log in with FormsAuthentication.Authenticate

StackOverflow https://stackoverflow.com/questions/20724873

  •  20-09-2022
  •  | 
  •  

Question

I am trying to create an authentication cookie that a user can log in with on my website.

I have a login form like this:

<asp:TextBox ID="txtUsername" runat="server" MaxLength="10" Text="Sam001" ></asp:TextBox>
<asp:TextBox ID="txtPassword" runat="server" MaxLength="10" Text="Pass01" ></asp:TextBox>

<asp:Label ID="status" runat="server" ></asp:Label>

<asp:Button CssClass="button" ID="Submit" runat="server" Text="Logga in" OnClick="Login_Click" />

And then that button does this in code behind:

protected void Login_Click(object sender, EventArgs e)
{
    DbReader listData = new DbReader();
    Employee tempEmp = null;

    if ((tempEmp = listData.GetUser(txtUsername.Text, txtPassword.Text)) != null) // check if username and pw was correct
    {
        FormsAuthentication.SetAuthCookie(tempEmp.EID, false); // create auth cookie

        Debug.WriteLine("auth cookie set for: " + tempEmp.EID);

        if (FormsAuthentication.Authenticate(tempEmp.EID, txtPassword.Text)) // check if name and pass is valid
        {
            Debug.WriteLine("auth validation ok");

            FormsAuthentication.RedirectFromLoginPage(tempEmp.EID, false); // redirect


            status.Text = User.Identity.Name; // set status to the Name property of the auth cookie
        }
        else
        {
            status.Text = "failed to Authenticate";
        }
    }
    else
    {
        status.Text = "failed to get user";
    }
}

and in Web.config it looks like this:

<authentication mode="Forms">
  <forms name="LoggedInUser" loginUrl="~/Login.aspx" protection="All" timeout="10" path="/" />
</authentication>

How come I always get "failed to Authenticate"? What am I doing wrong when I want to create a authentication cookie that logged in users need to access certain pages?

Was it helpful?

Solution

The Authenticate method works against a list of users and passwords stored in web.config.

So to use this, your web.config needs to look something like:

<authentication mode="Forms">
  <forms name="LoggedInUser" loginUrl="~/Login.aspx" protection="All" timeout="10" path="/" />
    <credentials passwordFormat="SHA1">
      <user name="user1" password="27CE4CA7FBF00685AF2F617E3F5BBCAFF7B7403C" />
      <user name="user2" password="D108F80936F78DFDD333141EBC985B0233A30C7A" />
      <user name="user3" password="7BDB09781A3F23885CD43177C0508B375CB1B7E9"/>
    </credentials>
  </forms>
</authentication>

This example was obtained from the Microsoft page describing the authenticate method.

Also, it is important to note that Microsoft has declared this method obsolete and suggests using one of the Membership providers instead.

OTHER TIPS

Pardon me if I'm wrong but

This may have something to do with rolls.

I had similar issues with my project but I discovered that; for each user, you want to assign a roll in the user table.

In web.config, you'll want to add something similar to the following..

        <authorization>
            <!-- Order and case are important below -->
            <allow roles="User"/>
            <deny users="*"/>
        </authorization>

I used this guide to help get me started...

Roll based Authentication

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top