ASP.NET web.config MSDN Example

[Guest]

Hi there,

My asp.net site is located in http://localhost/websecurity/

In my LoginPage.aspx page code behind has these code ....

-----------------------------------------------------------------
Imports System.Data.SqlClient
Imports System.Web.Security
Imports System.Text
Imports System

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here

End Sub


Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles Button1.Click
If CustomAuthenticate(UserName.Text, Password.Text) Then
Dim url As String = FormsAuthentication.GetRedirectUrl(UserName.Text,
Persistent.Checked)

FormsAuthentication.SetAuthCookie(UserName.Text, Persistent.Checked)

If Persistent.Checked Then
Dim cookie As HttpCookie =
Response.Cookies(FormsAuthentication.FormsCookieName)
Dim myTimeStr As String = DateTime.Now
cookie.Expires = myTimeStr

Response.Redirect(url)
Else
Output.Text = "Invalid login"
End If
End If

End Sub


Function CustomAuthenticate(ByVal username As String, ByVal password As
String) As Boolean
Dim connection As New
SqlConnection("server=localhost;database=weblogin;uid=sa;pwd=")

Try
connection.Open()

Dim builder As New StringBuilder
builder.Append("select count (*) from users " + "where username = '")
builder.Append(username)
builder.Append("' and cast (rtrim (password) as " + "varbinary) = cast ('")
builder.Append(password)
builder.Append("' as varbinary)")

Dim command As New SqlCommand(builder.ToString(), connection)

Dim count As Integer = Fix(command.ExecuteScalar())
Return count > 0
Catch
Return False
Finally
connection.Close()
End Try

End Function 'CustomAuthenticate
-----------------------------------------------------------------



My default web.config has this value only

<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="LoginPage.aspx" />
</authentication>
</system.web>
</configuration>

-----------------------------------------------------------------


I also have folder name Secret and contains protectedPage.aspx and has this
code only


Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
Response.Write(Context.User.Identity.Name + ": ")
End Sub

-----------------------------------------------------------------

Also I have web.config under Secret folder and its code is:

<configuration>
<system.web>
<authorization>
<allow roles="Manager" />
<deny users="*" />
</authorization>
</system.web>
</configuration>

-----------------------------------------------------------------


I set the SQL SERVER and I created a table with
UserName
Password and Role columns.

One of the user name is John and his password is redrover and his role is
Manager.

But when I enter the information in LoginPage.aspx nothing happends. When I
try to debug I get and error:

"Error while trying to run project, Unable to start debuging on the server.
This project is not configured to be debugged."


The idea came from
http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/default.aspx

and it was writen in C Sharp using C Sharp script. I translate into vb
code-behind page and it seems cannot work.

Can anyone have any idea what should I do?

Thank you.

Rgds,
GC

 

[Guest]

Hi there,

I sort out the above problem that I mention my first post but now I am
having SQL SERVER connection problem.


Original article had this connection string:
'Dim connection As New
SqlConnection("server=localhost;database=weblogin;uid=sa;pwd=")

And it faild and when I try to change to:
Dim connection As New SqlConnection("Persist Security Info=False;Integrated
Security=SSPI;server=localhost;database=weblogin;uid=sa;pwd=")


I get an error as:
Message "Cannot open database requested in login 'weblogin'. Login fails.
Login failed for user 'NTMS-2005\ASPNET'."

Any idea???

Thank you.

Rgds,
GC

 

[Grant Merwitz]

It would appear the SA account doesn't have access to the weblogin database.

Try connect through Query Analyser to weblogin, and see if that account
actually has access

 

[Scott Allen]

And it faild and when I try to change to:
Dim connection As New SqlConnection("Persist Security Info=False;Integrated
Security=SSPI;server=localhost;database=weblogin;uid=sa;pwd=")

You can't combine integrated security with a SQL login in the
connection string - they are two different authentication mechanisms.

My guess is the provider uses SSPI instead of the uid, and your
ASP.NET process identity does not have permissions in the database.
The identity is typically the NETWORK SERVICE account, but check your
configuration.

 

[Scott Allen]

It would appear the SA account doesn't have access to the weblogin database.

Members of the sysadmin server role, like sa, have full access to
anything inside SQL Server - that's why Niyazi should give sa a
non-blank password

 

[Guest]

Hi,

Thank you for info. I set the ASPNET account and now evrythings worked
perfect. I am very new to ASP.NET and when I followed the article it seems
everything coming into place.

But article was if user try to access protected page(s). When user Role is
"Manager" then they can acces to the page.

But when I try to set the LoginPage.aspx as Start Up page it didn't goto
Secret/protectedPage.aspx.

I want to set the LoginPage as startup page and if the user roles is "User"
then I will have to redirect them into ".../user/umain.aspx" and if the user
role is "Manager" than I have to redirect them into ".../manager/mmain.aspx"

Does anyone have any idea how to achive this?

Thank you.

Rgds
GC

 

[Guest]

Hi,

Okay everythings works as I wanted. My major problem is when User Role or
Manager Role client try to sign in they have to enter their password twice
than they will goto the page that they wish to view.

Why they have to type their password twice?
Where I am making mistake?

Any halep greatly appriciated.

Rgds,
GC