使用表单身份验证类进行身份验证

Question

I am developing an user authentication site. I have a login page, "Login.aspx" in which i have provided a login control. In the web.config,

<authentication mode="Forms">
        <forms name=".AuthenticationCookie" loginUrl="Login.aspx"  protection="All" timeout="60" path="/">
            <credentials passwordFormat="Clear">
                <user name="Jack" password="Jerry"/>
            </credentials>
        </forms>
    </authentication>
    <authorization>
        <deny users="*"/>
    </authorization>

In the login.aspx.cs page, I have provided,

 protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        if (FormsAuthentication.Authenticate(Login1.UserName,Login1.Password))
        {
             FormsAuthentication.SetAuthCookie(Login1.UserName,true);
            Label1.Text = "Login Successful";
            Login1.InstructionText = "";
            FormsAuthentication.RedirectFromLoginPage(Login1.UserName, true);
            Response.Redirect("Success.aspx")

        }
        else
        {
            Label1.Text = "You are not an authentic user";
        }


    }
}

but however, while execution instead of going to success.aspx with the url http://localhost/Login.aspx?ReturnUrl=%2fSuccess.aspx

Why is this so?

Answer 1

If you want to set the forms auth cookie yourself and redirect correctly based on the ReturnUrl query string parameter, you should look at the FormsAuthentication.RedirectFromLoginPage method. In your example, it would be:

FormsAuthentication.RedirectFromLoginPage(Login1.UserName, true);

That method sets the appropriate Forms auth cookie / ticket and then redirects based on the presence or absence of the ReturnUrl parameter. (If absent, it goes to the configured default page.)

Hope this helps,

Donnie