I cannot display a message together with this example. Can someone please give me a code example? Thank You!

I don't have the book, so I don't know what you're talking about.

What exactly are you trying to accomplish? Do you have some code you're working with? If so, can you post it?

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: Army of me by Bjork & graham massey What's This?

I'm trying to display an errormessage for the user [email protected] who is denied access in the web.config file.
Here's the code in the web.config file:

<?xml version="1.0" encoding="iso-8859-1"?>
<configuration>
    <system.web>
        <authentication mode="Forms">
            <forms name=".WroxUnited" loginUrl="Exercises\zipcodelogin.aspx" protection="Validation" timeout="999999" />
        </authentication>
        <authorization>
            <allow users="?" />
        </authorization>
    </system.web>
    <location path="Exercises">
        <system.web>
            <authorization>
                <deny users="[email protected]" />
                <deny users="?" />
            </authorization>
        </system.web>
    </location>
</configuration>

And here's the code in the Exercises/zipcodelogin.aspx file:

<%@ Page Language="VB" ContentType="text/html" debug="true" %>
<script runat="server">

    Sub Click_Validate(Sender As Object, E As EventArgs)

        Dim Zipcode As String = "123"

        Dim connectionString As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Inetpub\wwwroot\Boken\DB\WroxDBAuth.mdb"
        Dim dbConnection As New System.Data.OleDb.OleDbConnection(connectionString )

        Dim queryString As String = "SELECT * FROM Tbl_MA_Users " & _
                                    "WHERE Email = @Username " & _
                                    "AND Pwd = @Password"
        Dim dbCommand As New System.Data.Oledb.OleDbCommand(queryString, dbConnection)
        dbCommand.Parameters.Add("@Username", System.Data.DbType.String).Value = txtUserName.Text
        dbCommand.Parameters.Add("@Password", System.Data.DbType.String).Value = txtPassword.Text

        dbConnection.Open
        Dim dataReader As System.Data.OleDb.OleDbDataReader = dbCommand.ExecuteReader(System.Data.CommandBehavio r.CloseConnection)

        If dataReader.Read() And txtZipCode.Text = Zipcode Then
            FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, True)
'************************************************* ************************************************** *******************************
' If the user is denied in the web.config file I'd like to create a error message here like lblMsg.Text = "You're denied access"
'************************************************* ************************************************** *******************************
        Else
            lblMsg.Text = "Invalid Credentials: Please try again<br />"
        End If

        dataReader.Close()

    End Sub

</script>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
    <form runat="server">
        Username: <asp:TextBox id="txtUserName" runat="server" />
        <br />
        Password: <asp:TextBox id="txtPassword" textmode="Password" runat="server" />
        <br />
        Zip code: <asp:TextBox id="txtZipCode" runat="server" />
        <br />
        <asp:Label id="lblMsg" runat="server" />
        <asp:Button id="btn" onclick="Click_Validate" runat="server" text="go" />
    </form>
</body>
</html>

This won't work.

Since the user is denied access to that particular page, the ASP.NET Framework will never let the user access / view it, so you can't display the error message for that user on that page.

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: My Sweet Prince by Placebo (Track 9 from the album: Without You I'm Nothing) What's This?

The book says "you could put the login process within an exception and if it returns to the login page you could handle the exception and display an error". So it should be possible, but I cannot find out how.

Yes, you can do that, but you'll need to put the Login page *outside* the folder you're protecting.

Since the /Exercises cannot be reached without logging in, the user never gets a chance to login.

However, when you move the Login page in an unprotected location, like the root, then when a user tries to access /Exercises, they'll be redirected to the Login page. Then they get redirected to Exercises again. If they are still not allowed to access it, they'll be redirected to the Login again.

Can you explain in more detail what you're trying to accomplish? Where exactly, and how do you want to display this message??

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: Leech by Incubus (Track 14 from the album: A Crow Left Of The Murder...) What's This?

Where is WroxDBAuth.mdb database?

Ashutosh Sharma
MIT Park
Aurangabad