Hi Keith,
As you said I'm almost there... I put the following in web.config:
<location path="MembersArea">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location> <authentication mode="Forms">
<forms name="formsauth"
loginUrl="login.aspx"
protection="All"
timeout="60" >
<credentials passwordFormat="Clear">
<user name="doru" password="doru"/>
</credentials>
</forms>
</authentication>
<authorization>
<allow users="*" />
</authorization>...and it seemd to be working - every time I clicked on a hyperlink to the form in the restricted area, I was taken to the login page. So far so good...
Then I added the credentials tag, and the following code in the login button:
if (FormsAuthentication.Authenticate(txtUsr.Text, txtPwd.Text))
FormsAuthentication.RedirectFromLoginPage(txtUsr.Text, true);
and this took me straight to the page... Amazing!
Problem is, now I seem to stay logged in all the time - maybe because of the 'true' in the redirect? The code that I looked at said 'Persist.Checked', but the compiler complained about missing a namespace, so I replaced it with 'true'.
The next step is that I'd like to logout. I added a logout button in my user control, and had the following in the click:
FormsAuthentication.SignOut();
Response.Redirect("default.aspx"); but when I click it I get:
The viewstate is invalid for this page and might be corruptedI've tried with the logout button on the form, not on the user control, but I get the same error.
It looks like I have a long way to go, so I can use a lot of help...
Thank you.
Doru
