I've implemented forms authentication and authorization on my application.
In my Web.Config, my authorization section looks like this..
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
If an authenticated user, who is NOT designated the role "admin" attempts
to access this folder, he/she is simply redirected to the login page.
How do I detect a failed authorization and display a meaninfull error msg? I
found an article which came up with solution :
Sub Global_EndRequest(ByVal sender As Object, ByVal e As System.EventArgs)
Handles MyBase.EndRequest
If User.Identity.IsAuthenticated And Response.StatusCode = "401" Then
Response.Redirect("test.aspx")
End If
End Sub
When I implement this, and the the situation described above occurs, the
application seems to hang.. ie. the user isn't allowed into the application
but it never redirects to test.aspx.
Any suggestions??
Bijoy 9 2727
The forms tag in the web.config file has a loginUrl attribute that you can
give it an login.aspx page which every user will be redirected to this page
if they are not authenticated. Once authenticated, they will be
automatically be redirected to the page that they were trying to access.
"Bijoy Naick" wrote: I've implemented forms authentication and authorization on my application. In my Web.Config, my authorization section looks like this..
<authorization> <allow roles="admin" /> <deny users="*" /> </authorization>
If an authenticated user, who is NOT designated the role "admin" attempts to access this folder, he/she is simply redirected to the login page.
How do I detect a failed authorization and display a meaninfull error msg? I found an article which came up with solution :
Sub Global_EndRequest(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.EndRequest If User.Identity.IsAuthenticated And Response.StatusCode = "401" Then Response.Redirect("test.aspx") End If End Sub
When I implement this, and the the situation described above occurs, the application seems to hang.. ie. the user isn't allowed into the application but it never redirects to test.aspx.
Any suggestions??
Bijoy
I think u misunderstood my question. The authentication piece works fine.
Problem occurs when a user authentcates successfully but does not have
access (authorization) to a folder. In this case, they get booted back to
teh login page.. How can I detect a failed authorization? so that I can
display a meaningfull error msg.
Bijoy
"Tampa .NET Koder" <Ta***********@discussions.microsoft.com> wrote in
message news:D3**********************************@microsof t.com... The forms tag in the web.config file has a loginUrl attribute that you
can give it an login.aspx page which every user will be redirected to this
page if they are not authenticated. Once authenticated, they will be automatically be redirected to the page that they were trying to access.
"Bijoy Naick" wrote:
I've implemented forms authentication and authorization on my
application. In my Web.Config, my authorization section looks like this..
<authorization> <allow roles="admin" /> <deny users="*" /> </authorization>
If an authenticated user, who is NOT designated the role "admin"
attempts to access this folder, he/she is simply redirected to the login page.
How do I detect a failed authorization and display a meaninfull error
msg? I found an article which came up with solution :
Sub Global_EndRequest(ByVal sender As Object, ByVal e As
System.EventArgs) Handles MyBase.EndRequest If User.Identity.IsAuthenticated And Response.StatusCode = "401"
Then Response.Redirect("test.aspx") End If End Sub
When I implement this, and the the situation described above occurs, the application seems to hang.. ie. the user isn't allowed into the
application but it never redirects to test.aspx.
Any suggestions??
Bijoy
Hi Bijoy,
This might work for you. It is what I use. It goes in your global.asax
file. Ken.
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As
EventArgs)
Dim appHTTP As HttpApplication = CType(sender, HttpApplication)
'Check if the user is authenticated.
If (appHTTP.Request.IsAuthenticated = True) Then
'Do nothing.
Else
'Redirect where you want the user to go.
'Here you can also find out what page they
'were trying to get to and customize your
'response accordingly.
End If
End Sub
Good luck! Ken.
--
Ken Dopierala Jr.
For great ASP.Net web hosting try: http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.
"Bijoy Naick" <b_*****@yahoo.ca> wrote in message
news:uy**************@TK2MSFTNGP11.phx.gbl... I've implemented forms authentication and authorization on my application. In my Web.Config, my authorization section looks like this..
<authorization> <allow roles="admin" /> <deny users="*" /> </authorization>
If an authenticated user, who is NOT designated the role "admin" attempts to access this folder, he/she is simply redirected to the login page.
How do I detect a failed authorization and display a meaninfull error msg?
I found an article which came up with solution :
Sub Global_EndRequest(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.EndRequest If User.Identity.IsAuthenticated And Response.StatusCode = "401" Then Response.Redirect("test.aspx") End If End Sub
When I implement this, and the the situation described above occurs, the application seems to hang.. ie. the user isn't allowed into the
application but it never redirects to test.aspx.
Any suggestions??
Bijoy
Ken,
Thanks for the response.. I don't understand how the code you provided will
detect a "failed AUTHORIZATION". It will probably detect a failed
"AUTHENTICATION" attempt.
Am I missing something?
Bijoy
"Ken Dopierala Jr." <kd*********@wi.rr.com> wrote in message
news:Ok**************@TK2MSFTNGP14.phx.gbl... Hi Bijoy,
This might work for you. It is what I use. It goes in your global.asax file. Ken.
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs) Dim appHTTP As HttpApplication = CType(sender, HttpApplication)
'Check if the user is authenticated. If (appHTTP.Request.IsAuthenticated = True) Then 'Do nothing. Else 'Redirect where you want the user to go. 'Here you can also find out what page they 'were trying to get to and customize your 'response accordingly. End If End Sub
Good luck! Ken.
-- Ken Dopierala Jr. For great ASP.Net web hosting try: http://www.webhost4life.com/default.asp?refid=Spinlight If you sign up under me and need help, email me.
"Bijoy Naick" <b_*****@yahoo.ca> wrote in message news:uy**************@TK2MSFTNGP11.phx.gbl... I've implemented forms authentication and authorization on my
application. In my Web.Config, my authorization section looks like this..
<authorization> <allow roles="admin" /> <deny users="*" /> </authorization>
If an authenticated user, who is NOT designated the role "admin"
attempts to access this folder, he/she is simply redirected to the login page.
How do I detect a failed authorization and display a meaninfull error
msg? I found an article which came up with solution :
Sub Global_EndRequest(ByVal sender As Object, ByVal e As
System.EventArgs) Handles MyBase.EndRequest If User.Identity.IsAuthenticated And Response.StatusCode = "401"
Then Response.Redirect("test.aspx") End If End Sub
When I implement this, and the the situation described above occurs, the application seems to hang.. ie. the user isn't allowed into the application but it never redirects to test.aspx.
Any suggestions??
Bijoy
Hi Bijoy,
It is the If statement:
If (appHTTP.Request.IsAuthenticated = True) Then
I think this fires, after every authentication request and before the user
is redirected to any login page. But I might be wrong. Look at the Else
statement in the code below:
If (appHTTP.Request.IsAuthenticated = True) Then
'do nothing
Else 'Now you know you have a failed auth.
'*********Right here redirect your failed auth user
'whereever you want before they get redirected to
'the login page.
End If
If this doesn't work post back here and we'll figure out something else.
Good luck! Ken.
--
Ken Dopierala Jr.
For great ASP.Net web hosting try: http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.
"Bijoy Naick" <b_*****@yahoo.ca> wrote in message
news:uv**************@TK2MSFTNGP09.phx.gbl... Ken,
Thanks for the response.. I don't understand how the code you provided
will detect a "failed AUTHORIZATION". It will probably detect a failed "AUTHENTICATION" attempt.
Am I missing something?
Bijoy
"Ken Dopierala Jr." <kd*********@wi.rr.com> wrote in message news:Ok**************@TK2MSFTNGP14.phx.gbl... Hi Bijoy,
This might work for you. It is what I use. It goes in your global.asax file. Ken.
Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs) Dim appHTTP As HttpApplication = CType(sender, HttpApplication)
'Check if the user is authenticated. If (appHTTP.Request.IsAuthenticated = True) Then 'Do nothing. Else 'Redirect where you want the user to go. 'Here you can also find out what page they 'were trying to get to and customize your 'response accordingly. End If End Sub
Good luck! Ken.
-- Ken Dopierala Jr. For great ASP.Net web hosting try: http://www.webhost4life.com/default.asp?refid=Spinlight If you sign up under me and need help, email me.
"Bijoy Naick" <b_*****@yahoo.ca> wrote in message news:uy**************@TK2MSFTNGP11.phx.gbl... I've implemented forms authentication and authorization on my application. In my Web.Config, my authorization section looks like this..
<authorization> <allow roles="admin" /> <deny users="*" /> </authorization>
If an authenticated user, who is NOT designated the role "admin" attempts to access this folder, he/she is simply redirected to the login page.
How do I detect a failed authorization and display a meaninfull error msg? I found an article which came up with solution :
Sub Global_EndRequest(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.EndRequest If User.Identity.IsAuthenticated And Response.StatusCode = "401" Then Response.Redirect("test.aspx") End If End Sub
When I implement this, and the the situation described above occurs,
the application seems to hang.. ie. the user isn't allowed into the application but it never redirects to test.aspx.
Any suggestions??
Bijoy
Sorry folks.. The code I posted at the bottom of my original post actually
works. I made the mistake of redirecting users to another protected file..
as a result it got into an infinite loop..
Bijoy
"Bijoy Naick" <b_*****@yahoo.ca> wrote in message
news:uy**************@TK2MSFTNGP11.phx.gbl... I've implemented forms authentication and authorization on my application. In my Web.Config, my authorization section looks like this..
<authorization> <allow roles="admin" /> <deny users="*" /> </authorization>
If an authenticated user, who is NOT designated the role "admin" attempts to access this folder, he/she is simply redirected to the login page.
How do I detect a failed authorization and display a meaninfull error msg?
I found an article which came up with solution :
Sub Global_EndRequest(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.EndRequest If User.Identity.IsAuthenticated And Response.StatusCode = "401" Then Response.Redirect("test.aspx") End If End Sub
When I implement this, and the the situation described above occurs, the application seems to hang.. ie. the user isn't allowed into the
application but it never redirects to test.aspx.
Any suggestions??
Bijoy
I don't think this can be trapped within the global.asax file then, the
authentication request is handled throught it. However, if your user does get
the IE 403 error page, "Not Authorized to view this page", then you can
replace this error page with your own using the <customErrors element> like
below:
<customErrors mode="RemoteOnly" defaultRedirect="/genericerror.htm">
<error statusCode="500" redirect="/error/callsupport.htm"/>
<error statusCode="404" redirect="/error/notfound.aspx"/>
<error statusCode="403" redirect="/error/noaccess.aspx"/>
</customErrors>
this is all I can think of.
"Bijoy Naick" wrote: I think u misunderstood my question. The authentication piece works fine.
Problem occurs when a user authentcates successfully but does not have access (authorization) to a folder. In this case, they get booted back to teh login page.. How can I detect a failed authorization? so that I can display a meaningfull error msg.
Bijoy
"Tampa .NET Koder" <Ta***********@discussions.microsoft.com> wrote in message news:D3**********************************@microsof t.com... The forms tag in the web.config file has a loginUrl attribute that you can give it an login.aspx page which every user will be redirected to this page if they are not authenticated. Once authenticated, they will be automatically be redirected to the page that they were trying to access.
"Bijoy Naick" wrote:
I've implemented forms authentication and authorization on my application. In my Web.Config, my authorization section looks like this..
<authorization> <allow roles="admin" /> <deny users="*" /> </authorization>
If an authenticated user, who is NOT designated the role "admin" attempts to access this folder, he/she is simply redirected to the login page.
How do I detect a failed authorization and display a meaninfull error msg? I found an article which came up with solution :
Sub Global_EndRequest(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.EndRequest If User.Identity.IsAuthenticated And Response.StatusCode = "401" Then Response.Redirect("test.aspx") End If End Sub
When I implement this, and the the situation described above occurs, the application seems to hang.. ie. the user isn't allowed into the application but it never redirects to test.aspx.
Any suggestions??
Bijoy
HI Bijoy Naick,
Where does the code:- Sub Global_EndRequest(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.EndRequest If User.Identity.IsAuthenticated And Response.StatusCode = "401" Then Response.Redirect("test.aspx") End If End Sub
Go to is it TO THE GLOBAL.ASAX file?
Patrick
"Bijoy Naick" wrote:
Sorry folks.. The code I posted at the bottom of my original post actually works. I made the mistake of redirecting users to another protected file.. as a result it got into an infinite loop..
Bijoy
"Bijoy Naick" <b_*****@yahoo.ca> wrote in message news:uy**************@TK2MSFTNGP11.phx.gbl... I've implemented forms authentication and authorization on my application. In my Web.Config, my authorization section looks like this..
<authorization> <allow roles="admin" /> <deny users="*" /> </authorization>
If an authenticated user, who is NOT designated the role "admin" attempts to access this folder, he/she is simply redirected to the login page.
How do I detect a failed authorization and display a meaninfull error msg? I found an article which came up with solution :
Sub Global_EndRequest(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.EndRequest If User.Identity.IsAuthenticated And Response.StatusCode = "401" Then Response.Redirect("test.aspx") End If End Sub
When I implement this, and the the situation described above occurs, the application seems to hang.. ie. the user isn't allowed into the application but it never redirects to test.aspx.
Any suggestions??
Bijoy
Yes, this goes in the global.asax file
"Patrick.O.Ige" <Pa*********@discussions.microsoft.com> wrote in message
news:BA**********************************@microsof t.com... HI Bijoy Naick, Where does the code:- > Sub Global_EndRequest(ByVal sender As Object, ByVal e As > System.EventArgs) > Handles MyBase.EndRequest > If User.Identity.IsAuthenticated And Response.StatusCode = "401" > Then > Response.Redirect("test.aspx") > End If > End Sub
Go to is it TO THE GLOBAL.ASAX file? Patrick "Bijoy Naick" wrote:
Sorry folks.. The code I posted at the bottom of my original post actually works. I made the mistake of redirecting users to another protected file.. as a result it got into an infinite loop..
Bijoy
"Bijoy Naick" <b_*****@yahoo.ca> wrote in message news:uy**************@TK2MSFTNGP11.phx.gbl... > I've implemented forms authentication and authorization on my > application. > In my Web.Config, my authorization section looks like this.. > > <authorization> > <allow roles="admin" /> > <deny users="*" /> > </authorization> > > If an authenticated user, who is NOT designated the role "admin" > attempts > to access this folder, he/she is simply redirected to the login page. > > How do I detect a failed authorization and display a meaninfull error > msg? I > found an article which came up with solution : > > Sub Global_EndRequest(ByVal sender As Object, ByVal e As > System.EventArgs) > Handles MyBase.EndRequest > If User.Identity.IsAuthenticated And Response.StatusCode = "401" > Then > Response.Redirect("test.aspx") > End If > End Sub > > When I implement this, and the the situation described above occurs, > the > application seems to hang.. ie. the user isn't allowed into the application > but it never redirects to test.aspx. > > Any suggestions?? > > Bijoy > > This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: DC Gringo |
last post by:
Using latest SP Win2k and .NET versions, I have a .NET application running
on server1 with a SQL Server database running on server2. I have the
Windows user account passwords sync'd for...
|
by: Dan |
last post by:
hi ng,
is there a way to set a page the user gets redirected when using windows
authentification (and the user gets authentificated by active directory)
and authorization failed?)
i have tried...
|
by: boy |
last post by:
I got the following error message when I access the web application, in which
the web application use SPPI to connect to database.
"Login failed for user '(null)'. Reason: Not associated with a...
|
by: gilly3 |
last post by:
How do I use a Custom Error page for 401 - Authorization Failed errors?
I tried the web.config method:
<customErrors mode="On" defaultRedirect="/GeneralError.aspx">
<error statusCode="401"...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |