SiteLogin],[Players].[SitePassword],[Players].[AdminLevel] FROM [Players]"
    Dim dbCommand As System.Data.IDbCommand = New System.Data.SqlClient.SqlCommand
    dbCommand.CommandText = queryString
    dbCommand.Connection = dbConnection
    dbConnection.Open
    Dim dataReader As System.Data.IDataReader = dbCommand.ExecuteReader(System.Data.CommandBehavio r.CloseConnection)
    Return dataReader
End Function
************************************************** ******************

A late reply but a reply nonetheless. I checked with one of the author's who responded that you haven't done anything wrong, you're just pushing the example further than intended. People are meant to logout using that button. If you close the browser with the X in the top right hand corner, you do break the example. Although we could have added some extra validation code to stop people shutting down the browser, it would add an extra layer of complexity.

I know this doesn't answer your question of how, but at least it's a perspective on why not.

Jim Minatel
Senior Acquisitions Editor
Wiley Technology Publishing
WROX Press
Jim's Book of the week: Beginning XML 3rd Edition