page vs directory security

I am trying to use the form futhentication where the configuration
parameters are specified in web.config in my application root directory
"/".

My applciation has secured pages and public pages scatter in various
directory, and the start page (main.aspx) is public page with a logon
button to control the accessibility of secured pages. When I use the
following configuration, I will get "Server Error in "/" Applciation.
How to set the Web.config so that it will redirect user to login.aspx
discretionally when accessing secured page. Thanks.

<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="Off" />

<authentication mode="Forms" />
<authorization>
<deny users="?" />
</authorization>
<forms name=".ASPXCOOKIEDEMO"
loginUrl="Login.aspx" protection="all" timeout="30" path="/">
</forms>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState cookieless="true" timeout="20" />
</system.web>

Nov 23 '05 #1

Subscribe Reply

1141

Wouter van Vugt

Hi,

use the following config file to redirect a user to Login.aspx:

<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"/>
</authentication>
</system.web>

Grtz, Wouter van Vugt,
Trainer Info Support - www.infosupport.com
www.dive-in-it.nl

Nov 23 '05 #2

Thanks but it doesn't work. I think this configuration is for entire
site but not for just secured pages.

Nov 24 '05 #3

Wouter van Vugt

js schreef:

Thanks but it doesn't work. I think this configuration is for entire
site but not for just secured pages.

Hi JS,

sorry to say, it does work. When a user hits a protected page,(using
the authorization element in the web.config), the framework will auto
redirect to the login page specified like i said. If you want to secure
just a directory, add an extra config file to that directory and
specify the security settings in there.

Grtz, Wouter

Nov 24 '05 #4

Patrick.O.Ige

You must be missing something
IT DOES WORK

"js" <an********@yahoo.com> wrote in message
news:11**********************@g47g2000cwa.googlegr oups.com...

Thanks but it doesn't work. I think this configuration is for entire
site but not for just secured pages.

Nov 24 '05 #5

Ok. It worked that upon hiting my website the request is redirected to
the Login.aspx, but I only need the visitors to login when they request
any secured page. After they login, their credentials are persisted
during the active session, they WON'T see the Login.aspx again. By
configuring the way you suggested, the first thing user sees is the
Login.aspx.

Say, my web site URL is http://www.mywebsite.com which contains
Main.aspx (the default page, no login required),
\directory1\Public1.aspx, \directory1\Private2.aspx,
\directory2\Public3.aspx, \directory2\Private4.aspx. When a user hits
the URL, they will see the Main.aspx, they should NOT see Login.aspx.
Neither should they see the Login.aspx when they click the links or
buttons of Public1.aspx or Public3.aspx. ONLY when they click the links
or buttons of Private2.aspx or Private4.aspx will they be asked to
login.

Hope this explains my situation. Thanks.
*** Sent via Developersdex http://www.developersdex.com ***

Nov 24 '05 #6

Well, I figured it out. I just added <location> tags for those pages
that are public. The following is partail of my Web.config setting.

<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="RemoteOnly" />
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState cookieless="true" timeout="20" />
<authentication mode="Forms">
<forms name="my_Authorization"
loginUrl="Login.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="false">
<credentials passwordFormat = "SHA1"/>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>

<location path="main.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

<location path="directory1/public1.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

<location path="directory2/public3.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

*** Sent via Developersdex http://www.developersdex.com ***

Nov 28 '05 #7

Similar topics

7303

How to access currently logged in user from Active Directory. (Without custom login page)

by: anonymous | last post by:

Hi all, I've been searching the way to achieve the following task. But no luck so far. I have a web site(main site), which requires authentication. This authentication is set at Windows...

C# / C Sharp

315

Want to Reboot server from ASPX page

by: Terry | last post by:

I am developing a asp.net web based service application for our product I am trying to trigger a reboot of the server based on a user request I believe I have all the appropriate code for...

ASP.NET

2567

Replacing page content w/ a dynamically created pdf at https

by: Ryan Taylor | last post by:

Hi. I have some code that dynamically generates a PDF and spits this content directly to the web browser. I use HTMLDoc to create the Pdf's from html. So the user can click on a button "Print...

ASP.NET

8488

Virtual directory error: "directory does not exist or is not accessible because of security settings"

by: Dave | last post by:

I am getting te following error in a ASP.Net app that is running on Win XP Pro (SP2): Server cannot access application directory 'C:\Documents and Settings\dave\My Documents\My Visual Studio...

ASP.NET

4835

Can't make this page work

by: scottyman | last post by:

I can't make this script work properly. I've gone as far as I can with it and the rest is out of my ability. I can do some html editing but I'm lost in the Java world. The script at the bottom of...

Javascript

16887

You are not authorized to view this page HTTP Error 403 - Forbidden

by: Tony Girgenti | last post by:

Hello. I developed and tested a web application using VS.NET 2003, VB, .NET Framework 1.1.4322, ASP.NET 1.1.4322 and IIS5.1. It uses a web form. Development testing works fine on my...

ASP.NET

23752

Active Directory User Name from Logon Name

by: Arthur | last post by:

Hi All, I would like to get the name of the user given their networkID, is this something Active Directory would be useful for?(For intranet users) If so, can you please point me to some sample...

C# / C Sharp

2484

Web page to enumerate groups in active directory

by: bcanter | last post by:

I found a file on the web that will allow you to enumerate groups but it was an .hta and the top level admins won't allow this. I need to give managers access to the groups so that when a new user is...

Visual Basic 4 / 5 / 6

2463

to access a page in that directory, you have to give a username and a password

by: Charlotte | last post by:

Hello, info: I'me a rookie with IIS I have on a WinXP Pro the IIS installed, so I can test some pages before uploading to the hostserver online on the hostserver is a possibility (with the...

ASP / Active Server Pages

7125

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

7165

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

7205

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

5462

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...

Career Advice

4910

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

Microsoft Access / VBA

4590

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...

C# / C Sharp

3085

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

1419

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...

C# / C Sharp

291

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...

General