T
Tumurbaatar S.
My app Web.config contains:
<authentication mode="Forms">
<forms name="myauth" loginUrl="default.aspx" protection="All"
timeout="1" />
</authentication>
And default.aspx shows login/password form, checks posted values
and if login is allowed, stores these values in Session:
private void Page_Load(object sender, System.EventArgs e)
{
FormsAuthentication.SignOut();
if (IsPostBack)
{
....// code to validate login/password
FormsAuthentication.SetAuthCookie(LoginTxt.Text, false);
Session["UID"] = LoginTxt.Text;
Session["PSW"] = PassTxt.Text;
Response.Redirect("admin.aspx", true);
}
catch (Exception err)
{
ErrorLbl.Text = err.Message;
}
}
}
This works well when a client starts at the default page. But when
a not logged client loads other pages directly, IIS does not redirect
automatically to loginUrl and executes the selected page. And, of course,
referencing there Session collection for unknown items (UID/PSW), raises
exception.
What am I doing wrong?
<authentication mode="Forms">
<forms name="myauth" loginUrl="default.aspx" protection="All"
timeout="1" />
</authentication>
And default.aspx shows login/password form, checks posted values
and if login is allowed, stores these values in Session:
private void Page_Load(object sender, System.EventArgs e)
{
FormsAuthentication.SignOut();
if (IsPostBack)
{
....// code to validate login/password
FormsAuthentication.SetAuthCookie(LoginTxt.Text, false);
Session["UID"] = LoginTxt.Text;
Session["PSW"] = PassTxt.Text;
Response.Redirect("admin.aspx", true);
}
catch (Exception err)
{
ErrorLbl.Text = err.Message;
}
}
}
This works well when a client starts at the default page. But when
a not logged client loads other pages directly, IIS does not redirect
automatically to loginUrl and executes the selected page. And, of course,
referencing there Session collection for unknown items (UID/PSW), raises
exception.
What am I doing wrong?