Hi Everyone,
Good evening. Can you help me point out what seems to be the problem with my applciation? I know my problem will be a piece of cake to you guys.
I have a login page where the user will input his username and password:
here is the code:
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Not IsPostBack Then
Try
status = Request.QueryString("status").ToString()
If status = "NOTADMIN" Then
lblWarning.Text = "Sorry you are not allowed to access the site. Please contact Site Admin."
End If
Catch ex As Exception
Dim a As String = ""
End Try
End If
End Sub
Protected Sub ImageButton1_Click(ByVal sender As Object, ByVal e As System.Web.UI.ImageClickEventArgs) Handles ImageButton1.Click
If TbUsername.Text <> "" OrElse TbPassword.Text <> "" Then
Session.Timeout = 480
Dim accessData As New DataAccess()
Dim User As String = TbUsername.Text
Dim Username As String() = User.Replace("\", "|").Split("|"c)
Session("Username") = Nothing
Dim Authentication As Boolean = IsUserAuthenticated("LDAP://" & Username(0).ToString(), Username(0).ToString(), Username(1).ToString(), TbPassword.Text.Trim())
If Authentication = True Then
StaticObject.UserName = ""
StaticObject.Password = ""
StaticObject.Domain = ""
StaticObject.Domain = Username(1).ToString()
Session("UserName") = Username(1).ToString()
StaticObject.Domain = Username(0).ToString()
accessData.AddUser(Username(1).ToString())
Dim Authorization As String = accessData.CheckUserAccess(Username(1).ToString())
Dim MyAuthorization As String() = Authorization.Split("|"c)
StaticObject.UserLevel = MyAuthorization(0).ToString()
StaticObject.IsAdmin = MyAuthorization(1).ToString()
If MyAuthorization(0).ToString() <> "9" Then
Session("displayName") = StaticObject.DisplayName
Response.Redirect("Home.aspx")
Else
lblWarning.Text = "Sorry you are not allowed to access this Site, please contact the Site Administrator"
End If
Else
lblWarning.Text = "User Name or Password incorrect! Note: 3 consecutives incorrect login your account will be locked!"
End If
End If
End Sub
Public Function IsUserAuthenticated(ByVal strAdPath As String, ByVal strDomain As String, ByVal strUserName As String, ByVal strPassword As String) As Boolean
Dim directoryEntry As New DirectoryEntry(strAdPath, strUserName, strPassword)
Dim directorySearcher As New DirectorySearcher(directoryEntry)
Dim Authentication As [Boolean]
Try
Dim searchResult As SearchResult = directorySearcher.FindOne()
Authentication = True
directorySearcher.Filter = "(&(objectClass=person) (samaccountname=" & strUserName & "))"
Dim result As SearchResult = directorySearcher.FindOne()
Dim resultEntry As New DirectoryEntry()
resultEntry = result.GetDirectoryEntry()
StaticObject.DisplayName = resultEntry.Properties("displayName").Value.ToString()
Catch ex As Exception
Authentication = False
TbUsername.Text = ""
TbPassword.Text = ""
End Try
Return Authentication
End Function
End Class
so basically it is using windows login.
The poblem is that :
The page does not recognize that there is already a session. Therefore, still showin the login button when it should be logout because the user was able to login.
Here is the code:
Private user As StaticObject = Nothing
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Session("displayName") Is Nothing Then
lblUserFullName.Text = "null"
Else
If Not Page.IsPostBack Then
Try
lblUserFullName.Text = StaticObject.DisplayName
Catch ex As Exception
End Try
End If
End If
End Sub
Protected Sub loginstatus_LoggedOut(ByVal sender As Object, ByVal e As System.EventArgs) Handles loginstatus.LoggedOut
Session.Abandon()
Session.Clear()
End Sub
Protected Sub loginstatus_LoggingOut(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.LoginCancelEventArgs) Handles loginstatus.LoggingOut
End Sub
thank you very much in advance and I made sure I did my best to fix this before seeking for help.