467,169 Members | 968 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,169 developers. It's quick & easy.

application security

MW
Hi,

I'm trying to secure my application.

I'm using forms authentication and I check passwords
against a database.

I have a login.aspx page in the root of my application,
pages that I want to restrict access to are in a folder
below the root called 'secure'.

I have a web.config in the 'secure' folder with only
(I've tried having <allow users="*"/> after the deny, but
it didn't help)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

The web.config in my root has an authentication section
as such:
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

When I login, it goes to my default page, but when I try
to click a link to another page, I get redirected to the
login page.

Obviously, I'm missing something somewhere.

Any help is appreciated. Thanks.
Nov 18 '05 #1
  • viewed: 1566
Share:
2 Replies
MW
Well I guess I'll try to re-iterate this a bit.

so at http://localhost/myApplication
I have a login page and a web.config.
I use forms authentication and test usernames and
passwords against a database.
The authentication and authorization sections of the
web.config are (there could be something missing in it):

<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

Within http://localhost/myApplication I have a folder for
the pages I want secured:
http://localhost/myApplication/Secur...Information.as
px

'Security' being a folder within the project i.e.:
c:\inetpub\wwwroot\myApplication\Security

In that security folder I have another web.config file
that contains <u>only</u>:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

(I may be missing something in there).

So the problem I am having with this setup is: when I
login, it goes to my default page, but when I try to
click a link to another page, I get redirected to the
login page.

I hope that clears up my issue so that someone can help
me.

Thanks.
-----Original Message-----
Hi,

I'm trying to secure my application.

I'm using forms authentication and I check passwords
against a database.

I have a login.aspx page in the root of my application,
pages that I want to restrict access to are in a folder
below the root called 'secure'.

I have a web.config in the 'secure' folder with only
(I've tried having <allow users="*"/> after the deny, butit didn't help)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

The web.config in my root has an authentication section
as such:
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

When I login, it goes to my default page, but when I try
to click a link to another page, I get redirected to the
login page.

Obviously, I'm missing something somewhere.

Any help is appreciated. Thanks.
.

Nov 18 '05 #2
http://msdn.microsoft.com/architectu...cnetlpmsdn.asp

chanmm

"MW" <an*******@discussions.microsoft.com> wrote in message
news:75****************************@phx.gbl...
Well I guess I'll try to re-iterate this a bit.

so at http://localhost/myApplication
I have a login page and a web.config.
I use forms authentication and test usernames and
passwords against a database.
The authentication and authorization sections of the
web.config are (there could be something missing in it):

<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

Within http://localhost/myApplication I have a folder for
the pages I want secured:
http://localhost/myApplication/Secur...Information.as
px

'Security' being a folder within the project i.e.:
c:\inetpub\wwwroot\myApplication\Security

In that security folder I have another web.config file
that contains <u>only</u>:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

(I may be missing something in there).

So the problem I am having with this setup is: when I
login, it goes to my default page, but when I try to
click a link to another page, I get redirected to the
login page.

I hope that clears up my issue so that someone can help
me.

Thanks.
-----Original Message-----
Hi,

I'm trying to secure my application.

I'm using forms authentication and I check passwords
against a database.

I have a login.aspx page in the root of my application,
pages that I want to restrict access to are in a folder
below the root called 'secure'.

I have a web.config in the 'secure' folder with only
(I've tried having <allow users="*"/> after the deny,

but
it didn't help)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

The web.config in my root has an authentication section
as such:
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

When I login, it goes to my default page, but when I try
to click a link to another page, I get redirected to the
login page.

Obviously, I'm missing something somewhere.

Any help is appreciated. Thanks.
.

Nov 18 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Thorpe | last post: by
9 posts views Thread by Graham | last post: by
3 posts views Thread by Michael Glaesemann | last post: by
5 posts views Thread by Frank Rizzo | last post: by
7 posts views Thread by mxdevit@gmail.com | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.