Forms Login/Logout

[Brian Henry]

We have our windows forms login set up and working good, well it works at
least, just now we need a logout button, so when you click on it, the user
will be logged out of the authentication, how would we do this? this is how
we are doing the login form

==[web config changes]=====
<authentication mode="Forms">

<forms loginUrl="/WebClient/SecurePages/logon.aspx" name="RSMNEmail"
timeout="20" path="/"></forms>

</authentication>

<!-- AUTHORIZATION

This section sets the authorization policies of the application. You can
allow or deny access

to application resources by user or role. Wildcards: "*" mean everyone, "?"
means anonymous

(unauthenticated) users.

-->

<authorization>

<deny users="?" />

<allow users="*" />


<!-- Allow all users -->

<!-- <allow users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

<deny users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

-->

</authorization>





=[ login form script]=======

Imports System.Web.Security

Imports System.Security

Public Class Logon

Inherits System.Web.UI.Page

#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.

<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

End Sub

Protected WithEvents txtUserName As System.Web.UI.WebControls.TextBox

Protected WithEvents txtPassword As System.Web.UI.WebControls.TextBox

Protected WithEvents lblInvalid As System.Web.UI.WebControls.Label

Protected WithEvents btnLogin As System.Web.UI.WebControls.Button

Protected WithEvents hlnkApplyUser As System.Web.UI.WebControls.HyperLink

'NOTE: The following placeholder declaration is required by the Web Form
Designer.

'Do not delete or move it.

Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init

'CODEGEN: This method call is required by the Web Form Designer

'Do not modify it using the code editor.

InitializeComponent()

End Sub

#End Region


Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogin.Click

If txtUserName.Text <> "" And txtPassword.Text <> "" Then

If database.msgConnection.State = ConnectionState.Closed Then

database.msgConnection.Open()

End If

Dim cmdCheckUser As New SqlClient.SqlCommand("RSMN_CheckPassword",
database.msgConnection)

cmdCheckUser.CommandType = CommandType.StoredProcedure

cmdCheckUser.Parameters.Add("@userName", SqlDbType.VarChar).Value =
txtUserName.Text

cmdCheckUser.Parameters.Add("@Password", SqlDbType.VarChar).Value =
txtPassword.Text

' check login credentials against SQL Users's database for messaging system

If DirectCast(cmdCheckUser.ExecuteScalar, Boolean) = True Then

Dim loginAuthCookie As FormsAuthenticationTicket = New
FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(20), False, "WebUser")

Dim encryptedTicket As String = FormsAuthentication.Encrypt(loginAuthCookie)

Dim authCookie As HttpCookie = New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)

Response.Cookies.Add(authCookie)

Response.Redirect("Inbox.aspx", True)

Else

lblInvalid.Visible = True

End If

If database.msgConnection.State = ConnectionState.Open Then

database.msgConnection.Close()

End If

Else

lblInvalid.Visible = True

End If

End Sub

End Class





now on the main page after they logon there is a button that says logoff,
when they click on it we want them loged out of the system and redirected to
the logon page, how to do this? thanks

 

[Stefano Mostarda]

Hi Brian,

FormsAuthentication.SignOut() is what you need.
It deletes the authentication cookie.

HTH,
Stefano Mostarda MCP
Rome Italy;

We have our windows forms login set up and working good, well it works at
least, just now we need a logout button, so when you click on it, the user
will be logged out of the authentication, how would we do this? this is how
we are doing the login form

==[web config changes]=====
<authentication mode="Forms">

<forms loginUrl="/WebClient/SecurePages/logon.aspx" name="RSMNEmail"
timeout="20" path="/"></forms>

</authentication>

<!-- AUTHORIZATION

This section sets the authorization policies of the application. You can
allow or deny access

to application resources by user or role. Wildcards: "*" mean everyone, "?"
means anonymous

(unauthenticated) users.

-->

<authorization>

<deny users="?" />

<allow users="*" />


<!-- Allow all users -->

<!-- <allow users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

<deny users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

-->

</authorization>





=[ login form script]=======

Imports System.Web.Security

Imports System.Security

Public Class Logon

Inherits System.Web.UI.Page

#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.

<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

End Sub

Protected WithEvents txtUserName As System.Web.UI.WebControls.TextBox

Protected WithEvents txtPassword As System.Web.UI.WebControls.TextBox

Protected WithEvents lblInvalid As System.Web.UI.WebControls.Label

Protected WithEvents btnLogin As System.Web.UI.WebControls.Button

Protected WithEvents hlnkApplyUser As System.Web.UI.WebControls.HyperLink

'NOTE: The following placeholder declaration is required by the Web Form
Designer.

'Do not delete or move it.

Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init

'CODEGEN: This method call is required by the Web Form Designer

'Do not modify it using the code editor.

InitializeComponent()

End Sub

#End Region


Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogin.Click

If txtUserName.Text <> "" And txtPassword.Text <> "" Then

If database.msgConnection.State = ConnectionState.Closed Then

database.msgConnection.Open()

End If

Dim cmdCheckUser As New SqlClient.SqlCommand("RSMN_CheckPassword",
database.msgConnection)

cmdCheckUser.CommandType = CommandType.StoredProcedure

cmdCheckUser.Parameters.Add("@userName", SqlDbType.VarChar).Value =
txtUserName.Text

cmdCheckUser.Parameters.Add("@Password", SqlDbType.VarChar).Value =
txtPassword.Text

' check login credentials against SQL Users's database for messaging system

If DirectCast(cmdCheckUser.ExecuteScalar, Boolean) = True Then

Dim loginAuthCookie As FormsAuthenticationTicket = New
FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(20), False, "WebUser")

Dim encryptedTicket As String = FormsAuthentication.Encrypt(loginAuthCookie)

Dim authCookie As HttpCookie = New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)

Response.Cookies.Add(authCookie)

Response.Redirect("Inbox.aspx", True)

Else

lblInvalid.Visible = True

End If

If database.msgConnection.State = ConnectionState.Open Then

database.msgConnection.Close()

End If

Else

lblInvalid.Visible = True

End If

End Sub

End Class





now on the main page after they logon there is a button that says logoff,
when they click on it we want them loged out of the system and redirected to
the logon page, how to do this? thanks

 

[Brian Henry]

thanks!

Hi Brian,

FormsAuthentication.SignOut() is what you need.
It deletes the authentication cookie.

HTH,
Stefano Mostarda MCP
Rome Italy;

We have our windows forms login set up and working good, well it works at
least, just now we need a logout button, so when you click on it, the user
will be logged out of the authentication, how would we do this? this is how
we are doing the login form

==[web config changes]=====
<authentication mode="Forms">

<forms loginUrl="/WebClient/SecurePages/logon.aspx" name="RSMNEmail"
timeout="20" path="/"></forms>

</authentication>

<!-- AUTHORIZATION

This section sets the authorization policies of the application. You can
allow or deny access

to application resources by user or role. Wildcards: "*" mean everyone, "?"
means anonymous

(unauthenticated) users.

-->

<authorization>

<deny users="?" />

<allow users="*" />


<!-- Allow all users -->

<!-- <allow users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

<deny users="[comma separated list of users]"

roles="[comma separated list of roles]"/>

-->

</authorization>





=[ login form script]=======

Imports System.Web.Security

Imports System.Security

Public Class Logon

Inherits System.Web.UI.Page

#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.

<System.Diagnostics.DebuggerStepThrough()> Private Sub InitializeComponent()

End Sub

Protected WithEvents txtUserName As System.Web.UI.WebControls.TextBox

Protected WithEvents txtPassword As System.Web.UI.WebControls.TextBox

Protected WithEvents lblInvalid As System.Web.UI.WebControls.Label

Protected WithEvents btnLogin As System.Web.UI.WebControls.Button

Protected WithEvents hlnkApplyUser As System.Web.UI.WebControls.HyperLink

'NOTE: The following placeholder declaration is required by the Web Form
Designer.

'Do not delete or move it.

Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init

'CODEGEN: This method call is required by the Web Form Designer

'Do not modify it using the code editor.

InitializeComponent()

End Sub

#End Region


Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogin.Click

If txtUserName.Text <> "" And txtPassword.Text <> "" Then

If database.msgConnection.State = ConnectionState.Closed Then

database.msgConnection.Open()

End If

Dim cmdCheckUser As New SqlClient.SqlCommand("RSMN_CheckPassword",
database.msgConnection)

cmdCheckUser.CommandType = CommandType.StoredProcedure

cmdCheckUser.Parameters.Add("@userName", SqlDbType.VarChar).Value =
txtUserName.Text

cmdCheckUser.Parameters.Add("@Password", SqlDbType.VarChar).Value =
txtPassword.Text

' check login credentials against SQL Users's database for messaging system

If DirectCast(cmdCheckUser.ExecuteScalar, Boolean) = True Then

Dim loginAuthCookie As FormsAuthenticationTicket = New
FormsAuthenticationTicket(1, txtUserName.Text, DateTime.Now,
DateTime.Now.AddMinutes(20), False, "WebUser")

Dim encryptedTicket As String = FormsAuthentication.Encrypt(loginAuthCookie)

Dim authCookie As HttpCookie = New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)

Response.Cookies.Add(authCookie)

Response.Redirect("Inbox.aspx", True)

Else

lblInvalid.Visible = True

End If

If database.msgConnection.State = ConnectionState.Open Then

database.msgConnection.Close()

End If

Else

lblInvalid.Visible = True

End If

End Sub

End Class





now on the main page after they logon there is a button that says logoff,
when they click on it we want them loged out of the system and redirected to
the logon page, how to do this? thanks

 

[swati254]

proper signout

in my application there is a section which open in a new window called blog.
problem is that --in this new window section there is a admin part which is opend after logon.the problem is that if i close the new window without logout.next time when i open blog from main application it open already in login mode. what i do?
my code to logout is:

private void Page_Load(object sender, System.EventArgs e)
{
if(!Page.IsPostBack)
{
fill();
fill_dg_editcomment();
}
Response.Cache.SetNoStore();
if(Session["uid"]==null)
{
Response.Redirect("../login.aspx");
}
else
{
lbluid.Text="Welcome! "+Session["uid"].ToString();
}
//User.Identity.Name;// Put user code to initialize the page here
}


private void lbtnsignout_Click(object sender, System.EventArgs e)
{
Session.Abandon();
Response.Cookies.Clear();
FormsAuthentication.SignOut();
Response.Redirect("../showblogs.aspx");
}