Bypassing ASP.Net login page if user logged on through the ASP site where the ASP.Net site is hosted RRS feed

  • Question

  • Help please, anyone!

    Given the following:
    1. I have an ASP site with a virtual folder that points to a .Net site
    2. The .Net site has its own login page configured in web.config as follows
    <authentication mode="Forms" lockItem="true">
    forms loginUrl="Login.aspx" name="frmL" protection="All" defaultUrl="Index.aspx" path="/" timeout="30"></forms>
    3. The .Net site is accessible from the “User Tools” section of the ASP site and is accessible only to users who have successfully logged on
    4. The “User Tools” section has its own ASP login page
    5. The “User Tools” section has several links, one of them is the link to the .Net site


    When the user is on the “User Tools” page and clicks on the link to the .Net site, the user is taken to the .Net login page which means user has to login twice to access the .Net site.
    Is there a way to bypass the .Net login page when a user has already successfully logged on through the ASP login page?


    BizTalk R2 newbie
    Friday, November 28, 2008 6:56 PM


  • Hi

    If you are using C#
    Try to write the code in this manner........

    private bool ValidateUser( string userName, string passWord )
    SqlConnection conn;
    SqlCommand cmd;
    string lookupPassword = null;

    // Check for invalid userName.
    // userName must not be null and must be between 1 and 15 characters.
    if ( (  null == userName ) || ( 0 == userName.Length ) || ( userName.Length > 15 ) )
    System.Diagnostics.Trace.WriteLine( "[ValidateUser] Input validation of userName failed." );
    return false;

    // Check for invalid passWord.
    // passWord must not be null and must be between 1 and 25 characters.
    if ( (  null == passWord ) || ( 0 == passWord.Length ) || ( passWord.Length > 25 ) )
    System.Diagnostics.Trace.WriteLine( "[ValidateUser] Input validation of passWord failed." );
    return false;

    // Consult with your SQL Server administrator for an appropriate connection
    // string to use to connect to your local SQL Server.
    conn = new SqlConnection( "server=localhost;Integrated Security=SSPI;database=pubs" );

    // Create SqlCommand to select pwd field from users table given supplied userName.
    cmd = new SqlCommand( "Select pwd from users where uname=@userName", conn );
    cmd.Parameters.Add( "@userName", SqlDbType.VarChar, 25 );
    cmd.Parameters["@userName"].Value = userName;

    // Execute command and fetch pwd field into lookupPassword string.
    lookupPassword = (string) cmd.ExecuteScalar();

    // Cleanup command and connection objects.
    catch ( Exception ex )
    // Add error handling here for debugging.
    // This error message should not be sent back to the caller.
    System.Diagnostics.Trace.WriteLine( "[ValidateUser] Exception " + ex.Message );

    // If no password found, return false.
    if ( null == lookupPassword )
    // You could write failed login attempts here to event log for additional security.
    return false;

    // Compare lookupPassword and input passWord, using a case-sensitive comparison.
    return ( 0 == string.Compare( lookupPassword, passWord, false ) );


    private void cmdLogin_ServerClick(object sender, System.EventArgs e)
    if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
    Response.Redirect("logon.aspx", true);

    private void cmdLogin_ServerClick(object sender, System.EventArgs e)
       if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
          FormsAuthenticationTicket tkt;
          string cookiestr;
          HttpCookie ck;
          tkt = new FormsAuthenticationTicket(1, txtUserName.Value, DateTime.Now,
    DateTime.Now.AddMinutes(30), chkPersistCookie.Checked, "your custom data");
          cookiestr = FormsAuthentication.Encrypt(tkt);
          ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
          if (chkPersistCookie.Checked)
        ck.Path = FormsAuthentication.FormsCookiePath;

          string strRedirect;
          strRedirect = Request["ReturnUrl"];
          if (strRedirect==null)
                strRedirect = "default.aspx";
             Response.Redirect(strRedirect, true);
          Response.Redirect("logon.aspx", true);

    Make sure that the following code is added to the InitializeComponent method in the code that the Web Form Designer generates:
    this.cmdLogin.ServerClick += new System.EventHandler(this.cmdLogin_ServerClick); 

    private void cmdSignOut_ServerClick(object sender, System.EventArgs e)
       Response.Redirect("logon.aspx", true);

    1. Make sure that the following code is added to the InitializeComponent method in the code that the Web Form Designer generates:

      this.cmdSignOut.ServerClick += new System.EventHandler(this.cmdSignOut_ServerClick); 

    • Marked as answer by Figo Fei Monday, December 1, 2008 4:27 AM
    Saturday, November 29, 2008 7:16 AM