Problem with Login control of ASP.NET

Question

I set up a website to use SqlMembershipProvider as written on this page.

I followed every step. I have the database, I modified the Web.config to use this provider,

Answer 1

I just solved my problem of this happening. Check out the applicationName for your membership provider. http://weblogs.asp.net/scottgu/archive/2006/04/22/Always-set-the-_2200_applicationName_2200_-property-when-configuring-ASP.NET-2.0-Membership-and-other-Providers.aspx

Answer 2

I ran into a similar problem a while ago, and I remember it was solved by not naming the login page "login.aspx". Just naming it something else (userLogin.aspx, for example) solved it for me.

Answer 3

You normally have a initial folder with the generally accessable forms and a seperate folder with all the login protected items. In the initial folder you have a webconfig with:

   <!--Deny all users -->
   <authorization>
     <deny users="*" />
   </authorization>

In the other folder you can put a seperate webconfig with settings like:

   <!--Deny all users unless autherticated -->
   <authorization>
     <deny users="?" />
   </authorization>

If you want to further refine it you can allow access to a particular role only.

<configuration>
   <system.web>
      <authorization>
         <allow roles="Admins"/>
         <deny users="*"/>
      </authorization>
   </system.web>
</configuration>

This will deny access to anyone who does not have a role of admin, which they can only get if they are logged in sucessfully.

If you want some good background I recommend the DNR TV episode with Miguel Castro on ASP.NET Membership

Answer 4

Do you have requireSSL="true" in your web.config? I had similar symptoms to you. If you set requireSSL to true, there are some additional considerations.

Answer 5

If you are overriding the events, are you calling the default implementation? If you are overriding them to confirm their execution, then the actual code will not be getting executed either, which may be the break in the plumbing..

Answer 6

@Rob: You are right from your point of view.

From my point of view it is my test project to check some things. If it is working in any way, that fits to me. I haven't found any similair problem on the net, so it can be something else, absolutely not related to ASP.NET.

However I'm open, so that next time I also can say: aha, I know this!

I started over the project:

Default.aspx: added LoginStatus and LoginName controls

Login.aspx: added Login control and CreateUserWizard control

web.config: added

<authentication mode="Forms">
    <forms name="SqlAuthCookie" timeout="10" loginUrl="Login.aspx"/>
</authentication>
<authorization>
    <deny users="?"/>
    <allow users="*"/>
</authorization>
<membership defaultProvider="MySqlMembershipProvider">
    <providers>
        <clear/>
        <add name="MySqlMembershipProvider" connectionStringName="MyLocalSQLServer" applicationName="MyAppName" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
    </providers>
</membership>

and

<connectionStrings>
    <add name="MyLocalSQLServer" connectionString="Initial Catalog=aspnetdb;data source=iballanb\sqlexpress;uid=full;pwd=full;"/>
</connectionStrings>

Create the database with aspnet_regsql -E -S iballanb\sqlexpress -A all, created an SQL user called full with password full.

Start the project, I got redirected to Login.aspx, create one user, it is created in database. Entering user data to login form, catching events: LoggingIn, Authenticate, LoggedIn, so I'm logged in ( I don't do anything in these events, I don't authenticate myself, I'm only interested in what is fired and in which order). RedirectURL is correctly pointing to Default.aspx, but has no effect.

This is it so far.