Hi,
I have a default.aspx which allows the user to choose between module Admin
and module B. When the user clicks either one, he will be redirected to a
FormsAuthentica tion login page. The problem I have is that currently, users
of one module are able to access the other since I have only 1 login page.
How do I prevent this ?
I am not sure how to go about configuring the web.config file for having 2
modules that have a separate set of users for each. The files are all in the
same directory. Do I have to modify the Admins role in the authorization tag
in the web.config file. if yes, then how does this "roles" keyword relate to
my c# code ?
eg.
<authorizatio n>
<allow roles="Admins"/>
</authorization>
Am I on the right path ? Any help appreaciated.
regards,
andrew 5  1487 
I think you could resolve this by having two separate roles.
Admin and ModuleB
Then just do a check using IsInRole. http://msdn.microsoft.com/library/de...RoleTopic2.asp
"Andrew" wrote: Hi,
I have a default.aspx which allows the user to choose between module Admin
and module B. When the user clicks either one, he will be redirected to a
FormsAuthentica tion login page. The problem I have is that currently, users
of one module are able to access the other since I have only 1 login page.
How do I prevent this ?
I am not sure how to go about configuring the web.config file for having 2
modules that have a separate set of users for each. The files are all in the
same directory. Do I have to modify the Admins role in the authorization tag
in the web.config file. if yes, then how does this "roles" keyword relate to
my c# code ?
eg.
<authorizatio n>
<allow roles="Admins"/>
</authorization>
Am I on the right path ? Any help appreaciated.
regards,
andrew
Hi,
Thanks for your reply.
From my understanding of the url u gave me, the role refers to the the name
of the Windows user group for which to check membership. However, the "Admin"
role that I have for my users are just for my application. Am I right ?
regards,
andrew
"Jed" wrote: I think you could resolve this by having two separate roles.
Admin and ModuleB
Then just do a check using IsInRole.
http://msdn.microsoft.com/library/de...RoleTopic2.asp
"Andrew" wrote:
Hi,
I have a default.aspx which allows the user to choose between module Admin
and module B. When the user clicks either one, he will be redirected to a
FormsAuthentica tion login page. The problem I have is that currently, users
of one module are able to access the other since I have only 1 login page.
How do I prevent this ?
I am not sure how to go about configuring the web.config file for having 2
modules that have a separate set of users for each. The files are all in the
same directory. Do I have to modify the Admins role in the authorization tag
in the web.config file. if yes, then how does this "roles" keyword relate to
my c# code ?
eg.
<authorizatio n>
<allow roles="Admins"/>
</authorization>
Am I on the right path ? Any help appreaciated.
regards,
andrew
When you use FormsAuthentica tion you are actually getting a new user context.
This is how you would access the role assignments.
HttpContext.Cur rent.User.IsInR ole("ModuleB")
You may want to test for whether the current user is authenticated with
something like this.
HttpContext.Cur rent.Request.Is Authenticated
These links may make more sense. http://aspnet.4guysfromrolla.com/art...82703-1.2.aspx http://dotnet.org.za/stuartg/articles/1415.aspx
You are probably better off breaking the two areas into subfolders. Each
subfolder could have it's own config file specifying the role access.
Alternatively, you could create an admin base page and a module b base page
where you test for roles. Then make sure relevant pages inherit from the
right one. If the roles overlap then maybe admin inherits from module b.
"Andrew" wrote: Hi,
Thanks for your reply.
From my understanding of the url u gave me, the role refers to the the name
of the Windows user group for which to check membership. However, the "Admin"
role that I have for my users are just for my application. Am I right ?
regards,
andrew
Thanks for the links, very informative articles.
"Jed" wrote: When you use FormsAuthentica tion you are actually getting a new user context.
This is how you would access the role assignments.
HttpContext.Cur rent.User.IsInR ole("ModuleB")
You may want to test for whether the current user is authenticated with
something like this.
HttpContext.Cur rent.Request.Is Authenticated
These links may make more sense.
http://aspnet.4guysfromrolla.com/art...82703-1.2.aspx
http://dotnet.org.za/stuartg/articles/1415.aspx
You are probably better off breaking the two areas into subfolders. Each
subfolder could have it's own config file specifying the role access.
Alternatively, you could create an admin base page and a module b base page
where you test for roles. Then make sure relevant pages inherit from the
right one. If the roles overlap then maybe admin inherits from module b.
"Andrew" wrote:
Hi,
Thanks for your reply.
From my understanding of the url u gave me, the role refers to the the name
of the Windows user group for which to check membership. However, the "Admin"
role that I have for my users are just for my application. Am I right ?
regards,
andrew
hi,
I've written the code for the login using the genericprincipa l class etc.
However, I got the error at "Thread was aborted" on my Login.aspx. I can't
figure out why. The debugger jumps to the exception at the
"Response.Redir ect" (last) line:
FormsAuthentica tionTicket authTicket = new FormsAuthentica tionTicket(1,
(string)Session["UserLoginN ame"], DateTime.Now, DateTime.Now.Ad dMinutes(30),
false, (string)Session["UserDomain "]);
// Encrypt the ticket
string encryptedTicket = FormsAuthentica tion.Encrypt(au thTicket);
// Create a cookie and add the encrypted ticket as data
HttpCookie authCookie = new HttpCookie(Form sAuthentication .FormsCookieNam e,
encryptedTicket );
// Add the cookie to the outgoing cookies collection
Response.Cookie s.Add(authCooki e);
Response.Redire ct(FormsAuthent ication.GetRedi rectUrl(txtUser Name.Text, true));
Any help is appreciated. Thanks
regards,
andrew
"Andrew" wrote: Thanks for the links, very informative articles.
"Jed" wrote:
When you use FormsAuthentica tion you are actually getting a new user context.
This is how you would access the role assignments.
HttpContext.Cur rent.User.IsInR ole("ModuleB")
You may want to test for whether the current user is authenticated with
something like this.
HttpContext.Cur rent.Request.Is Authenticated
These links may make more sense.
http://aspnet.4guysfromrolla.com/art...82703-1.2.aspx
http://dotnet.org.za/stuartg/articles/1415.aspx
You are probably better off breaking the two areas into subfolders. Each
subfolder could have it's own config file specifying the role access.
Alternatively, you could create an admin base page and a module b base page
where you test for roles. Then make sure relevant pages inherit from the
right one. If the roles overlap then maybe admin inherits from module b.
"Andrew" wrote:
Hi,
Thanks for your reply.
From my understanding of the url u gave me, the role refers to the the name
of the Windows user group for which to check membership. However, the "Admin"
role that I have for my users are just for my application. Am I right ?
regards,
andrew This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Gamze |
last post by:
Hi,
I have difficulties about authentication & authorization thing.
My project has an admin folder (which can only be accessed by administrator)
and a secret folder - (can be accessed by registered users).
Is it possible to store credentials in two different places and using only
one login page? (the administrator credentials in web.config file while the
registered users credentials are stored in the database).
|
by: John Buchmann |
last post by:
In my web.config, I have a section that has a name and
password:
<credentials passwordFormat="Clear">
<user name="aaa" password="bbb" />
</credentials>
Is this secure? What is to stop someone from opening up
this file (it's a simple text file), getting the
sensitive info, and then breaking into my site?
|
by: dotnetprogram |
last post by:
I have a web application in the parent directory(http://localhost/). it has
a web.config setting as follows:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="UserToken" protection="All"
timeout="60" path="/">
<credentials passwordFormat="MD5">
</credentials>
</forms>
</authentication>
|
by: CW |
last post by:
I have run into a really strange problem.
My objective is that I only want user who have authenticated themselves to
be able to access the website (and authentication is performed by form
authentication). Only a registration web page is allowed anonymous access.
I have the following contents in web.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
|
by: Bennett Haselton |
last post by:
If I add this to my web.config file:
<authentication mode="Forms">
<forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All"
timeout="60" />
</authentication>
I can configure the application so that users who try to access a page
in the application, get redirected to login.aspx where they have to
sign in. (And the "signing in" is handled in the codebehind page of
| | |
by: Benny Ng |
last post by:
Hi,all,
How to let the sub-directory to avoid the authentication control from Root's
webconfig?
I heard that we can add a new web.config to the sub-directory. And then we
can slove the problem.
Virtual directory is £ºhttp://localhost/main
Sub-directory is : http://localhost/main/reminder
|
by: Greg Scharlemann |
last post by:
I thought I had a workable approach to specifing which pages required a
redirect in a config file, but it appears the way I'm attempting to do
it is not going to work.
The idea is that I can specify in the config file all of the pages that
require a user to login otherwise the page will redirect if the user is
not logged in.
config.php looks like this:
----------------------
|
by: Andrew |
last post by:
Hi,
I have a default.aspx which allows the user to choose between module Admin
and module B. When the user clicks either one, he will be redirected to a
FormsAuthentication login page. The problem I have is that currently, users
of one module are able to access the other since I have only 1 login page.
How do I prevent this ?
I am not sure how to go about configuring the web.config file for having 2
modules that have a separate set of...
|
by: hrawada |
last post by:
Hello everyone,
I have built a simple website with a simple login page and another page
that is the destination page after logging in. The website works fine
on my machince however when I uploaded it to my website it didn't
work. This is my web.config file:
/**********************************************************************/
<?xml version="1.0" encoding="utf-8"?>
<configuration>
|
by: yancheng.cheok |
last post by:
Hello all,
I have a web application, which I had developed few years ago with
ASP .NET 1.1
Today, I would like to deploy the web application to client, using
ASP .NET 2.0 + UltiDev Cassini 2.0
I locate my whole project in a folder named C:\website\GOWatch
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| | |
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
