User based authorisation not working....

Question

1.00/5 (1 vote)

See more:

Dear All

I am trying to give a user based authorisation to certain urls.
I have configured the web.config at the root as below

<authentication mode="Forms">
      <forms
          name="MyAuth"
          loginUrl="ABC/Login.aspx"
          protection="All"
          path="/"
        />
    </authentication>

another web.config at the ABC Directory as below

<?xml version="1.0"?>
<configuration>
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
</configuration>

every thing is working fine except the login
when I access the directory ABC login page is displayed even after giving correct username and password the page is redirected to login page itself.

I am new to C# and ASP.net

Please help me
my Code at aspx.cs is as below

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
        {
           
            string selectString = "SELECT * FROM users " + "WHERE Username = '" + Login1.UserName + "' AND Password = '" + Login1.Password + "'";

            MySqlCommand mySqlCommand = new MySqlCommand(selectString,con);
            con.Open();
            String strResult = String.Empty;
            strResult = mySqlCommand.ExecuteScalar().ToString();
            con.Close();

            if (strResult.Length > 0)
            {
                e.Authenticated = true;
                Response.Redirect("up.aspx");
            }

            else
            {
                MsgBox("Wrong username or password!.", this.Page, this);
                return;
            }
        }

Please help me
Thank You
Santosh Sharma

Posted 13-Jul-15 18:19pm

sansharam

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sreekanth Mothukuru · Answer 1 · 2015-07-13T20:24:00

I think you need to create a forms authentication ticket object, encrypt and store the same in cookie before redirecting to authenticated pages.

C#

FormsAuthentication.SignOut();
Session.RemoveAll();

// Create forms authentication ticket
var ticket = new FormsAuthenticationTicket(
1, // Ticket version
txtMemUserName.Text.Trim(),// Username to be associated with this ticket
DateTime.Now, // Date/time ticket was issued
DateTime.Now.AddMinutes(2880), // Date and time the cookie will expire
false, // if user has checked remember me then create persistent cookie
"mem", // store the user data, in this case roles of the user
FormsAuthentication.FormsCookiePath); // Cookie path specified in the web.config file in <Forms> tag if any.

// To give more security it is suggested to hash it
var hashCookies = FormsAuthentication.Encrypt(ticket);
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashCookies); // Hashed ticket

// Add the cookie to the response, user browser
Response.Cookies.Add(cookie);