I wanted to add authorization before accessing all web pages. So I have used the following configuration in web.config
<authentication mode="Forms">
<forms loginUrl="~/Login/Login.aspx" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
After this for every page Login.aspx asked, But after logged in successfully Redirection is not working with below code.
//http://localhost:55217/Login/Login.aspx?ReturnUrl=%2fHome%2fdeleteUser.aspx
if (returnMsg == "Success") {
string query0 = Request.QueryString[0];
finalStr = "~" + query0;
Response.Redirect(finalStr, false);
//Session["Login"] = username;
//Response.Redirect("~/Home/Home.aspx");
//Response.Redirect("/Home/HomeTest.aspx");
} else {
StatusLabel.Attributes["style"] = "color:red; font-weight:bold;";
StatusLabel.Text = "Error: Username or Password Wrong";
}
It is staying on the Login page again asking for credentials. But not showing error "Error: Username or Password Wrong"
Any ideas why it is not working?
If you are using Forms authentication you need to create an authentication cookie if authentication is successful. Otherwise the ASP.NET subsystem will not know that the authentication was successful.
See this article: https://support.microsoft.com/en-us/kb/301240
Here is the relevant text from this article:
4.You can use one of two methods to generate the forms authentication cookie and redirect the user to an appropriate page in the cmdLogin_ServerClick event. Sample code is provided for both scenarios. Use either of them according to your requirement.
•Call the RedirectFromLoginPage method to automatically generate the forms authentication cookie and redirect the user to an appropriate page in the cmdLogin_ServerClick event:
private void cmdLogin_ServerClick(object sender, System.EventArgs e)
{
if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
FormsAuthentication.RedirectFromLoginPage(txtUserName.Value,
chkPersistCookie.Checked);
else
Response.Redirect("logon.aspx", true);
}
•Generate the authentication ticket, encrypt it, create a cookie, add it to the response, and redirect the user. This gives you more control in how you create the cookie. You can also include custom data along with the FormsAuthenticationTicket in this case.
private void cmdLogin_ServerClick(object sender, System.EventArgs e)
{
if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
{
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;
tkt = new FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now,
DateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data");
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
if (chkPersistCookie.Checked)
ck.Expires=tkt.Expiration;
ck.Path = FormsAuthentication.FormsCookiePath;
Response.Cookies.Add(ck);
string strRedirect;
strRedirect = Request["ReturnUrl"];
if (strRedirect==null)
strRedirect = "default.aspx";
Response.Redirect(strRedirect, true);
}
else
Response.Redirect("logon.aspx", true);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.