When I enter invalid credential to login it is returning me with a returnurl to the login page.
http://localhost:61089/scotkingcpa/login.aspx?ReturnUrl=%2fscotkingcpa%2flogin.aspx&loginfailure=1
Why is it doing this? Where am I telling it to append ReturnURL to login.aspx? When I enter invalid credentials at login.aspx it should just display an error message of invalid credentials and not put any url in the browser window. isn't this right?
Web.config:
<authentication mode="Forms">
<forms name=".AUTHCOOKIE" path="/" loginUrl="~/login.aspx" timeout="60" defaultUrl="~/users/default.aspx" protection="All" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" cookieless="UseDeviceProfile" domain="">
</forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
Login code
Imports System.Data
Imports System.Data.SqlClient
Partial Class login
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
If Not IsPostBack Then
If ((Not (Request.Cookies("UserName")) Is Nothing) _
AndAlso (Not (Request.Cookies("Password")) Is Nothing)) Then
Login1.UserName = Request.Cookies("UserName").Value
Login1.Attributes("value") = Request.Cookies("Password").Value
End If
End If
End Sub
Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate
Dim authenticated As Boolean
If Login1.RememberMeSet Then
Response.Cookies("UserName").Expires = DateTime.Now.AddDays(30)
Response.Cookies("Password").Expires = DateTime.Now.AddDays(30)
Else
Response.Cookies("UserName").Expires = DateTime.Now.AddDays(-1)
Response.Cookies("Password").Expires = DateTime.Now.AddDays(-1)
End If
Response.Cookies("UserName").Value = Login1.UserName.Trim
Response.Cookies("Password").Value = Login1.Password.Trim
authenticated = Authentication(Login1.UserName, Login1.Password)
If authenticated Then
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)
End If
Session("Check") = authenticated
e.Authenticated = authenticated
End Sub
Protected Function Authentication(ByVal username As String, ByVal password As String) As [Boolean]
Dim correct As Boolean = False
Using con As New SqlConnection(ConfigurationManager.ConnectionStrings("sqlConnectionString").ConnectionString)
Using command As New SqlCommand("GetUserLoginDetails", con)
command.Parameters.Add(New SqlParameter("@Username", SqlDbType.VarChar)).Value = username
command.Parameters.Add(New SqlParameter("@Password", SqlDbType.VarChar)).Value = password
command.CommandType = CommandType.StoredProcedure
con.Open()
If con.State = ConnectionState.Open Then
Using reader As SqlDataReader = command.ExecuteReader()
If reader.Read() Then
If reader("firstname") IsNot DBNull.Value Then
Session("firstname") = reader("firstname").ToString()
End If
If reader("Username") IsNot DBNull.Value Then
Session("Username") = reader("Username").ToString()
End If
If reader("UserID") IsNot DBNull.Value Then
Session("UserID") = reader("UserID").ToString()
End If
If reader("UnlockCode") IsNot DBNull.Value Then
Session("path") = reader("UnlockCode").ToString()
End If
correct = True
End If
End Using
Else
End If
End Using
End Using
Return correct
End Function
End Class
I figured this out. I removed FailureAction="RedirectToLoginPage" from the login page