473,499 Members | 1,551 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Url Rewriting with Forms Authentication

Lee
Hi all ;)
Preamble
--------
I'm using URL rewriting to enforce a frames policy (yeah, I know frames
are 'bad' :) - i.e. if a request comes in for a page which should be
nested within a frameset, the url is rewritten to something of the form
'http://www.blah.com/framesdoc.aspx?lowerFrame=/page.aspx', the
'framesdoc' page then dynamically generates the src attribute for the
frame appropriately to load the content specified in the 'lowerFrame'
query var.

As mentioned in Scott Mitchell's article (1), if using Forms
Authentication, the rewriting should take place in response to the
AuthorizeRequest event, to prevent the FormsAuthenticationModule using
the rewritten url as a return url from the login page.

At first read, the article seemed to imply that FormsAuthentication will
still function to restrict access to pages specified within the rewritten
url.

Of course, after a little more thought, it seems clear that there's no
way this could work, the FormsAuthenticationModule has already missed its
opportunity by the time the url is rewritten.

Question
--------
So, what I'm seeking is some work-around which will allow me to use url
rewriting on a site which makes selective use of FormsAuthentication
(e.g. a '/Secure' folder is restricted to authenticated users.)

I first thought of rewriting the url in response to BeginRequest rather
than AuthorizeRequest so that a redirect-to-login-page will occur if
needed and then somehow communicating the original, pre-rewritten url to
the login page, so that the url can once again be rewritten to overwrite
the 'ReturnUrl=...' portion. The question then becomes 'how do I
communicate the pre-rewritten url to the login page?' as there's no
session state at that point (is there?) and I understand it's
unacceptable to update objects in the Application cache from multiple
threads.

My next idea was that I might be able to use the location element within
web.config to specify that certain paths matching pre-rewritten URLs are
restricted, no luck there though.

Any ideas on how to solve this?

Any other comments would be appreciated as I've hit a point in the
application where I really need url rewriting *and* forms authentication
but am unable to progress.

Kind regards,
Lee.
--
References:

1) Scott Mitchell's article 'URL Rewriting in ASP.NET' :

http://msdn.microsoft.com/library/de...l=/library/en-
us/dnaspp/html/urlrewriting.asp

Nov 19 '05 #1
0 2077

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
4792
Secure and Unsecure Web Directories using Forms Authentication
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
.NET Framework
3
4835
Forms authentication in a subfolder problem, please help
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
ASP.NET
2
2481
Forms Authentication question: How to have some pages open and some requiring forms authentication
by: Eric | last post by:
I am trying to build an app where the stuff in the root directory is open to all, but anything under the Restricted directory requires you to login and I want to use Forms to do it. I'm having...
ASP.NET
0
4191
ASP.NET Forms Authentication Best Practices
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET...
ASP.NET
2
2572
Using ISAPI filter with .net for URL Rewriting
by: Jon Maz | last post by:
Hi All, I've been looking into options for URL Rewriting in .net, and to be honest, I haven't seen anything that's easier than the old Classic Asp solution with an ISAPI filter redirecting to an...
ASP.NET
9
1985
What's the simplest way to do URL rewriting?
by: Alan Silver | last post by:
Hello, I would like to be able to use an URL like ... http://www.whatever.com/order/123 and have it translated into ... http://www.whatever.com/orders.aspx?orderid=123
ASP.NET
0
912
url rewriting and authentication
by: Ashish | last post by:
Hello All, We have an application in which we are planning to have a virtual url system which is completely driven by configuration files. to accomplish this we need to receive all urls at...
ASP.NET
5
3525
Forms Authentication vs MembershipProvider
by: Rory Becker | last post by:
Having now created a Custom MembershipProvider that seems to work correctly with my Logon and ChangePassword controls, I am, as they say, a happy bunny. The next stange is to move on to the...
ASP.NET
0
7220
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
7386
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
5468
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
4599
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3098
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3090
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1427
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
1
664
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP
0
295
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us