I set up a website to use SqlMembershipProvider as written on this page.
I followed every step. I have the database, I modified the Web.config to use this provider, with the correct connection string, and the authentication mode is set to Forms. Created some users to test with.
I created a Login.aspx and put the Login control on it. Everything works fine until the point that a user can log in.
I call Default.aspx, it gets redirected to Login.aspx, I enter the user and the correct password. No error message, nothing seems to be wrong, but I see again the Login form, to enter the user’s login information. However if I check the cookies in the browser, I can see that the cookie with the specified name exists.
I already tried to handle the events by myself and check, what is happening in them, but no success.
I’m using VS2008, Website in filesystem, SQL Express 2005 to store aspnetdb, no role management, tested with K-Meleon, IE7.0 and Chrome.
Any ideas?
Resolution: After some mailing with Rob we have the ideal solution, which is now the accepted answer.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
RE: The Accepted Answer
I do not like the hack given.
I have a site that uses a login form called “login.aspx” and all works fine. I think we should actually find the answer rather than hack. Since all the [presumably] tested sites work. Do you not think we should actually use StackOverflow to find the ACTUAL problem? (making it much more useful than anywhere else?)
In the LoginCtl_Authenticate event are you setting the EventArgs.Authenticated property to true?
e.g.
protected void LoginCtl_Authenticate(object sender, AuthenticateEventArgs e)
{
// Check the Credentials against DB
bool authed = DAL.Authenticate(user, pass);
e.Authenticated = authed;
}
Method 2
I have checked the code over in the files you have sent me (thanks again for sending them through).
Note: I have not tested this since I have not installed the database etc..
However, I am pretty sure this is the issue.
You need to set the MembershipProvider Property for your ASP.NET controls. Making the definitions for them:
<asp:Login ID="Login1" runat="server"
MembershipProvider="MySqlMembershipProvider">
<LayoutTemplate>
<!-- template code snipped for brevity -->
</LayoutTemplate>
</asp:Login>
And..
<asp:CreateUserWizard ID="CreateUserWizard1" runat="server"
MembershipProvider="MySqlMembershipProvider">
<WizardSteps>
<asp:CreateUserWizardStep runat="server" />
<asp:CompleteWizardStep runat="server" />
</WizardSteps>
</asp:CreateUserWizard>
This then binds the controls to the Membership Provider with the given name (which you have specified in the Web.Config.
Give this a whirl in your solution and let me know how you get on.
I hope this works for you 🙂
Edit
I should also add, I know you shouldn’t need to do this as the default provider is set, but I have had problems in the past with this.. I ended up setting them all to manual and all worked fine.
Method 3
You normally have a initial folder with the generally accessable forms and a seperate folder with all the login protected items. In the initial folder you have a webconfig with:
<!--Deny all users -->
<authorization>
<deny users="*" />
</authorization>
In the other folder you can put a seperate webconfig with settings like:
<!--Deny all users unless autherticated -->
<authorization>
<deny users="?" />
</authorization>
If you want to further refine it you can allow access to a particular role only.
<configuration>
<system.web>
<authorization>
<allow roles="Admins"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
This will deny access to anyone who does not have a role of admin, which they can only get if they are logged in sucessfully.
If you want some good background I recommend the DNR TV episode with Miguel Castro on ASP.NET Membership
Method 4
What is the role of the username you are logging in with? Have you permitted this role to access Default.aspx?
I experienced this once (a long time ago) and went “doh!” when I realized that not even admin roles can access the main folder!
Method 5
I ran into a similar problem a while ago, and I remember it was solved by not naming the login page “login.aspx”. Just naming it something else (userLogin.aspx, for example) solved it for me.
Method 6
I just solved my problem of this happening. Check out the applicationName for your membership provider.
http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx
Method 7
Have you checked that the redirect path is being sent to the login form? Off my head I think it is ReturnURL?
Method 8
@Jon: I’m not using roles yet. If I check the Web Admin Tool, it says: Roles are not enabled .
@Rob: Yes, it is there.
I also checked the events in order: LoggingIn, Authenticate, LoggedIn, so it is following the correct path, but no redirect and it does not see that it was authenticated.
Method 9
Do you have requireSSL="true" in your web.config?
I had similar symptoms to you. If you set requireSSL to true, there are some additional considerations.
Method 10
@Rob: You are right from your point of view.
From my point of view it is my test project to check some things. If it is working in any way, that fits to me. I haven’t found any similair problem on the net, so it can be something else, absolutely not related to ASP.NET.
However I’m open, so that next time I also can say: aha, I know this!
I started over the project:
Default.aspx: added LoginStatus and LoginName controls
Login.aspx: added Login control and CreateUserWizard control
web.config: added
<authentication mode="Forms">
<forms name="SqlAuthCookie" timeout="10" loginUrl="Login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear/>
<add name="MySqlMembershipProvider" connectionStringName="MyLocalSQLServer" applicationName="MyAppName" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
</providers>
</membership>
and
<connectionStrings>
<add name="MyLocalSQLServer" connectionString="Initial Catalog=aspnetdb;data source=iballanbsqlexpress;uid=full;pwd=full;"/>
</connectionStrings>
Create the database with aspnet_regsql -E -S iballanbsqlexpress -A all, created an SQL user called full with password full.
Start the project, I got redirected to Login.aspx, create one user, it is created in database. Entering user data to login form, catching events: LoggingIn, Authenticate, LoggedIn, so I’m logged in ( I don’t do anything in these events, I don’t authenticate myself, I’m only interested in what is fired and in which order). RedirectURL is correctly pointing to Default.aspx, but has no effect.
This is it so far.
Method 11
If you are overriding the events, are you calling the default implementation? If you are overriding them to confirm their execution, then the actual code will not be getting executed either, which may be the break in the plumbing..
Method 12
Try adding the path element. It must be the same as your virtual site path, for example
if you test to /localhost/Authentication
path must be = “/Authentication”
<forms loginUrl="Login.aspx" protection="All" timeout="30" name="AuthTestCookie" path="/Authentication" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseCookies" enableCrossAppRedirects="false"/>
Method 13
I know this is an old post, but I found an additional answer… For others in the future with this problem, I found that my web.config file somehow had the following added to the bottom (not sure how). Once I commented the out, it worked fine 🙂 Even though I had everything above in the file set properly, this one line caused me over an hour of headache…
<system.webServer>
<modules>
<remove name="FormsAuthentication" />
</modules>
</system.webServer>
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0