locked
code behind login.aspx.vb error, please help RRS feed

  • Question

  • User-1764628585 posted

    Hi everybody

    I am using the following code behind login.aspx.vb. When a user uses wrong passwor then redirect to "expirationmessage.aspx" page, but when that user uses right password he can easily enter the site. IS THERE ANY WRONG. PLEASE HELP.

    Another Qestion:: has there any wrong funtioning in 'Expiration of User' function. I use

    Dim RenewDate = Profile.GetProfile(Login1.UserName).DateRenewed

            If DateDiff(DateInterval.day, RenewDate, DateTime.Now) > 365 Then
                Response.Redirect("~/expirationmessage.aspx")


    ===========the code behind========

    Partial Class Login
        Inherits System.Web.UI.Page

        Protected Sub Login1_LoginError(ByVal sender As Object, ByVal e As System.EventArgs) Handles Login1.LoginError
            'Set the parameters for InvalidCredentialsLogDataSource
            InvalidCredentialsLogDataSource.InsertParameters("ApplicationName").DefaultValue = Membership.ApplicationName
            InvalidCredentialsLogDataSource.InsertParameters("UserName").DefaultValue = Login1.UserName
            InvalidCredentialsLogDataSource.InsertParameters("IPAddress").DefaultValue = Request.UserHostAddress

            'The password is only supplied if the user enters an invalid username or invalid password - set it to Nothing, by default
            InvalidCredentialsLogDataSource.InsertParameters("Password").DefaultValue = Nothing


            'There was a problem logging in the user
            'See if this user exists in the database
            Dim userInfo As MembershipUser = Membership.GetUser(Login1.UserName)
            Dim RenewDate = Profile.GetProfile(Login1.UserName).DateRenewed
            If userInfo Is Nothing Then
                'The user entered an invalid username...
                Response.Redirect("~/invaliduser.aspx")
                'The password is only supplied if the user enters an invalid username or invalid password
                InvalidCredentialsLogDataSource.InsertParameters("Password").DefaultValue = Login1.Password
            End If

            'See if the user is locked out or not approved
            If Not userInfo.IsApproved Then
                Response.Redirect("~/approval.aspx")
            End If
            If userInfo.IsLockedOut Then
                Response.Redirect("~/idlock.aspx")
            End If
            'Expiration of User
            If DateDiff(DateInterval.day, RenewDate, DateTime.Now) > 365 Then
                Response.Redirect("~/expirationmessage.aspx")
            End If
            'The password was incorrect (don't show anything, the Login control already describes the problem)


            'The password is only supplied if the user enters an invalid username or invalid password
            InvalidCredentialsLogDataSource.InsertParameters("Password").DefaultValue = Login1.Password




            'Add a new record to the InvalidCredentialsLog table
            InvalidCredentialsLogDataSource.Insert()
        End Sub

        Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
            'If the person is already logged in, but is being redirected to the login page from some other
            'page, then they were attempting to visit a page they weren't authorized for
            If Request.IsAuthenticated AndAlso Request.QueryString("ReturnUrl") IsNot Nothing Then
                Response.Redirect("~/unauthorizeduser.aspx")
            End If
        End Sub
    End Class

    Tuesday, January 15, 2013 8:13 AM

All replies

  • User433674817 posted

    Went through the source code given

    The date diff function gives the difference between present date (DateTime.Now) and the day when password was renewed (RenewDate). The below line will be true and gets directed to expiration page when the difference is more than 365 days.

               If DateDiff(DateInterval.day, RenewDate, DateTime.Now) > 365 Then            

    User can be redirected to Expiration on the only scenario that renew date is coming as invalid  from the data source in below line of code because of which the if condition may be turning true and hence getting redirected.       Dim RenewDate = Profile.GetProfile(Login1.UserName).DateRenewed

         If DateDiff(DateInterval.day, RenewDate, DateTime.Now) > 365 Then              Response.Redirect("~/expirationmessage.aspx")

    Tuesday, February 5, 2013 11:04 PM