N
NWx
Hi,
I implement forms authentication in my application.
So I have a login form.
Actually I have two custom Web controls, one to login and one to redirect
user to Register page
Login custom control perform some client-side validation if username or
password are empty
I have two problems:
1. Even if user click on register button (which is on Register user
control), my page performs client side validation for username and password
from Login user control. How can I prevent this? I can disable client-side
validation, but I don't want this.
2. Usually I shouldn't be able to access register page, since I'm not
authenticated.
So I "trick" the application, and I authenticate with a "dummy" user name,
with a code as below, in cmdRegister_click:
FormsAuthentication.SetAuthCookie("guest", False)
Response.Redirect("register.aspx")
Also, I created a custom header control I place on every page, which check
in page_load if current user is guest and page is <> register.aspx, and in
this case calls signoff, to avoid user to access a protected page by typing
its name in address bar after loading Register.aspx.
Is this solution safe enough? Can anyone suggest any better approach?
Thank you.
I implement forms authentication in my application.
So I have a login form.
Actually I have two custom Web controls, one to login and one to redirect
user to Register page
Login custom control perform some client-side validation if username or
password are empty
I have two problems:
1. Even if user click on register button (which is on Register user
control), my page performs client side validation for username and password
from Login user control. How can I prevent this? I can disable client-side
validation, but I don't want this.
2. Usually I shouldn't be able to access register page, since I'm not
authenticated.
So I "trick" the application, and I authenticate with a "dummy" user name,
with a code as below, in cmdRegister_click:
FormsAuthentication.SetAuthCookie("guest", False)
Response.Redirect("register.aspx")
Also, I created a custom header control I place on every page, which check
in page_load if current user is guest and page is <> register.aspx, and in
this case calls signoff, to avoid user to access a protected page by typing
its name in address bar after loading Register.aspx.
Is this solution safe enough? Can anyone suggest any better approach?
Thank you.