views:

43

answers:

1

Hi.

I am wondering how to do the following...

I have a registration system. When the user successfully registers, he is then led down a series of data gathering pages (for his profile) and then, finally, ends on his profile's home page where he can start to use the site.

All this happens without ever logging into the system so, he is unauthenticated and unconfirmed.

My question is, how does this happen? How can I allow my user to be unauthenticated (and unconfirmed, but this I understand) and use all aspects of the Web site?

The way I have things set up right now, my code should be doing this:

case CreateProfileStatus.Success:
//FormsAuthentication.SetAuthCookie(userName, false);
Response.Redirect("NextPage.aspx", false);
break;

but, I am being redirected to the login page after registration which is not the result I want. This is what the relevant nodes in my web.config look like:

    <authentication mode="Forms">
      <forms name=".AuthCookie" loginUrl="default.aspx" protection="All"/>
    </authentication>
    <authorization>
      <deny users="?"/>
      <allow roles="Administrators" />
    </authorization>
    <anonymousIdentification enabled="true" 
                             cookieName=".ASPXANONYMOUS"
                             cookieTimeout="100000" cookiePath="/" 
                             cookieRequireSSL="false"
                             cookieSlidingExpiration="true" 
                             cookieProtection="Encryption"
                             cookieless="UseCookies" 
                             domain="" />

When the user logs out after the registration and initial interaction with the site he will be required to log in upon return. At this point he must be authenticated but does not need to be confirmed for a period of time. Eventually, he will be reminded.

So, how is this done? Thanks in advance.

A: 

Right now, the deny users="?" is denying access to anonymous users to ALL parts of the site. Forms authentication isn't all or nothing. You can set it up to apply only to a portion of your site. Since you've applied it to everywhere, any time you have an anonymous user who hasn't been given an auth cookie they will be redirected to "default.aspx" which is where they are required to log in.

If I understand correctly, you need to do the following...Set the registration portion of the site to be open to anonymous users (you do this in the authorization section of the web.config). This will prevent redirecting to "default.aspx" during the registration process. Once they are finished registering, you can either send them to "default.aspx" to log in, or recognize that they are now registered and log in for them (by using the FormsAuthentication.SetAuthCookie method).

Ocelot20
Thanks BPotocki, I marked this as the answer because I followed your suggestion and that worked. Much appreciated. However, if you don't mind, I only have a follow-up question. For SetAuthCookie(cookie, false), should I be setting the Guid value that corresponds to the UserId column in aspnet_Users (from the aspnet_db)? If not, what should I be using and is this the same as the session id? Thanks again.
Code Sherpa
The first parameter of SetAuthCookie is "userID", which can be whatever you want it to be. Use whatever identifies a user in your system. It is not the same as session id. A single user could have two sessions open on different computers, so the userID is something that would remain constant for the user ("Code Sherpa" would always be your ID here for example).
Ocelot20
OK, that cleared it up - thanks again.
Code Sherpa