Hi all
How can the following problem be solved:
My application uses forms authentication. Normally a
start.aspx page should be send to the client before
login.aspx is shown.
Start.aspx consist of simple JScript writing a cookie about
screen resolution followed by an automatic transfer to
login.aspx. This page is therefore test whether cookies and
JScript are activated.
But if forms authentication is activated, the only
accessible page is login.aspx. So I need first to login and
therefore set the authentication cookie in order to access
start.aspx (checking whether cookie are activated.... :-) ).
My webconfig is:
<authenticati on mode="Forms" >
<forms
name="Auth-Cookie"
path="\"
loginUrl="Login .aspx"
protection="All "
timeout="25">
<credentials passwordFormat= "Clear">
<user name="Test" password="Pass" />
</credentials>
</forms>
</authentication>
<authorizatio n>
<deny users="?" />
</authorization>
The deny setting prevent unathorized user from accessing
start.aspx. But this is necessary to make the cookie and
jscript check!
Each help appreciated!
Thanks
Jenny 2  2547 
Jenny,
You can overrride specific allow/deny permissions for individual pages and
directories.
What you have already defined in the <authorizatio n> tag of <system.web>
will be applied to all pages that do not have any of their own setting
defined.
To override that setting for a specific page, in your case start.aspx, just
place the following code in your web.config file:
<configuratio n>
....
<system.web>
....
</system.web>
<location path="start.asp x">
<system.web>
<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
note that this is contained in the <configuation > tag, but after the ending
</system.web> tag.
that code will allow everyone, authenticated or not, to access start.aspx.
HTH,
-Cliff
"Jenny" <j.********@SPA Mx-mail.net> wrote in message
news:09******** *************** *****@phx.gbl.. . Hi all
How can the following problem be solved:
My application uses forms authentication. Normally a
start.aspx page should be send to the client before
login.aspx is shown.
Start.aspx consist of simple JScript writing a cookie about
screen resolution followed by an automatic transfer to
login.aspx. This page is therefore test whether cookies and
JScript are activated.
But if forms authentication is activated, the only
accessible page is login.aspx. So I need first to login and
therefore set the authentication cookie in order to access
start.aspx (checking whether cookie are activated.... :-) ).
My webconfig is:
<authenticati on mode="Forms" >
<forms
name="Auth-Cookie"
path="\"
loginUrl="Login .aspx"
protection="All "
timeout="25">
<credentials passwordFormat= "Clear">
<user name="Test" password="Pass" />
</credentials>
</forms>
</authentication>
<authorizatio n>
<deny users="?" />
</authorization>
The deny setting prevent unathorized user from accessing
start.aspx. But this is necessary to make the cookie and
jscript check!
Each help appreciated!
Thanks
Jenny
Hi There...
I am getting this wierd error when i am adding location tags in my
web.config.
"System.excepti on: there is more than one system.web section in your
configuration file"
Does anyone know why its happening. I am using WSE 1.0 SP1, i have
tried reinstalling it, but no good yet.
Any assistance will be highly appreciated.
Thanx.
Reeya.
"Cliff Harris" <he***@myrealbo x.com> wrote in message news:<e6******* *******@TK2MSFT NGP11.phx.gbl>. .. Jenny,
You can overrride specific allow/deny permissions for individual pages and
directories.
What you have already defined in the <authorizatio n> tag of <system.web>
will be applied to all pages that do not have any of their own setting
defined.
To override that setting for a specific page, in your case start.aspx, just
place the following code in your web.config file:
<configuratio n>
...
<system.web>
...
</system.web>
<location path="start.asp x">
<system.web>
<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
note that this is contained in the <configuation > tag, but after the ending
</system.web> tag.
that code will allow everyone, authenticated or not, to access start.aspx.
HTH,
-Cliff
"Jenny" <j.********@SPA Mx-mail.net> wrote in message
news:09******** *************** *****@phx.gbl.. . Hi all
How can the following problem be solved:
My application uses forms authentication. Normally a
start.aspx page should be send to the client before
login.aspx is shown.
Start.aspx consist of simple JScript writing a cookie about
screen resolution followed by an automatic transfer to
login.aspx. This page is therefore test whether cookies and
JScript are activated.
But if forms authentication is activated, the only
accessible page is login.aspx. So I need first to login and
therefore set the authentication cookie in order to access
start.aspx (checking whether cookie are activated.... :-) ).
My webconfig is:
<authenticati on mode="Forms" >
<forms
name="Auth-Cookie"
path="\"
loginUrl="Login .aspx"
protection="All "
timeout="25">
<credentials passwordFormat= "Clear">
<user name="Test" password="Pass" />
</credentials>
</forms>
</authentication>
<authorizatio n>
<deny users="?" />
</authorization>
The deny setting prevent unathorized user from accessing
start.aspx. But this is necessary to make the cookie and
jscript check!
Each help appreciated!
Thanks
Jenny This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms
Authentication set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.
I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
|
by: Kris van der Mast |
last post by:
Hi,
I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be protected by forms authentication.
When I create forms authentication at root level it works but when I move my
code up to the subfolder I get this error:
Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
|
by: Eric |
last post by:
I am trying to build an app where the stuff in the root directory is open to
all, but anything under the Restricted directory requires you to login and I
want to use Forms to do it. I'm having trouble getting the web.config to
work properly.
First I tried to have a second web.config in the sub directory with
authentication and authorization set to forms, but it blew up.
Next, I tried to modify the root web.config in the following manner...
|
by: Anonieko Ramos |
last post by:
ASP.NET Forms Authentication Best Practices
Dr. Dobb's Journal February 2004
Protecting user information is critical
By Douglas Reilly
Douglas is the author of Designing Microsoft ASP.NET Applications and
owner of Access Microsystems. Doug can be reached at
doug@accessmicrosystems.com.
--------------------------------------------------------------------------------
|
by: Justin |
last post by:
I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:
<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms name="authAdmin" loginUrl="Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="Admin"...
| | |
by: V. Jenks |
last post by:
Using forms authentication, can I control which pages
and/or directories a user would have access to or is that
only available with Windows authentication?
Thanks!
|
by: =?Utf-8?B?R3V1czEyMw==?= |
last post by:
Hi,
I created a web site on a remote server. To logon the user must enter a user
id and password. The site is uses Forms Authentication.
The web config file looks as follows:
<configuration>
<system.web>
<customErrors mode="Off"/>
|
by: Bjorn Sagbakken |
last post by:
In a web-application with login creds (user, pwd), these are checked against
a user table on a SQL server. On a positive validation I have saved the
userID, name, custno and role-settings in a userobject (custom build class)
and added this to the session using as session variable like session
For all other pages I have added a small test in the page_load event,
basically testing if the session != null, but also checking if the...
|
by: Rory Becker |
last post by:
Having now created a Custom MembershipProvider that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.
The next stange is to move on to the creation of content which adjusts based
on the user.
I have several pages which require a user to be logged on and several which
do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session...
|
by: Sean |
last post by:
Hi, I've taken over a website, which has an admin section that is
currently open. I added Forms Authentication to the admin directory
with the using the location section in web.config:
<location path="admin">
<system.web>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms name=".COOKIEDEMO" loginUrl="login.aspx"
protection="All" timeout="60" path="/">
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
