well...i'm not sure what is the problem...you see, i have this login.aspx page, for users to login to the system. if you dont have a login ID and password, you cant get in. so, in this same login.aspx page, i include a link Login Problem? that will link the user to a page, say login_prob.aspx. anyone one, whether authorized or not, can click on this link and it is suppose to redirect the person to the login_prob.aspx page.
the problem here...is that when i click the link (keep in mind that i do not need to login to click on that link!), instead of linking me to the login_prob.aspx page, it redirects me to the same login.aspx page again! so, i guess something in my code restricts me from even accessing a page that can be viewed publicly. here's the code for my web.config file:
web.config
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="ezysys" loginUrl="login.aspx" protection="All" timeout="100" />
</authentication
<machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1" /
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration
and here's part of my code for the login.aspx page where the users login to the system:
login.aspx
'the code below is the Login button process when the user click on it:
Sub Res_Login(sender As Object, e As EventArgs)
If txtUserId.text = "" AND txtPwd.text="" Then
lblRequired1.text="Please enter your User ID and Password!"
Else If txtUserId.text="" Then
lblRequired1.text="Please enter your User ID!"
Else If txtPwd.text="" Then
lblRequired1.text="Please enter your Password!"
Else
Dim strConn As String = "PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE=" & server.mappath("EzySys.mdb") & ";"
Dim Conn As New OLEDBConnection(strConn)
Conn.Open()
Dim objCmd As OleDBCommand
Dim objDR As OleDbDataReader
objCmd = New OleDbCommand("SELECT Resident_Pwd FROM resident_info WHERE Resident_ID='" & txtUserId.text & "'", Conn)
objDR = objCmd.ExecuteReader()
If objDR.Read()
Dim storedHashedPassword As String = objDR("Resident_Pwd")
Dim givenHashedPassword As String = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPwd.text, "MD5")
If storedHashedPassword=givenHashedPassword Then
FormsAuthentication.RedirectFromLoginPage(txtUserId.text, false)
Session("UserName")= txtUserId.text
Response.Redirect("res_mainpage.aspx")
Else
lblRequired1.text="Invalid password!"
End If
Else
lblRequired1.text="Login name not found"
End If
objDR.Close
End If
End Sub
'the code below is the interface that the user sees in the login page:
<table bordercolor="#b5a642" cellspacing="2" cellpadding="2" border="1">
<tbody>
<tr>
<td align="middle" bgcolor="#b5a642" colspan="2">
<h2><font color="black">Resident Login </font>
</h2>
Login Problem?</td>
</tr>
<br />
<tr>
<td align="right" bgcolor="#b5a642">
<asp:Label id="lblUsrId" runat="server" font-size="X-Small" font-names="Courier New" forecolor="black" text="User ID : "></asp:Label></td>
<td bgcolor="#b5a642">
<asp:Textbox id="txtUserId" runat="server" Width="145px"></asp:Textbox>
</td>
</tr>
<tr>
<td align="right" bgcolor="#b5a642">
<asp:Label id="lblPwd" runat="server" font-size="X-Small" font-names="Courier New" forecolor="black" text="Password : "></asp:Label></td>
<td bgcolor="#b5a642">
<asp:Textbox id="txtPwd" runat="server" Width="145px" MaxLength="10" textmode="Password"></asp:Textbox>
</td>
</tr>
</tbody>
</table
*note: my Sub Page_Load() does not contain any code
hope you guys can help me out on this! it's a real headache!you need to enable users to access the loginprob.aspx page, in the web.config you need...
<configuration>
<location path="LogonProb.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration
check out this link..
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrflocationelement.asp
Edited by SomeNewKid. Please post code between<code> and</code> tags.
hi richy!
thanks a lot for your suggestion! it works! but uh...now i wanted to include two more aspx page. but i dont know how to do it coz the sample given in the msdn link does not show how to set the location path for more than one aspx page. when i code it this way:
<configuration>
<location path="login_prob.aspx, terms.aspx, privacy.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location
<system.web>
<authentication mode="Forms">
<forms name="ezysys" loginUrl="login.aspx" protection="All" timeout="100" />
</authentication
<machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1" /
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
error message appears, with the following message:
Configuration Error
Parser Error Message: <location> path attribute must be a relative virtual path. It cannot contain any of ';' '?' ':' '@.' '&' '=' '+' '$' ',' '\' '*' '"' '<' '>' or '|'.
Line 2: <location path="login_prob.aspx, terms.aspx, privacy.aspx"
can this be solved?
just add multiple location tags :-) (one for each page), but keep the hierarchy eg..
<location path="login_prob.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="terms.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
Instead of creating multiple location paths, create a directory that is available to all users and put all of your 'unsecure' pages in that folder and then just modify your location path to that folder.
hi richy and gknierim!
both of your solutions work!!! thanks a lot!!!!!!!! :) but i guess i prefer gknierim's solution, that is, create a directory. it's neat. thanks a lot again!
0 comments:
Post a Comment