Why can't I login to the web even though the User and password are correct ?
-
I am writing a small example of Login webSite, there are two types of accounts and passwords, one is an account and password is stored in the Web.config file and the other two accounts and passwords are saved in SQL Server database, My problem is that in form 1, when logging in it opens Logon_Redirect.aspx file but cannot access, the following is my code I am debugging and running to the code where this opens the Logon_Redirect.aspx file but nothing, but when I log in with another account and password (the user password of SQL Server) log in well.
In file Web.config
......
In file Logon_Redirect.aspx
...Untitled Page
In file Logon_Redirect.aspx.cs
...
public partial class Logon_Redirect : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
// kiem tra va Redirect toi trang can thiet
if (Page.User.IsInRole(Globals.Settings.AppRoles.KhachHang))
Response.Redirect(Globals.ApplicationPath);
else if (Page.User.IsInRole(Globals.Settings.AppRoles.Admin))
Response.Redirect(Globals.ApplicationPath + "WebMaster/Contacts/Contact.aspx");
}
}In file Logon.aspx.cs
protected void btLogon_Click(object sender, EventArgs e)
{
//I can't Login User/Pass in file Web.config, check User: admin and Pass: 123
if (Membership.ValidateUser(txtEmail.Text, txtPassword.Text))
{
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, false);
}
else
{
FormsAuthentication.SetAuthCookie(txtEmail.Text, false);
Session["username"] = txtEmail.Text.Trim();
Response.Redirect(Globals.ApplicationPath + "Logon_Redirect.aspx");
//I am debugging and running to the code here and opens the Logon_Redirect.aspx file but nothing
}
}
else //Login SQL Server very good
{
// check User/pass other on SQL Server
if (webapp4U.BOL.User.CheckUserName(txtEmail.Text) && txtPassword.Text == ConfigurationManager.AppSettings["Password"].ToString())
{
FormsAut -
I am writing a small example of Login webSite, there are two types of accounts and passwords, one is an account and password is stored in the Web.config file and the other two accounts and passwords are saved in SQL Server database, My problem is that in form 1, when logging in it opens Logon_Redirect.aspx file but cannot access, the following is my code I am debugging and running to the code where this opens the Logon_Redirect.aspx file but nothing, but when I log in with another account and password (the user password of SQL Server) log in well.
In file Web.config
......
In file Logon_Redirect.aspx
...Untitled Page
In file Logon_Redirect.aspx.cs
...
public partial class Logon_Redirect : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
// kiem tra va Redirect toi trang can thiet
if (Page.User.IsInRole(Globals.Settings.AppRoles.KhachHang))
Response.Redirect(Globals.ApplicationPath);
else if (Page.User.IsInRole(Globals.Settings.AppRoles.Admin))
Response.Redirect(Globals.ApplicationPath + "WebMaster/Contacts/Contact.aspx");
}
}In file Logon.aspx.cs
protected void btLogon_Click(object sender, EventArgs e)
{
//I can't Login User/Pass in file Web.config, check User: admin and Pass: 123
if (Membership.ValidateUser(txtEmail.Text, txtPassword.Text))
{
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, false);
}
else
{
FormsAuthentication.SetAuthCookie(txtEmail.Text, false);
Session["username"] = txtEmail.Text.Trim();
Response.Redirect(Globals.ApplicationPath + "Logon_Redirect.aspx");
//I am debugging and running to the code here and opens the Logon_Redirect.aspx file but nothing
}
}
else //Login SQL Server very good
{
// check User/pass other on SQL Server
if (webapp4U.BOL.User.CheckUserName(txtEmail.Text) && txtPassword.Text == ConfigurationManager.AppSettings["Password"].ToString())
{
FormsAutI am not sure what you want us to do. You have to debug this, we can't do it for you. And in case you do not know, storing passwords in the web.config is not a good idea nor storing them in the db either. You should store hashes, but that's another topic for another time.
Social Media - A platform that makes it easier for the crazies to find each other. Everyone is born right handed. Only the strongest overcome it. Fight for left-handed rights and hand equality.
-
I am writing a small example of Login webSite, there are two types of accounts and passwords, one is an account and password is stored in the Web.config file and the other two accounts and passwords are saved in SQL Server database, My problem is that in form 1, when logging in it opens Logon_Redirect.aspx file but cannot access, the following is my code I am debugging and running to the code where this opens the Logon_Redirect.aspx file but nothing, but when I log in with another account and password (the user password of SQL Server) log in well.
In file Web.config
......
In file Logon_Redirect.aspx
...Untitled Page
In file Logon_Redirect.aspx.cs
...
public partial class Logon_Redirect : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
// kiem tra va Redirect toi trang can thiet
if (Page.User.IsInRole(Globals.Settings.AppRoles.KhachHang))
Response.Redirect(Globals.ApplicationPath);
else if (Page.User.IsInRole(Globals.Settings.AppRoles.Admin))
Response.Redirect(Globals.ApplicationPath + "WebMaster/Contacts/Contact.aspx");
}
}In file Logon.aspx.cs
protected void btLogon_Click(object sender, EventArgs e)
{
//I can't Login User/Pass in file Web.config, check User: admin and Pass: 123
if (Membership.ValidateUser(txtEmail.Text, txtPassword.Text))
{
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, false);
}
else
{
FormsAuthentication.SetAuthCookie(txtEmail.Text, false);
Session["username"] = txtEmail.Text.Trim();
Response.Redirect(Globals.ApplicationPath + "Logon_Redirect.aspx");
//I am debugging and running to the code here and opens the Logon_Redirect.aspx file but nothing
}
}
else //Login SQL Server very good
{
// check User/pass other on SQL Server
if (webapp4U.BOL.User.CheckUserName(txtEmail.Text) && txtPassword.Text == ConfigurationManager.AppSettings["Password"].ToString())
{
FormsAutMember 2458467 wrote:
if (Page.User.IsInRole(Globals.Settings.AppRoles.KhachHang))
There's nothing in the code you've posted to show how you're loading the roles for the user. If you're not loading the roles, then the user won't be in any roles, and your
Page_Loadmethod won't redirect at all.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
I am not sure what you want us to do. You have to debug this, we can't do it for you. And in case you do not know, storing passwords in the web.config is not a good idea nor storing them in the db either. You should store hashes, but that's another topic for another time.
Social Media - A platform that makes it easier for the crazies to find each other. Everyone is born right handed. Only the strongest overcome it. Fight for left-handed rights and hand equality.
I login the user/pass of the normal sql server but I cannot login the user/pass of file web.config, you can not view the image file I can login [http://www.mediafire.com/file/wydeh0jm629lchm/website2010\_09.jpg\](http://www.mediafire.com/file/wydeh0jm629lchm/website2010\_09.jpg)
-
Member 2458467 wrote:
if (Page.User.IsInRole(Globals.Settings.AppRoles.KhachHang))
There's nothing in the code you've posted to show how you're loading the roles for the user. If you're not loading the roles, then the user won't be in any roles, and your
Page_Loadmethod won't redirect at all.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
If so, why can I login the sql server's user/password ?
protected void btLogon_Click(object sender, EventArgs e)
{
if (Membership.ValidateUser(txtEmail.Text, txtPassword.Text)) //web.config
{
...
}
else //sql
{
...
}
} -
I login the user/pass of the normal sql server but I cannot login the user/pass of file web.config, you can not view the image file I can login [http://www.mediafire.com/file/wydeh0jm629lchm/website2010\_09.jpg\](http://www.mediafire.com/file/wydeh0jm629lchm/website2010\_09.jpg)
-
If so, why can I login the sql server's user/password ?
protected void btLogon_Click(object sender, EventArgs e)
{
if (Membership.ValidateUser(txtEmail.Text, txtPassword.Text)) //web.config
{
...
}
else //sql
{
...
}
}You can log in, but in the code you've posted, you're not assigning any roles to the user. Any calls to
User.IsInRolewill therefore returnfalse. ASP.NET 3.5 - Roles | Microsoft Docs[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
You can log in, but in the code you've posted, you're not assigning any roles to the user. Any calls to
User.IsInRolewill therefore returnfalse. ASP.NET 3.5 - Roles | Microsoft Docs[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
You can log in, but in the code you've posted, you're not assigning any roles to the user. Any calls to User.IsInRole will therefore return false. ASP.NET 3.5 - Roles | Microsoft Docs[^] I don't understand you saying "Any calls to User.IsInRole will therefore return false." Can you tell me where this is ? How do I edit the code? I debug in the button_click event code, I see
protected void btLogon_Click(object sender, EventArgs e)
{
if (Membership.ValidateUser(txtEmail.Text, txtPassword.Text))
{
try
{
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, false);
}
else
{
FormsAuthentication.SetAuthCookie(txtEmail.Text, false);
Session["username"] = txtEmail.Text.Trim();
Response.Redirect(Globals.ApplicationPath + "Logon_Redirect.aspx");//You see the message output in the attached image, I choose yes
}
}
catch (Exception ex)
{
Debug.Print("Error login sql: " + ex);
}
}
else
{
try
{
// kiem tra xem co UserName hay ko
if (txtEmail.Text==ConfigurationManager.AppSettings["EmailWebmaster"].ToString() && txtPassword.Text == ConfigurationManager.AppSettings["Password"].ToString())
{
FormsAuthentication.SetAuthCookie(txtEmail.Text, false);
Session["username"] = txtEmail.Text.Trim();
Response.Redirect(Globals.ApplicationPath + "Logon_Redirect.aspx");//You see the message output in the attached image, I choose yes
}
else
lblMsg.Text = ResourceManager.GetString("Logon_False");} catch (Exception ex) { Debug.Print("Error Web.config: " + ex); } } }I am debugging both the user/pass sql server and user/pass cases in the Web.config file when I came to the code "Response.Redirect (Globals.ApplicationPath +" Logon_Redirect.aspx ");" In both cases, a notification is sent to view the http://www.me
-
You can log in, but in the code you've posted, you're not assigning any roles to the user. Any calls to User.IsInRole will therefore return false. ASP.NET 3.5 - Roles | Microsoft Docs[^] I don't understand you saying "Any calls to User.IsInRole will therefore return false." Can you tell me where this is ? How do I edit the code? I debug in the button_click event code, I see
protected void btLogon_Click(object sender, EventArgs e)
{
if (Membership.ValidateUser(txtEmail.Text, txtPassword.Text))
{
try
{
if (Request.QueryString["ReturnUrl"] != null)
{
FormsAuthentication.RedirectFromLoginPage(txtEmail.Text, false);
}
else
{
FormsAuthentication.SetAuthCookie(txtEmail.Text, false);
Session["username"] = txtEmail.Text.Trim();
Response.Redirect(Globals.ApplicationPath + "Logon_Redirect.aspx");//You see the message output in the attached image, I choose yes
}
}
catch (Exception ex)
{
Debug.Print("Error login sql: " + ex);
}
}
else
{
try
{
// kiem tra xem co UserName hay ko
if (txtEmail.Text==ConfigurationManager.AppSettings["EmailWebmaster"].ToString() && txtPassword.Text == ConfigurationManager.AppSettings["Password"].ToString())
{
FormsAuthentication.SetAuthCookie(txtEmail.Text, false);
Session["username"] = txtEmail.Text.Trim();
Response.Redirect(Globals.ApplicationPath + "Logon_Redirect.aspx");//You see the message output in the attached image, I choose yes
}
else
lblMsg.Text = ResourceManager.GetString("Logon_False");} catch (Exception ex) { Debug.Print("Error Web.config: " + ex); } } }I am debugging both the user/pass sql server and user/pass cases in the Web.config file when I came to the code "Response.Redirect (Globals.ApplicationPath +" Logon_Redirect.aspx ");" In both cases, a notification is sent to view the http://www.me
There is nothing in any of the code you've posted that sets the roles for a user. Computers aren't magic. If you don't tell the system that the user is in a particular role, then it doesn't have any way to know that the user is in that role. When you later ask it if the user is in that role, the only answer it can give you is "no". Follow the link I provided in my previous message, and read about how to set up your application to support user roles. (And you can ignore the
ThreadAbortException- that's a normal part of redirecting the user to another page.)
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
