asp.net forms authentication override based on individual pages.

There are two ways to solve this problem.

1. Have a second page for public access to messages that filters for
messages where IsPublic=true.
2. Write your own authentication bits for the "display message" page that
alters the query based on whether the user is logged in or not.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com
Co-author: Microsoft Expression Web Bible (upcoming)

*************** *************** *************** ***
Think outside the box!
*************** *************** *************** ***
"Nalaka" <na******@nospa m.nospamwrote in message
news:uv******** ******@TK2MSFTN GP02.phx.gbl...

Hi,
I have a asp.net application with forms authentication enabled.
Users create private (database driven) messages (pages; like a message
board) that is only viewed by logged in users.

Now I need to give the users the ability to publish these messages to the
public (if they decide the content is public safe).

Question is... is there a method to override forms authentication?
For an example; some thing like a method... where I look at the URL and
retrun true or false... so forms authentication is ignored based on this
method return value....
Basically to programatically ignore forms authentication for that request
only.

Any direction is deply appreciated
Thanks
Nalaka

Hi,
The feature I like in "forms authentication" is that, it first sent to login
page, and be auto forwarded to the requested page after login.

And I noticed that this is acoomplished through a URL modification when
calling login page.
like ....
http://www.my.com/login.aspx?ReturnU...ectedPage.aspx

I will try to simulate this URL thing... and to a manual redirect to the
login page with the requested URL.
Hope this calling login page manually will auto redirect after login to the
"original requested URL".

Question is... if this works... are there any issues that I have to worry
about?

Thanks
Nalaka
"Nalaka" <na******@nospa m.nospamwrote in message
news:uv******** ******@TK2MSFTN GP02.phx.gbl...

Hi,
I have a asp.net application with forms authentication enabled.
Users create private (database driven) messages (pages; like a message
board) that is only viewed by logged in users.

Now I need to give the users the ability to publish these messages to the
public (if they decide the content is public safe).

Question is... is there a method to override forms authentication?
For an example; some thing like a method... where I look at the URL and
retrun true or false... so forms authentication is ignored based on this
method return value....
Basically to programatically ignore forms authentication for that request
only.

Any direction is deply appreciated
Thanks
Nalaka

Hi Nalaka,

Do you mean to use FormsAuthentica tion.RedirectFr omLoginPage to redirect to
the page if the user is anonymous but the page is a public one? Please note
this method is used to redirect an authenticated user back to the
originally requested URL. I don't think it's a good idea to redirect for
anonymous user.

Personally I think Gregory's first suggestion is better and simpler to
implement.
Regards,
Walter Wang (wa****@online. microsoft.com, remove 'online.')
Microsoft Online Community Support

=============== =============== =============== =====
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=============== =============== =============== =====

This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Walter,
I have a page that should be authenticated under certain request parameters.
So, in the load method of this page, I check to see if the page needs
authentication or annonumous.

In the load method, if authentication is needed, and not a already
authenticated, I redirect the user to the login page.
(In the redirect URL I also pass in parameters like
"ReturnUrl=%2fN otProtectedFold er%2fDefault.as px")

Then after legitimated login using loginPage.... asp.net sends the user back
to the originally requested URL (that was in the parameters).
Seem to work fine... when I tested.
This is not a protected folder... all I want is to go through loginPage...
only if (based on request parameters) the user needs to be
authenticated.. ...

Nalaka


"Walter Wang [MSFT]" <wa****@online. microsoft.comwr ote in message
news:gy******** ******@TK2MSFTN GHUB02.phx.gbl. ..

Hi Nalaka,

Do you mean to use FormsAuthentica tion.RedirectFr omLoginPage to redirect
to
the page if the user is anonymous but the page is a public one? Please
note
this method is used to redirect an authenticated user back to the
originally requested URL. I don't think it's a good idea to redirect for
anonymous user.

Personally I think Gregory's first suggestion is better and simpler to
implement.
Regards,
Walter Wang (wa****@online. microsoft.com, remove 'online.')
Microsoft Online Community Support

=============== =============== =============== =====
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=============== =============== =============== =====

This posting is provided "AS IS" with no warranties, and confers no
rights.

Hi Nalaka,

Thanks for the detailed explanation. If the folder where the page is
located not protected, then I think this approach should work.

Thank you again for sharing your experience here.
Regards,
Walter Wang (wa****@online. microsoft.com, remove 'online.')
Microsoft Online Community Support

=============== =============== =============== =====
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=============== =============== =============== =====

This posting is provided "AS IS" with no warranties, and confers no rights.