Original message:
Thank you,
That is exactly what I was looking for....BUT...
A .htm file was an example that I thought I could post and take the
solution and apply that everywhere...
but the majority of the files that I am trying to protect are .asp
files.
And those already have an ISAP filter associated with it.
Can you think of a way to protect those?
--------------------
my response:
In order to protect .asp files on my .net website:
- I coded my login form so it sets a session variable to "True"
- I coded global.asa so it checks this session variable, and transfers
control to the login form if the variable hasn't been set.
Here is the code in my login form:
private void ButtonLogin_Click(object sender, System.EventArgs e)
{
string sUsername = TextUsername.Text.ToLower();
string sPassword = TextPassword.Text.ToLower();
if (FormsAuthentication.Authenticate(sUsername, sPassword))
{
Session["LoggedIn"] = "True";
FormsAuthentication.RedirectFromLoginPage(
sUsername,
CheckBoxRememberMe.Checked);
}
}
Here is the code in global.asa
Sub Session_OnStart
FrontPage_StartSession '==FrontPage Generated==
FrontPage_ConvertFromODBC '==FrontPage Generated==
if Session("LoggedIn") = "True" then
exit sub
end if
Session("LoggedIn") = "False"
dim sLink
sLink = "/members/Login.aspx" _
& "?ReturnUrl=" _
& Request.ServerVariables("SCRIPT_NAME")
Response.Redirect sLink
End Sub
If a user starts a session by going directly to a .asp page:
- Session_OnStart in global.asa will be called
- The LoggedIn session variable has not set
- The user will be redirected to the login page
- If the user logs in correctly:
- The LoggedIn session variable will be set to "True"
- The user will be redirected to the .asp page they requested
This seems to be working on my website.
Please exercise caution with this suggestion - this might not be the
best solution.
Your code will vary from this depending on the name and location of
your login page, and the type of forms authentication you use.
Good luck,
Michael Aaronson
--
MichaelAaronson
------------------------------------------------------------------------
Posted via
http://www.codecomments.com
------------------------------------------------------------------------