David Truxall

Adrift in .Net

<November 2008>
SuMoTuWeThFrSa
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456

Navigation

Other Good Blogs

My Other Articles on CodeProject

Subscriptions

News

Day of .Net October 18, 2008 - Be there!
View David Truxall's profile on LinkedIn
My presentations on SlideShare

Post Categories



Wednesday, January 07, 2004 - Posts

Forms Authentication Problem

An ASP.Net site we created is having infrequent problems with logins using forms authentication. Essentially what happens is that the user attempts to login and is successful, but then is redirected back to the login page immediately. So it looks like an infinite loop of logins. We have been able to deduce that the cookie is related to the problem. If the user deletes their cookies in IE the problem goes away. The problem is very intermittent, so it is very difficult to reproduce. It is not generating 500 errors or errors in the logs. From extensive Googling, the best I can come up with is the fact that we allowed the cookie to persist across sessions, and the problem is related to that. So I changed the createPersistentCookie parameter to false:

FormsAuthentication.SetAuthCookie(nResult.ToString, False)

Of course, solving the problem is only a wait-and-see in this case, since I can't reproduce the problem directly. I thought our login code was pretty straightforward, letting ASP.Net do as much of the work as possible.


Imports System.Web.Security.FormsAuthentication
....
....
'txtEmail, txtPassword are textboxes on the form, lblMessage is a label control
Public Sub Login_Click(ByVal snd As System.Object, ByVal e As System.EventArgs) _ 
    Handles LoginButton.Click
    
    Dim NotRegistered As String = " is not a registered email address. “ & _
                                  “Please use the Create A Profile link to register."
    Dim nResult As Integer
    If Page.IsValid Then
        Dim sPassword As String 




            
        sPassword = HashPasswordForStoringInConfigFile(txtPassword.Text, "sha1")
        nResult = LoginResult(txtEmail.Text, sPassword) 'Validate against the database
        If nResult = -1 Then 'Not a registered user, display error message
            lblMessage.Text = txtEmail.Text & NotRegistered
        ElseIf nResult = -2 Then 'Bad password, set error message
           lblMessage.Text = "The password for " & txtEmail.Text & _
                             " is incorrect"
        ElseIf nResult > 0 Then 'Registered user, nResult is their ID number
           If Request.QueryString("ReturnUrl") <> "" Then 'Redirect to requsted page
               RedirectFromLoginPage(nResult.ToString, False)
           Else 'Go to My Jobs by default
               SetAuthCookie(nResult.ToString, False)
               Response.Redirect("../MyJobs/My_Jobs.aspx")
           End If
        End if
    End If
End Sub

posted Wednesday, January 07, 2004 6:36 AM by davetrux with 0 Comments




Powered by Dot Net Junkies, by Telligent Systems