By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
431,780 Members | 1,549 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 431,780 IT Pros & Developers. It's quick & easy.

ASP.NET login authentication

P: n/a
Hi,

Got an asp.net application and I use the "forms" authentication mode defined
in the web.config file.

Everything works fine.
But now I would like to add a second, different login page for the users
that go in a specific folder.
How can I do this?

I tried this:

my root web.config contains:
-----------------------------
<authentication mode="Forms">
<forms name="GLWEB.ASPXAUTH"
loginUrl="login.aspx"
protection="All"
timeout="500"
path="/"
/>
</authentication>

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
-----------------------------

But for the folder /members I want another login page, so I inserted this in
the web.config in the folder /members:
-----------------------------
<authentication mode="Forms">
<forms name="GLWEB.ASPXAUTH"
loginUrl="/members/login.aspx"
protection="All"
timeout="500"
path="/"
/>
</authentication>

<authorization>
<allow roles="member" />
<deny users="*" />
</authorization>
-------------------------------

Hope someone can help me.
THX !
Nov 18 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Hi,

What I do is I use one login page but then I create <location> tags. These
tags specify which users in which roles get to access pages in specific
folders. Be sure to assign roles to your users when they login. For
example:

<location path="Members/Administrator">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Members/Registered">
<system.web>
<authorization>
<allow roles="Registered"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Members/Shared">
<system.web>
<authorization>
<allow roles="Administrator, Registered"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

The top location tag allows only people in the Administrator role to access
pages in the /Members/Administrator folder. The second tag allows
Registered users to view their pages. The third allows both Administrators
and Registered users to view the Shared folder. I put my <location> tags
directly above my <system.web> tag and directly below my <configuration> tag
in the Web.config file. Doing it this way you only need to have 1 login per
user and then they can go wherever they are allowed to. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight

"nicholas" <mu********@hotmail.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Hi,

Got an asp.net application and I use the "forms" authentication mode defined in the web.config file.

Everything works fine.
But now I would like to add a second, different login page for the users
that go in a specific folder.
How can I do this?

I tried this:

my root web.config contains:
-----------------------------
<authentication mode="Forms">
<forms name="GLWEB.ASPXAUTH"
loginUrl="login.aspx"
protection="All"
timeout="500"
path="/"
/>
</authentication>

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
-----------------------------

But for the folder /members I want another login page, so I inserted this in the web.config in the folder /members:
-----------------------------
<authentication mode="Forms">
<forms name="GLWEB.ASPXAUTH"
loginUrl="/members/login.aspx"
protection="All"
timeout="500"
path="/"
/>
</authentication>

<authorization>
<allow roles="member" />
<deny users="*" />
</authorization>
-------------------------------

Hope someone can help me.
THX !

Nov 18 '05 #2

P: n/a
THX a lot for your reply.

Yes, indeed, I also use roles.
But I define those roles in a database, so you can add as much users and
roles as you want.

But I would like to have different login pages.
The look and feel of the admin-login-page is not the same as the look and
feel of the members-login-page.

There should be a way of doing this, but I allready searched around the net
and didn't found it.
Hope someone on this forum has an idea.

THX anyway,
Frédéric

__________________________________________________ __
---------------------------------------------------------------------
GIFTLIST
www.giftlist.be
Open your gift list in more than 100 shops in Belgium
Open Uw Geschenkenlijst in meer dan 100 winkels in België
Ouvrez votre liste de cadeau dans plus de 100 boutiques en Belgique
---------------------------------------------------------------------
"Ken Dopierala Jr." <kd*********@wi.rr.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Hi,

What I do is I use one login page but then I create <location> tags. These tags specify which users in which roles get to access pages in specific
folders. Be sure to assign roles to your users when they login. For
example:

<location path="Members/Administrator">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Members/Registered">
<system.web>
<authorization>
<allow roles="Registered"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Members/Shared">
<system.web>
<authorization>
<allow roles="Administrator, Registered"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

The top location tag allows only people in the Administrator role to access pages in the /Members/Administrator folder. The second tag allows
Registered users to view their pages. The third allows both Administrators and Registered users to view the Shared folder. I put my <location> tags
directly above my <system.web> tag and directly below my <configuration> tag in the Web.config file. Doing it this way you only need to have 1 login per user and then they can go wherever they are allowed to. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight

"nicholas" <mu********@hotmail.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Hi,

Got an asp.net application and I use the "forms" authentication mode defined
in the web.config file.

Everything works fine.
But now I would like to add a second, different login page for the users
that go in a specific folder.
How can I do this?

I tried this:

my root web.config contains:
-----------------------------
<authentication mode="Forms">
<forms name="GLWEB.ASPXAUTH"
loginUrl="login.aspx"
protection="All"
timeout="500"
path="/"
/>
</authentication>

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
-----------------------------

But for the folder /members I want another login page, so I inserted

this in
the web.config in the folder /members:
-----------------------------
<authentication mode="Forms">
<forms name="GLWEB.ASPXAUTH"
loginUrl="/members/login.aspx"
protection="All"
timeout="500"
path="/"
/>
</authentication>

<authorization>
<allow roles="member" />
<deny users="*" />
</authorization>
-------------------------------

Hope someone can help me.
THX !


Nov 18 '05 #3

P: n/a
Hi,

I don't think you can do what you are looking for in the Web.config file.
You can only have 1 login page per app. However there might be a work
around. In your login page use this:

FormsAuthentication.GetRedirectUrl

That will tell you what page your user is looking to get to. Check this in
the Page_Load event of your login page. By checking out the value of this
you may be able to determine the type of user based on where they want to
go. Then if this is a member instead of an admin use a Response.Redirect()
in the Page_Load to go to the members login page. Once there check if they
are authenticated. If they are, manually redirect them yourself to the
FormsAuthentication.GetRedirectUrl result. I don't know if this will work
but if it does let us know because then maybe I'll use that way in the
future too. Good luck! Ken.

"nicholas" <mu********@hotmail.com> wrote in message
news:eW**************@TK2MSFTNGP09.phx.gbl...
THX a lot for your reply.

Yes, indeed, I also use roles.
But I define those roles in a database, so you can add as much users and
roles as you want.

But I would like to have different login pages.
The look and feel of the admin-login-page is not the same as the look and
feel of the members-login-page.

There should be a way of doing this, but I allready searched around the net and didn't found it.
Hope someone on this forum has an idea.

THX anyway,
Frédéric

__________________________________________________ __
---------------------------------------------------------------------
GIFTLIST
www.giftlist.be
Open your gift list in more than 100 shops in Belgium
Open Uw Geschenkenlijst in meer dan 100 winkels in België
Ouvrez votre liste de cadeau dans plus de 100 boutiques en Belgique
---------------------------------------------------------------------
"Ken Dopierala Jr." <kd*********@wi.rr.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Hi,

What I do is I use one login page but then I create <location> tags.

These
tags specify which users in which roles get to access pages in specific
folders. Be sure to assign roles to your users when they login. For
example:

<location path="Members/Administrator">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Members/Registered">
<system.web>
<authorization>
<allow roles="Registered"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Members/Shared">
<system.web>
<authorization>
<allow roles="Administrator, Registered"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

The top location tag allows only people in the Administrator role to

access
pages in the /Members/Administrator folder. The second tag allows
Registered users to view their pages. The third allows both

Administrators
and Registered users to view the Shared folder. I put my <location> tags directly above my <system.web> tag and directly below my <configuration>

tag
in the Web.config file. Doing it this way you only need to have 1 login

per
user and then they can go wherever they are allowed to. Good luck! Ken.
--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight

"nicholas" <mu********@hotmail.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Hi,

Got an asp.net application and I use the "forms" authentication mode

defined
in the web.config file.

Everything works fine.
But now I would like to add a second, different login page for the users that go in a specific folder.
How can I do this?

I tried this:

my root web.config contains:
-----------------------------
<authentication mode="Forms">
<forms name="GLWEB.ASPXAUTH"
loginUrl="login.aspx"
protection="All"
timeout="500"
path="/"
/>
</authentication>

<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
-----------------------------

But for the folder /members I want another login page, so I inserted

this
in
the web.config in the folder /members:
-----------------------------
<authentication mode="Forms">
<forms name="GLWEB.ASPXAUTH"
loginUrl="/members/login.aspx"
protection="All"
timeout="500"
path="/"
/>
</authentication>

<authorization>
<allow roles="member" />
<deny users="*" />
</authorization>
-------------------------------

Hope someone can help me.
THX !



Nov 18 '05 #4

P: n/a
Good idea !
I'll try it out.

THX a lot,
Frédéric

"Ken Dopierala Jr." <kd*********@wi.rr.com> wrote in message
news:eb****************@TK2MSFTNGP09.phx.gbl...
Hi,

I don't think you can do what you are looking for in the Web.config file.
You can only have 1 login page per app. However there might be a work
around. In your login page use this:

FormsAuthentication.GetRedirectUrl

That will tell you what page your user is looking to get to. Check this in the Page_Load event of your login page. By checking out the value of this
you may be able to determine the type of user based on where they want to
go. Then if this is a member instead of an admin use a Response.Redirect() in the Page_Load to go to the members login page. Once there check if they are authenticated. If they are, manually redirect them yourself to the
FormsAuthentication.GetRedirectUrl result. I don't know if this will work
but if it does let us know because then maybe I'll use that way in the
future too. Good luck! Ken.

"nicholas" <mu********@hotmail.com> wrote in message
news:eW**************@TK2MSFTNGP09.phx.gbl...
THX a lot for your reply.

Yes, indeed, I also use roles.
But I define those roles in a database, so you can add as much users and
roles as you want.

But I would like to have different login pages.
The look and feel of the admin-login-page is not the same as the look and
feel of the members-login-page.

There should be a way of doing this, but I allready searched around the

net
and didn't found it.
Hope someone on this forum has an idea.

THX anyway,
Frédéric

__________________________________________________ __
---------------------------------------------------------------------
GIFTLIST
www.giftlist.be
Open your gift list in more than 100 shops in Belgium
Open Uw Geschenkenlijst in meer dan 100 winkels in België
Ouvrez votre liste de cadeau dans plus de 100 boutiques en Belgique
---------------------------------------------------------------------
"Ken Dopierala Jr." <kd*********@wi.rr.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
Hi,

What I do is I use one login page but then I create <location> tags.

These
tags specify which users in which roles get to access pages in specific folders. Be sure to assign roles to your users when they login. For
example:

<location path="Members/Administrator">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Members/Registered">
<system.web>
<authorization>
<allow roles="Registered"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Members/Shared">
<system.web>
<authorization>
<allow roles="Administrator, Registered"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

The top location tag allows only people in the Administrator role to

access
pages in the /Members/Administrator folder. The second tag allows
Registered users to view their pages. The third allows both

Administrators
and Registered users to view the Shared folder. I put my <location> tags directly above my <system.web> tag and directly below my
<configuration> tag
in the Web.config file. Doing it this way you only need to have 1
login per
user and then they can go wherever they are allowed to. Good luck!

Ken.
--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight

"nicholas" <mu********@hotmail.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl...
> Hi,
>
> Got an asp.net application and I use the "forms" authentication mode
defined
> in the web.config file.
>
> Everything works fine.
> But now I would like to add a second, different login page for the users > that go in a specific folder.
> How can I do this?
>
> I tried this:
>
> my root web.config contains:
> -----------------------------
> <authentication mode="Forms">
> <forms name="GLWEB.ASPXAUTH"
> loginUrl="login.aspx"
> protection="All"
> timeout="500"
> path="/"
> />
> </authentication>
>
> <authorization>
> <allow users="*" />
> <deny users="?" />
> </authorization>
> -----------------------------
>
> But for the folder /members I want another login page, so I inserted

this
in
> the web.config in the folder /members:
> -----------------------------
> <authentication mode="Forms">
> <forms name="GLWEB.ASPXAUTH"
> loginUrl="/members/login.aspx"
> protection="All"
> timeout="500"
> path="/"
> />
> </authentication>
>
> <authorization>
> <allow roles="member" />
> <deny users="*" />
> </authorization>
> -------------------------------
>
> Hope someone can help me.
> THX !
>
>



Nov 18 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.