A
Andres Denkberg
I have the following login code:
private void Login()
{
string strRole;
string sVirtualDir = ConfigurationSettings.AppSettings["WebSite"];
// Initialize FormsAuthentication, for what it's worth
FormsAuthentication.Initialize();
UserAdmin oUser = new UserAdmin( UserName.Text, Password.Text );
strRole = oUser.Role;
if( strRole == "Normal" )
{
Response.Redirect( sVirtualDir + "/MF/users/Default.asp" );
}
else if( strRole == "Conference" || strRole == "Administrator" )
{
ApplicationLog.WriteInfo( "Loggin - " + UserName.Text + "/" + strRole );
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
UserName.Text, // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMinutes(20), // Date/time to expire
true, // "true" for a persistent user cookie
strRole, // User-data, in this case the roles
FormsAuthentication.FormsCookiePath ); // Path cookie valid for
// Hash the cookie for transport
string hash = FormsAuthentication.Encrypt( ticket );
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
if( ticket.IsPersistent )
cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add( cookie );
// Add Customer ID to the session
HttpContext.Current.Session.Add( "CustomerID", oUser.CustomerAttached );
// Redirect to requested URL, or homepage if no previous page requested
string returnUrl = Request.QueryString["ReturnUrl"];
if( returnUrl == null )
{
if( strRole == "Administrator" )
returnUrl = sVirtualDir + "/Admin/Default.aspx";
else
{
returnUrl = sVirtualDir + "/Conference/MsgManagement/ViewMessages.aspx";
}
}
ApplicationLog.WriteInfo( "returnUrl = " + returnUrl );
if( Request.Path.ToLower().LastIndexOf( "comtec" ) != -1 )
HttpContext.Current.Session["Comtec"] = true;
else
HttpContext.Current.Session["Comtec"] = null;
// Don't call FormsAuthentication.RedirectFromLoginPage since it could
// replace the authentication ticket (cookie) we just added
Response.Redirect( returnUrl );
}
else
{
// Never tell the user if just the username is password is incorrect.
// That just gives them a place to start, once they've found one or
// the other is correct!
ErrorLabel.Text = "Username / password incorrect. Please try again.";
ErrorLabel.Visible = true;
}
}
It works well but in some cases the cookie its not created in the client machine and the user is redirected back to the login page, it happens always in the same client machines. The browsers used by the client machines accept cookies, so the problem it's not with the cookie authorization. I don't know what is the problem I have check everything that could cause this problem.
I appreciate any help
private void Login()
{
string strRole;
string sVirtualDir = ConfigurationSettings.AppSettings["WebSite"];
// Initialize FormsAuthentication, for what it's worth
FormsAuthentication.Initialize();
UserAdmin oUser = new UserAdmin( UserName.Text, Password.Text );
strRole = oUser.Role;
if( strRole == "Normal" )
{
Response.Redirect( sVirtualDir + "/MF/users/Default.asp" );
}
else if( strRole == "Conference" || strRole == "Administrator" )
{
ApplicationLog.WriteInfo( "Loggin - " + UserName.Text + "/" + strRole );
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
UserName.Text, // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMinutes(20), // Date/time to expire
true, // "true" for a persistent user cookie
strRole, // User-data, in this case the roles
FormsAuthentication.FormsCookiePath ); // Path cookie valid for
// Hash the cookie for transport
string hash = FormsAuthentication.Encrypt( ticket );
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
if( ticket.IsPersistent )
cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
Response.Cookies.Add( cookie );
// Add Customer ID to the session
HttpContext.Current.Session.Add( "CustomerID", oUser.CustomerAttached );
// Redirect to requested URL, or homepage if no previous page requested
string returnUrl = Request.QueryString["ReturnUrl"];
if( returnUrl == null )
{
if( strRole == "Administrator" )
returnUrl = sVirtualDir + "/Admin/Default.aspx";
else
{
returnUrl = sVirtualDir + "/Conference/MsgManagement/ViewMessages.aspx";
}
}
ApplicationLog.WriteInfo( "returnUrl = " + returnUrl );
if( Request.Path.ToLower().LastIndexOf( "comtec" ) != -1 )
HttpContext.Current.Session["Comtec"] = true;
else
HttpContext.Current.Session["Comtec"] = null;
// Don't call FormsAuthentication.RedirectFromLoginPage since it could
// replace the authentication ticket (cookie) we just added
Response.Redirect( returnUrl );
}
else
{
// Never tell the user if just the username is password is incorrect.
// That just gives them a place to start, once they've found one or
// the other is correct!
ErrorLabel.Text = "Username / password incorrect. Please try again.";
ErrorLabel.Visible = true;
}
}
It works well but in some cases the cookie its not created in the client machine and the user is redirected back to the login page, it happens always in the same client machines. The browsers used by the client machines accept cookies, so the problem it's not with the cookie authorization. I don't know what is the problem I have check everything that could cause this problem.
I appreciate any help