473,809 Members | 2,703 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Please help: Forms authentication - securing folders in application


I have build an ASP.NET application and would like to protect various
folders containing aspnet pages for various usertypes.

/Admin
/Manager
/User

I've created a login on the default.aspx in the root of the project. After
typing username/password and hitting the login button the user is validated
against a USER/ROLE Table in the database and an object having the
IPrincipal interface (BusinessPrinci pal) is created (with one role (in
uppercase) attached to it) and is put into the CurrentPrincipa l.

In my /web.config I have :
....
<authenticati on mode="Forms" >
<forms name="Default" loginUrl="Defau lt.aspx" protection="All "
timeout="60" />
</authentication>

<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
<!-- secure path Admin -->
<location path="Admin">
<system.web>
<authorizatio n>
<allow roles="ADMIN" /> <!-- Allow all users have role ADMIN -->
<deny users="*" /> <!-- and DisAllow all other
users -->
</authorization>
</system.web>
</location>

I've also tried leaving out the last part '-- secure path admin --' and
putting it in a web.config within the Admin folder like this :

<configuratio n>
<location>
<system.web>
<authorizatio n>
<allow roles="ADMIN" />
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>

But it doesn't seem to work, if I login (having role ADMIN !!) I get
redirected to my login page with the returnUrl of Admin/Default.aspx

Can anyone enlighten me and/or give me some advice on this. I would like to
prevent a User from gaining access to Admin or Manager pages.
Jurjen.
Nov 18 '05 #1
0 1023

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
4845
Secure and Unsecure Web Directories using Forms Authentication
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms Authentication set up and it worked just fine. Then I realized that I needed to have some pages unsecure. I then created 2 directories. One named Secure and the other named Public. I placed my web.config file in my
.NET Framework
5
2074
ReDirect - Please Help
by: PaulThomas | last post by:
Working with XP-Pro and VS.Net I have set my Start Page to "Home.aspx" but the application always starts the "Login" page - - - How can I change the start page to the Home.aspx??? On the login page that displays I have private void LinkButton1_Click(object sender, System.EventArgs e) { bool MyVar = true; Msg.Text = "ReDirecting to Home.aspx"; Response.Redirect("Home.aspx",MyVar); }
.NET Framework
3
4874
Forms authentication in a subfolder problem, please help
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be protected by forms authentication. When I create forms authentication at root level it works but when I move my code up to the subfolder I get this error: Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
ASP.NET
2
2519
Forms Authentication question: How to have some pages open and some requiring forms authentication
by: Eric | last post by:
I am trying to build an app where the stuff in the root directory is open to all, but anything under the Restricted directory requires you to login and I want to use Forms to do it. I'm having trouble getting the web.config to work properly. First I tried to have a second web.config in the sub directory with authentication and authorization set to forms, but it blew up. Next, I tried to modify the root web.config in the following manner...
ASP.NET
3
1959
Protecting PDFs with Forms Authentication?
by: Mike Kingscott | last post by:
Hi there, I'm writing an app in which a punter buys some PDFs online. After purchasing said PDFs, they will be given a token (bless them Guids) to go to a download .ASPX page from which they can download the PDFs. I'm planning to use Forms Authentication to protect the .ASPX page which gives them the list of PDFs they can download (driven by the token, which will be their order number or similar). The page will also only allow 10...
ASP.NET
3
3015
File level permissions using the web.config & forms authentication
by: Stu Lock | last post by:
Hi, Is there a way of requiring a log in for individual asp.net pages rather than securing a entire directory. I have a web app where there are 100+ pages but only 2 need to be password protected. I am currently using forms authentication to block the entire folder: <authentication mode="Forms"> <forms name=".MYCOOKIE" loginUrl="login.aspx"
ASP.NET
5
1670
Excluding certian pages from Forms authentication
by: Samba | last post by:
Hi, I've a web application and I'm using Forms authentication. My app contains some pages that can be viewed by everyone and it doesn't require any authentication or authoization and these pages mostly come at the start of the application. After a couple of such 'general' pages, the login screen comes. How do tackle this situation? Advance thanks for throwing any light on this --
ASP.NET
1
2436
Remoting security with IIS and custom Forms authentication
by: miha.valencic | last post by:
Hi! What are the options for securing remote objects, which are accessible through IIS, when you have an application deployed on the same server, which uses custom Forms authentication? Scenario: Server hosts app a, which is configured as: authentication:Forms, authorization: deny users="?".
ASP.NET
3
7222
Forms Authentication question in web.config
by: =?Utf-8?B?TWlrZSBDb2xsaW5z?= | last post by:
I have a web application that I started building. I created a master page with some javascript in the head: <script src="<%# Request.ApplicationPath%>/Scripts/Main.js" type="text/javascript"></script> I am also using themes and set my default theme in webconfig: <pages theme="Default"> <controls>
ASP.NET
0
9721
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10376
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10379
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
10115
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
9199
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7660
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5550
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
4332
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3861
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us