I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:
<location path="Admin">
<system.web>
<authenticati on mode="Forms">
<forms name="authAdmin " loginUrl="Login .aspx" protection="All " timeout="30">
<credentials passwordFormat= "Clear">
<user name="Admin" password="pass"/>
<user name="Ashlyinn" password="pass"/>
</credentials>
</forms>
</authentication>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</location>
The problem is event if I put in the proper valid credentials authorization
fails.
Any suggestions?
Thanks, Justin. 7  2025 
Hey Justin,
When u mean authorization do u mean th user can login but he is not
getting the appropriate resources?
That means is he authenticated?
"Justin" wrote: I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:
<location path="Admin">
<system.web>
<authenticati on mode="Forms">
<forms name="authAdmin " loginUrl="Login .aspx" protection="All " timeout="30">
<credentials passwordFormat= "Clear">
<user name="Admin" password="pass"/>
<user name="Ashlyinn" password="pass"/>
</credentials>
</forms>
</authentication>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</location>
The problem is event if I put in the proper valid credentials authorization
fails.
Any suggestions?
Thanks, Justin.
No, the user is not authenticated at all, meaning it goes to the else
statement in the code below no matter what:
private void Login_Click(obj ect sender, System.EventArg s e)
{
if (FormsAuthentic ation.Authentic ate(Email.Text, Password.Text))
{
FormsAuthentica tion.RedirectFr omLoginPage(Ema il.Text, false);
}
else
{
lblStatus.Text = "Authentica tion Failed.";
}
}
"Patrick.O. Ige" wrote: Hey Justin,
When u mean authorization do u mean th user can login but he is not
getting the appropriate resources?
That means is he authenticated?
"Justin" wrote:
I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:
<location path="Admin">
<system.web>
<authenticati on mode="Forms">
<forms name="authAdmin " loginUrl="Login .aspx" protection="All " timeout="30">
<credentials passwordFormat= "Clear">
<user name="Admin" password="pass"/>
<user name="Ashlyinn" password="pass"/>
</credentials>
</forms>
</authentication>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</location>
The problem is event if I put in the proper valid credentials authorization
fails.
Any suggestions?
Thanks, Justin.
Ok Justin so No authentication at al!!
Are u sure u have all the right settings?
First check to see whether u have Anonymous Auth checked in IIS.
Got to ur WebServer and right click on ur Virtual Directory of ur
Application >Go to Properties >Directory security TAB> On the Anonymouse
Access and Auth control
click EDIT and make sure u check Anonymous access!
Also make sure u have :- <identity impersonate="tr ue" /> placed in ur
web.config
Try all that!
Let me know if it works for u..if not post ur Question.
"Justin" wrote: No, the user is not authenticated at all, meaning it goes to the else
statement in the code below no matter what:
private void Login_Click(obj ect sender, System.EventArg s e)
{
if (FormsAuthentic ation.Authentic ate(Email.Text, Password.Text))
{
FormsAuthentica tion.RedirectFr omLoginPage(Ema il.Text, false);
}
else
{
lblStatus.Text = "Authentica tion Failed.";
}
}
"Patrick.O. Ige" wrote:
Hey Justin,
When u mean authorization do u mean th user can login but he is not
getting the appropriate resources?
That means is he authenticated?
"Justin" wrote:
I am trying to password protect a subdirectory using forms authentication. I
am using the "Location" tag to specify the directory to be protected. The
login.aspx page is in the root directory of the app. Here is the web.config:
<location path="Admin">
<system.web>
<authenticati on mode="Forms">
<forms name="authAdmin " loginUrl="Login .aspx" protection="All " timeout="30">
<credentials passwordFormat= "Clear">
<user name="Admin" password="pass"/>
<user name="Ashlyinn" password="pass"/>
</credentials>
</forms>
</authentication>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</location>
The problem is event if I put in the proper valid credentials authorization
fails.
Any suggestions?
Thanks, Justin.
Well, unfortunetly it still does not work. I am sure its something simle but
sometimes simple problems are hard to fix.
Thanks for the help.
Justin.
"Patrick.O. Ige" wrote: Ok Justin so No authentication at al!!
Are u sure u have all the right settings?
First check to see whether u have Anonymous Auth checked in IIS.
Got to ur WebServer and right click on ur Virtual Directory of ur
Application >Go to Properties >Directory security TAB> On the Anonymouse
Access and Auth control
click EDIT and make sure u check Anonymous access!
Also make sure u have :- <identity impersonate="tr ue" /> placed in ur
web.config
Try all that!
Let me know if it works for u..if not post ur Question.
"Justin" wrote:
No, the user is not authenticated at all, meaning it goes to the else
statement in the code below no matter what:
private void Login_Click(obj ect sender, System.EventArg s e)
{
if (FormsAuthentic ation.Authentic ate(Email.Text, Password.Text))
{
FormsAuthentica tion.RedirectFr omLoginPage(Ema il.Text, false);
}
else
{
lblStatus.Text = "Authentica tion Failed.";
}
}
"Patrick.O. Ige" wrote:
Hey Justin,
When u mean authorization do u mean th user can login but he is not
getting the appropriate resources?
That means is he authenticated?
"Justin" wrote:
> I am trying to password protect a subdirectory using forms authentication. I
> am using the "Location" tag to specify the directory to be protected. The
> login.aspx page is in the root directory of the app. Here is the web.config:
>
> <location path="Admin">
> <system.web>
> <authenticati on mode="Forms">
> <forms name="authAdmin " loginUrl="Login .aspx" protection="All " timeout="30">
> <credentials passwordFormat= "Clear">
> <user name="Admin" password="pass"/>
> <user name="Ashlyinn" password="pass"/>
> </credentials>
> </forms>
> </authentication>
> <authorizatio n>
> <deny users="?"/>
> </authorization>
> </system.web>
> </location>
>
> The problem is event if I put in the proper valid credentials authorization
> fails.
>
> Any suggestions?
>
> Thanks, Justin.
Just try looking through ur code carefully ok!
Justin try looking through:-Forms Authentication here:- http://samples.gotdotnet.com/quickstart/aspplus/
o http://support.microsoft.com/default...301240&SD=MSDN
or http://www.costudio.com/form_auth.asp
"Justin" wrote: Well, unfortunetly it still does not work. I am sure its something simle but
sometimes simple problems are hard to fix.
Thanks for the help.
Justin.
"Patrick.O. Ige" wrote:
Ok Justin so No authentication at al!!
Are u sure u have all the right settings?
First check to see whether u have Anonymous Auth checked in IIS.
Got to ur WebServer and right click on ur Virtual Directory of ur
Application >Go to Properties >Directory security TAB> On the Anonymouse
Access and Auth control
click EDIT and make sure u check Anonymous access!
Also make sure u have :- <identity impersonate="tr ue" /> placed in ur
web.config
Try all that!
Let me know if it works for u..if not post ur Question.
"Justin" wrote:
No, the user is not authenticated at all, meaning it goes to the else
statement in the code below no matter what:
private void Login_Click(obj ect sender, System.EventArg s e)
{
if (FormsAuthentic ation.Authentic ate(Email.Text, Password.Text))
{
FormsAuthentica tion.RedirectFr omLoginPage(Ema il.Text, false);
}
else
{
lblStatus.Text = "Authentica tion Failed.";
}
}
"Patrick.O. Ige" wrote:
> Hey Justin,
> When u mean authorization do u mean th user can login but he is not
> getting the appropriate resources?
> That means is he authenticated?
>
>
>
> "Justin" wrote:
>
> > I am trying to password protect a subdirectory using forms authentication. I
> > am using the "Location" tag to specify the directory to be protected. The
> > login.aspx page is in the root directory of the app. Here is the web.config:
> >
> > <location path="Admin">
> > <system.web>
> > <authenticati on mode="Forms">
> > <forms name="authAdmin " loginUrl="Login .aspx" protection="All " timeout="30">
> > <credentials passwordFormat= "Clear">
> > <user name="Admin" password="pass"/>
> > <user name="Ashlyinn" password="pass"/>
> > </credentials>
> > </forms>
> > </authentication>
> > <authorizatio n>
> > <deny users="?"/>
> > </authorization>
> > </system.web>
> > </location>
> >
> > The problem is event if I put in the proper valid credentials authorization
> > fails.
> >
> > Any suggestions?
> >
> > Thanks, Justin.
This link shoud help for sure:- http://www.15seconds.com/issue/020220.htm
And by the way in ur Web.Config why don't u do:-
<configuratio n>
<system.web>
<customErrors mode="Off"/>
<authenticati on mode="Forms">
<forms name="appNameAu th" path="/" loginUrl="login .aspx"
protection="All " timeout="30">
<credentials passwordFormat= "Clear">
<user name="jeff" password="test" />
<user name="mike" password="test" />
</credentials>
</forms>
</authentication>
<authorizatio n>
<deny users="?" />
</authorization>
</system.web>
</configuration>
And then if u want to perform Auhtorization use the location PATH and specify
whch users can see access contents of a particular FOLDER!
GDLUCK
"Patrick.O. Ige" wrote: Just try looking through ur code carefully ok!
Justin try looking through:-Forms Authentication here:-
http://samples.gotdotnet.com/quickstart/aspplus/
or
http://support.microsoft.com/default...301240&SD=MSDN
or
http://www.costudio.com/form_auth.asp
"Justin" wrote:
Well, unfortunetly it still does not work. I am sure its something simle but
sometimes simple problems are hard to fix.
Thanks for the help.
Justin.
"Patrick.O. Ige" wrote:
Ok Justin so No authentication at al!!
Are u sure u have all the right settings?
First check to see whether u have Anonymous Auth checked in IIS.
Got to ur WebServer and right click on ur Virtual Directory of ur
Application >Go to Properties >Directory security TAB> On the Anonymouse
Access and Auth control
click EDIT and make sure u check Anonymous access!
Also make sure u have :- <identity impersonate="tr ue" /> placed in ur
web.config
Try all that!
Let me know if it works for u..if not post ur Question.
"Justin" wrote:
> No, the user is not authenticated at all, meaning it goes to the else
> statement in the code below no matter what:
>
> private void Login_Click(obj ect sender, System.EventArg s e)
> {
> if (FormsAuthentic ation.Authentic ate(Email.Text, Password.Text))
> {
> FormsAuthentica tion.RedirectFr omLoginPage(Ema il.Text, false);
> }
> else
> {
> lblStatus.Text = "Authentica tion Failed.";
> }
> }
>
>
>
> "Patrick.O. Ige" wrote:
>
> > Hey Justin,
> > When u mean authorization do u mean th user can login but he is not
> > getting the appropriate resources?
> > That means is he authenticated?
> >
> >
> >
> > "Justin" wrote:
> >
> > > I am trying to password protect a subdirectory using forms authentication. I
> > > am using the "Location" tag to specify the directory to be protected. The
> > > login.aspx page is in the root directory of the app. Here is the web.config:
> > >
> > > <location path="Admin">
> > > <system.web>
> > > <authenticati on mode="Forms">
> > > <forms name="authAdmin " loginUrl="Login .aspx" protection="All " timeout="30">
> > > <credentials passwordFormat= "Clear">
> > > <user name="Admin" password="pass"/>
> > > <user name="Ashlyinn" password="pass"/>
> > > </credentials>
> > > </forms>
> > > </authentication>
> > > <authorizatio n>
> > > <deny users="?"/>
> > > </authorization>
> > > </system.web>
> > > </location>
> > >
> > > The problem is event if I put in the proper valid credentials authorization
> > > fails.
> > >
> > > Any suggestions?
> > >
> > > Thanks, Justin.
Ok, I am getting closer to getting this to work the only problem is that
after loging in it redirects to default.aspx in the root directory instead of
admin/default.aspx.
How do I manualy set redirect url?
"Patrick.O. Ige" wrote: This link shoud help for sure:-
http://www.15seconds.com/issue/020220.htm
And by the way in ur Web.Config why don't u do:-
<configuratio n>
<system.web>
<customErrors mode="Off"/>
<authenticati on mode="Forms">
<forms name="appNameAu th" path="/" loginUrl="login .aspx"
protection="All " timeout="30">
<credentials passwordFormat= "Clear">
<user name="jeff" password="test" />
<user name="mike" password="test" />
</credentials>
</forms>
</authentication>
<authorizatio n>
<deny users="?" />
</authorization>
</system.web>
</configuration>
And then if u want to perform Auhtorization use the location PATH and specify
whch users can see access contents of a particular FOLDER!
GDLUCK
"Patrick.O. Ige" wrote:
Just try looking through ur code carefully ok!
Justin try looking through:-Forms Authentication here:-
http://samples.gotdotnet.com/quickstart/aspplus/
or
http://support.microsoft.com/default...301240&SD=MSDN
or
http://www.costudio.com/form_auth.asp
"Justin" wrote:
Well, unfortunetly it still does not work. I am sure its something simle but
sometimes simple problems are hard to fix.
Thanks for the help.
Justin.
"Patrick.O. Ige" wrote:
> Ok Justin so No authentication at al!!
> Are u sure u have all the right settings?
> First check to see whether u have Anonymous Auth checked in IIS.
> Got to ur WebServer and right click on ur Virtual Directory of ur
> Application >Go to Properties >Directory security TAB> On the Anonymouse
> Access and Auth control
> click EDIT and make sure u check Anonymous access!
> Also make sure u have :- <identity impersonate="tr ue" /> placed in ur
> web.config
> Try all that!
> Let me know if it works for u..if not post ur Question.
>
>
>
> "Justin" wrote:
>
> > No, the user is not authenticated at all, meaning it goes to the else
> > statement in the code below no matter what:
> >
> > private void Login_Click(obj ect sender, System.EventArg s e)
> > {
> > if (FormsAuthentic ation.Authentic ate(Email.Text, Password.Text))
> > {
> > FormsAuthentica tion.RedirectFr omLoginPage(Ema il.Text, false);
> > }
> > else
> > {
> > lblStatus.Text = "Authentica tion Failed.";
> > }
> > }
> >
> >
> >
> > "Patrick.O. Ige" wrote:
> >
> > > Hey Justin,
> > > When u mean authorization do u mean th user can login but he is not
> > > getting the appropriate resources?
> > > That means is he authenticated?
> > >
> > >
> > >
> > > "Justin" wrote:
> > >
> > > > I am trying to password protect a subdirectory using forms authentication. I
> > > > am using the "Location" tag to specify the directory to be protected. The
> > > > login.aspx page is in the root directory of the app. Here is the web.config:
> > > >
> > > > <location path="Admin">
> > > > <system.web>
> > > > <authenticati on mode="Forms">
> > > > <forms name="authAdmin " loginUrl="Login .aspx" protection="All " timeout="30">
> > > > <credentials passwordFormat= "Clear">
> > > > <user name="Admin" password="pass"/>
> > > > <user name="Ashlyinn" password="pass"/>
> > > > </credentials>
> > > > </forms>
> > > > </authentication>
> > > > <authorizatio n>
> > > > <deny users="?"/>
> > > > </authorization>
> > > > </system.web>
> > > > </location>
> > > >
> > > > The problem is event if I put in the proper valid credentials authorization
> > > > fails.
> > > >
> > > > Any suggestions?
> > > >
> > > > Thanks, Justin. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Billy Jacobs |
last post by:
I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?
Originally I had my web.config file in the root with Forms
Authentication set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.
I then created 2 directories. One named Secure and...
|
by: Kris van der Mast |
last post by:
Hi,
I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be protected by forms authentication.
When I create forms authentication at root level it works but when I move my
code up to the subfolder I get this...
|
by: Daniel Walzenbach |
last post by:
Hi,
I have an application using "Forms authentication".
Everything works perfectly well except when I try to open
a new page with java script like the following:
<script language='javascript'>window.open
(myPage.aspx','','Fullscreen=no; Scrollbars=yes;
Menubar=no; Locationbar=no; Resizable=yes; Status=no;')
</script>
|
by: Anonieko Ramos |
last post by:
ASP.NET Forms Authentication Best Practices
Dr. Dobb's Journal February 2004
Protecting user information is critical
By Douglas Reilly
Douglas is the author of Designing Microsoft ASP.NET Applications and
owner of Access Microsystems. Doug can be reached at
doug@accessmicrosystems.com....
|
by: V. Jenks |
last post by:
Using forms authentication, can I control which pages
and/or directories a user would have access to or is that
only available with Windows authentication?
Thanks!
| | |
by: chris.rust |
last post by:
Has anyone else had any trouble setting up a sitemap view to be
filtered by roles?
We've put a cust role provider in place, and we can verify that it's
only being called once for each connection, and is returning the
correct roles, but...
When we specify a role on the top sitemapnode that role seems to add to
the roles on lower level...
|
by: =?Utf-8?B?R3V1czEyMw==?= |
last post by:
Hi,
I created a web site on a remote server. To logon the user must enter a user
id and password. The site is uses Forms Authentication.
The web config file looks as follows:
<configuration>
<system.web>
<customErrors mode="Off"/>
|
by: Bjorn Sagbakken |
last post by:
In a web-application with login creds (user, pwd), these are checked against
a user table on a SQL server. On a positive validation I have saved the
userID, name, custno and role-settings in a userobject (custom build class)
and added this to the session using as session variable like session
For all other pages I have added a small test in...
|
by: Rory Becker |
last post by:
Having now created a Custom MembershipProvider that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.
The next stange is to move on to the creation of content which adjusts based
on the user.
I have several pages which require a user to be logged on and several which
do not. Prior to this...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
