473,385 Members | 1,693 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > application security

Join Bytes to post your question to a community of 473,385 software developers and data experts.

application security

MW
Hi,

I'm trying to secure my application.

I'm using forms authentication and I check passwords
against a database.

I have a login.aspx page in the root of my application,
pages that I want to restrict access to are in a folder
below the root called 'secure'.

I have a web.config in the 'secure' folder with only
(I've tried having <allow users="*"/> after the deny, but
it didn't help)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

The web.config in my root has an authentication section
as such:
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

When I login, it goes to my default page, but when I try
to click a link to another page, I get redirected to the
login page.

Obviously, I'm missing something somewhere.

Any help is appreciated. Thanks.
Nov 18 '05 #1
2 1737
MW
Well I guess I'll try to re-iterate this a bit.

so at http://localhost/myApplication
I have a login page and a web.config.
I use forms authentication and test usernames and
passwords against a database.
The authentication and authorization sections of the
web.config are (there could be something missing in it):

<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

Within http://localhost/myApplication I have a folder for
the pages I want secured:
http://localhost/myApplication/Secur...Information.as
px

'Security' being a folder within the project i.e.:
c:\inetpub\wwwroot\myApplication\Security

In that security folder I have another web.config file
that contains <u>only</u>:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

(I may be missing something in there).

So the problem I am having with this setup is: when I
login, it goes to my default page, but when I try to
click a link to another page, I get redirected to the
login page.

I hope that clears up my issue so that someone can help
me.

Thanks.
-----Original Message-----
Hi,

I'm trying to secure my application.

I'm using forms authentication and I check passwords
against a database.

I have a login.aspx page in the root of my application,
pages that I want to restrict access to are in a folder
below the root called 'secure'.

I have a web.config in the 'secure' folder with only
(I've tried having <allow users="*"/> after the deny, butit didn't help)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

The web.config in my root has an authentication section
as such:
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

When I login, it goes to my default page, but when I try
to click a link to another page, I get redirected to the
login page.

Obviously, I'm missing something somewhere.

Any help is appreciated. Thanks.
.

Nov 18 '05 #2
http://msdn.microsoft.com/architectu...cnetlpmsdn.asp

chanmm

"MW" <an*******@discussions.microsoft.com> wrote in message
news:75****************************@phx.gbl...
Well I guess I'll try to re-iterate this a bit.

so at http://localhost/myApplication
I have a login page and a web.config.
I use forms authentication and test usernames and
passwords against a database.
The authentication and authorization sections of the
web.config are (there could be something missing in it):

<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

Within http://localhost/myApplication I have a folder for
the pages I want secured:
http://localhost/myApplication/Secur...Information.as
px

'Security' being a folder within the project i.e.:
c:\inetpub\wwwroot\myApplication\Security

In that security folder I have another web.config file
that contains <u>only</u>:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

(I may be missing something in there).

So the problem I am having with this setup is: when I
login, it goes to my default page, but when I try to
click a link to another page, I get redirected to the
login page.

I hope that clears up my issue so that someone can help
me.

Thanks.
-----Original Message-----
Hi,

I'm trying to secure my application.

I'm using forms authentication and I check passwords
against a database.

I have a login.aspx page in the root of my application,
pages that I want to restrict access to are in a folder
below the root called 'secure'.

I have a web.config in the 'secure' folder with only
(I've tried having <allow users="*"/> after the deny,

but
it didn't help)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

The web.config in my root has an authentication section
as such:
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

When I login, it goes to my default page, but when I try
to click a link to another page, I get redirected to the
login page.

Obviously, I'm missing something somewhere.

Any help is appreciated. Thanks.
.

Nov 18 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
C# Application not allowed to write to event log on Windows Server 2003
by: FrodoBaggins | last post by:
Dear Team, I am running Visual Studio 2003 Version 7.1.3088 on Windows Server 2003. I have written a C# application that must write to the event log. When it attempts to write to the event log,...
.NET Framework
8
Running GUI application in separate application domain
by: nickdu | last post by:
I'm trying to isolate "applications" into their own application domain within a single process. I've quoted applications because it's a logical representation of an application. Basically it...
.NET Framework
1
How to delpoy a .Net application
by: Thorpe | last post by:
I have build a .Net (C#) winform application. The application opens and reads and writes to an xml file that is stored with the assembly. When I run the program on my local PC everything works....
C# / C Sharp
1
Design Issue: Separating Application Security Model from the Application (Custom or User) Controls
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
ASP.NET
9
Asp.Net 2.0 Multiple Application Solutions
by: Graham | last post by:
I have been having some fun learning and using the new Controls and methods in .Net 2.0 which will make my life in the future easier and faster. Specifically the new databinding practises and...
ASP.NET
3
Application user login/management
by: Michael Glaesemann | last post by:
Hello all, Recently I've been thinking about different methods of managing users that log into a PostgreSQL-backed application. The users I'm thinking of are not necessarily DBAs: they're...
PostgreSQL Database
38
Conversion of an MS Access application
by: Oldie | last post by:
I have built an MS Access Application under MS Office XP (but I also own MS Office 2000). I have split the application in the pure database tables and all the queries, forms, reports and macro's. ...
Microsoft Access / VBA
5
* * * C# Application and Database Security Model * * *
by: isideveloper | last post by:
I'm building a new C# web application that will provide my company some administrative operations that were previously only completed by tweaking the data in the database. 1. Encrypted password...
C# / C Sharp
5
How to audit application actions.
by: Frank Rizzo | last post by:
I have a c# 2.0 winform app that runs under a user account with very limited rights. The application crashes on some actions (the Send Error to Microsoft screen) with unauthorized exception. ...
C# / C Sharp
7
Run Application (EXE) from ASP.Net C#
by: mxdevit | last post by:
Task: run application from ASP.NET for example, you have a button on ASP.NET page, when press this button - one application is invoked. the code to run application (for example, notepad) is...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!