Forms Authentication problem with IsAuthenticated

[Bob Hansen]

Hello All,

I am trying to set up forms authentication for an ASP.NET web site. I
programmed quite a bit of stuff with custom IPrincipal and IIdentity objects
and everything only to find out that none of it worked. After fiddling
around with things I decided to try a really basic example. A set some
values in the web.config as follows...

<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>

I then created a simple login.aspx page and a default.aspx page with no
implementation. The only thing I wanted to do was see if accessing the
default.aspx page would bring up the login.aspx page as expected. Didnt
work. Not only that, but on further inspection of the
Context.User.Identity.IsAuthenticated property revealed that I am always
authenticated. I cannot unauthenticate myself. Further, the
Context.User.Identity.Name comes up as my login name for windows complete
with network domain!

Is there a configuration option I am missing somewhere? Is there something
in IIS that needs to be set? Please help!!!

Cheers,

Bob Hansen
JASCorp, L.L.C.
www.jasrx.com
www.jascorp.com

 

[.NET Follower]

hv u set the cookie in the login code
just ad the
if (HttpContext.Current.User != null)

{

if (Request.IsAuthenticated)

{

FormsAuthenticationTicket authTicket=null;

string strCookieName=FormsAuthentication.FormsCookieName;

HttpCookie authCookie=Context.Request.Cookies[strCookieName];


if (authCookie==null)

{

return;

}

else

{

authTicket=FormsAuthentication.Decrypt(authCookie.Value);

string[] strarrUserGroups=authTicket.UserData.Split(new char[]{'|'});


FormsIdentity Id=new FormsIdentity(authTicket);

GenericPrincipal principal=new GenericPrincipal(Id,strarrUserGroups);

}

}

}

and set cookie in login code with

methods of sormsauth class

and it will definatley work...

mine is working

 

[Madan Nayak]

Hi...

Let me explain you some more details...

Actually authentication and CustomPrincipal are little different topics...

In the authentication process you validate the credentials of a user gaiants
any authority.... Only when the user is authenticated, you can use this
authentication information for further to maintain the context the current
user....to achieve the role based security...

For that you have to ceate the custom principal by implementting IPrincipal
Interface. It takes identity and roles to creat the custom principal... and
the setting the custom principal in global.asax.cs / vb page...in an event
called application_authentication beginrequest...

Thanks

hv u set the cookie in the login code
just ad the
if (HttpContext.Current.User != null)

{

if (Request.IsAuthenticated)

{

FormsAuthenticationTicket authTicket=null;

string strCookieName=FormsAuthentication.FormsCookieName;

HttpCookie authCookie=Context.Request.Cookies[strCookieName];


if (authCookie==null)

{

return;

}

else

{

authTicket=FormsAuthentication.Decrypt(authCookie.Value);

string[] strarrUserGroups=authTicket.UserData.Split(new char[]{'|'});


FormsIdentity Id=new FormsIdentity(authTicket);

GenericPrincipal principal=new GenericPrincipal(Id,strarrUserGroups);

}

}

}

and set cookie in login code with

methods of sormsauth class

and it will definatley work...

mine is working




--
Thanks and Regards,

Amit Agarwal
Software Programmer(.NET)

Hello All,

I am trying to set up forms authentication for an ASP.NET web site. I
programmed quite a bit of stuff with custom IPrincipal and IIdentity objects
and everything only to find out that none of it worked. After fiddling
around with things I decided to try a really basic example. A set some
values in the web.config as follows...

<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Login.aspx" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>

I then created a simple login.aspx page and a default.aspx page with no
implementation. The only thing I wanted to do was see if accessing the
default.aspx page would bring up the login.aspx page as expected. Didnt
work. Not only that, but on further inspection of the
Context.User.Identity.IsAuthenticated property revealed that I am always
authenticated. I cannot unauthenticate myself. Further, the
Context.User.Identity.Name comes up as my login name for windows complete
with network domain!

Is there a configuration option I am missing somewhere? Is there something
in IIS that needs to be set? Please help!!!

Cheers,

Bob Hansen
JASCorp, L.L.C.
www.jasrx.com
www.jascorp.com