469,646 Members | 1,596 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,646 developers. It's quick & easy.

Authentication login screen appears on both frames of the framset

Hello,

I am developing a C# asp.net application.
I am using the authentication and authorization mechanism, which its timeout
is set to 60 minutes.

My application consists of 2 frames - a header frame and a main frame.
When i enter the application, i see the login screen on the whole screen,
but when the authentication expires, the login screen appears on both
frames.

How can i make it appear on 1 central screen?
Thank you
Dana
Dec 12 '05 #1
9 2389
Dana,

If you're using forms authentication when a user is not authorized to see a
page they are automatically redirected to the login page.

Since both of your frames are checking if the user is authorized they each
get redirected.

To fix this in the code for the page that you don't want redirected to the
login page you should remove it from the forms authentication process and
then check if the user is logged in "manually" in the code-behind. If they
are logged in display the data. If the are not then display an appropriate
message or nothng at all...

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
Hello,

I am developing a C# asp.net application.
I am using the authentication and authorization mechanism, which its
timeout
is set to 60 minutes.

My application consists of 2 frames - a header frame and a main frame.
When i enter the application, i see the login screen on the whole screen,
but when the authentication expires, the login screen appears on both
frames.

How can i make it appear on 1 central screen?
Thank you
Dana

Dec 12 '05 #2
when one frame detects a login required, it needs to redirect to a login
page, the login page should run client code that detects its in a frame, and
redirect to target "_top", or refresh its parent frame (the frameset)

-- bruce (sqlwork.com)
"dana lees" <da***@idc.ac.il> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
Hello,

I am developing a C# asp.net application.
I am using the authentication and authorization mechanism, which its
timeout
is set to 60 minutes.

My application consists of 2 frames - a header frame and a main frame.
When i enter the application, i see the login screen on the whole screen,
but when the authentication expires, the login screen appears on both
frames.

How can i make it appear on 1 central screen?
Thank you
Dana

Dec 12 '05 #3
Thank you very much.
Just a little question - How do i remove a certain page from the forms
authentication process?
Thanks,
Dana

"S. Justin Gengo" <justin@[no_spam_please]aboutfortunate.com> wrote in
message news:eB**************@TK2MSFTNGP12.phx.gbl...
Dana,

If you're using forms authentication when a user is not authorized to see a page they are automatically redirected to the login page.

Since both of your frames are checking if the user is authorized they each
get redirected.

To fix this in the code for the page that you don't want redirected to the
login page you should remove it from the forms authentication process and
then check if the user is logged in "manually" in the code-behind. If they
are logged in display the data. If the are not then display an appropriate
message or nothng at all...

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
Hello,

I am developing a C# asp.net application.
I am using the authentication and authorization mechanism, which its
timeout
is set to 60 minutes.

My application consists of 2 frames - a header frame and a main frame.
When i enter the application, i see the login screen on the whole screen, but when the authentication expires, the login screen appears on both
frames.

How can i make it appear on 1 central screen?
Thank you
Dana


Dec 13 '05 #4
Do you have an example of such code maybe?

Thanks,
Dana

"Bruce Barker" <br******************@safeco.com> wrote in message
news:uA**************@TK2MSFTNGP11.phx.gbl...
when one frame detects a login required, it needs to redirect to a login
page, the login page should run client code that detects its in a frame, and redirect to target "_top", or refresh its parent frame (the frameset)

-- bruce (sqlwork.com)
"dana lees" <da***@idc.ac.il> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
Hello,

I am developing a C# asp.net application.
I am using the authentication and authorization mechanism, which its
timeout
is set to 60 minutes.

My application consists of 2 frames - a header frame and a main frame.
When i enter the application, i see the login screen on the whole screen, but when the authentication expires, the login screen appears on both
frames.

How can i make it appear on 1 central screen?
Thank you
Dana


Dec 13 '05 #5
Dana,

I'm not certain where you set that permission you have to have done that
yourself to be locking the user out of that file. Otherwise the the page
wouldn't be redirecting to the login. There are a number of places you could
have done so, but you've probably done that in your web.config file. Just
give all users permission to the page that shouldn't redirect, but then do
the check in the page's code.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:ue**************@TK2MSFTNGP14.phx.gbl...
Thank you very much.
Just a little question - How do i remove a certain page from the forms
authentication process?
Thanks,
Dana

"S. Justin Gengo" <justin@[no_spam_please]aboutfortunate.com> wrote in
message news:eB**************@TK2MSFTNGP12.phx.gbl...
Dana,

If you're using forms authentication when a user is not authorized to see

a
page they are automatically redirected to the login page.

Since both of your frames are checking if the user is authorized they
each
get redirected.

To fix this in the code for the page that you don't want redirected to
the
login page you should remove it from the forms authentication process and
then check if the user is logged in "manually" in the code-behind. If
they
are logged in display the data. If the are not then display an
appropriate
message or nothng at all...

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> I am developing a C# asp.net application.
> I am using the authentication and authorization mechanism, which its
> timeout
> is set to 60 minutes.
>
> My application consists of 2 frames - a header frame and a main frame.
> When i enter the application, i see the login screen on the whole screen, > but when the authentication expires, the login screen appears on both
> frames.
>
> How can i make it appear on 1 central screen?
>
>
> Thank you
> Dana
>
>



Dec 13 '05 #6
I have used the we.config file in the following way:

<authentication mode="Forms">

<forms name="DJTCCookie" path="/" loginUrl="login.aspx" protection="All"
timeout="60">

</forms>

</authentication>


"S. Justin Gengo" <justin@[no_spam_please]aboutfortunate.com> wrote in
message news:ul**************@TK2MSFTNGP12.phx.gbl...
Dana,

I'm not certain where you set that permission you have to have done that
yourself to be locking the user out of that file. Otherwise the the page
wouldn't be redirecting to the login. There are a number of places you could have done so, but you've probably done that in your web.config file. Just
give all users permission to the page that shouldn't redirect, but then do
the check in the page's code.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:ue**************@TK2MSFTNGP14.phx.gbl...
Thank you very much.
Just a little question - How do i remove a certain page from the forms
authentication process?
Thanks,
Dana

"S. Justin Gengo" <justin@[no_spam_please]aboutfortunate.com> wrote in
message news:eB**************@TK2MSFTNGP12.phx.gbl...
Dana,

If you're using forms authentication when a user is not authorized to see
a
page they are automatically redirected to the login page.

Since both of your frames are checking if the user is authorized they
each
get redirected.

To fix this in the code for the page that you don't want redirected to
the
login page you should remove it from the forms authentication process

and then check if the user is logged in "manually" in the code-behind. If
they
are logged in display the data. If the are not then display an
appropriate
message or nothng at all...

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> I am developing a C# asp.net application.
> I am using the authentication and authorization mechanism, which its
> timeout
> is set to 60 minutes.
>
> My application consists of 2 frames - a header frame and a main frame. > When i enter the application, i see the login screen on the whole

screen,
> but when the authentication expires, the login screen appears on both
> frames.
>
> How can i make it appear on 1 central screen?
>
>
> Thank you
> Dana
>
>



Dec 13 '05 #7
How can i give the users permission to "header.aspx", which is the page they
are always allowed to open?

Thanks,
Dana
"S. Justin Gengo" <justin@[no_spam_please]aboutfortunate.com> wrote in
message news:ul**************@TK2MSFTNGP12.phx.gbl...
Dana,

I'm not certain where you set that permission you have to have done that
yourself to be locking the user out of that file. Otherwise the the page
wouldn't be redirecting to the login. There are a number of places you could have done so, but you've probably done that in your web.config file. Just
give all users permission to the page that shouldn't redirect, but then do
the check in the page's code.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:ue**************@TK2MSFTNGP14.phx.gbl...
Thank you very much.
Just a little question - How do i remove a certain page from the forms
authentication process?
Thanks,
Dana

"S. Justin Gengo" <justin@[no_spam_please]aboutfortunate.com> wrote in
message news:eB**************@TK2MSFTNGP12.phx.gbl...
Dana,

If you're using forms authentication when a user is not authorized to see
a
page they are automatically redirected to the login page.

Since both of your frames are checking if the user is authorized they
each
get redirected.

To fix this in the code for the page that you don't want redirected to
the
login page you should remove it from the forms authentication process

and then check if the user is logged in "manually" in the code-behind. If
they
are logged in display the data. If the are not then display an
appropriate
message or nothng at all...

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:%2***************@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> I am developing a C# asp.net application.
> I am using the authentication and authorization mechanism, which its
> timeout
> is set to 60 minutes.
>
> My application consists of 2 frames - a header frame and a main frame. > When i enter the application, i see the login screen on the whole

screen,
> but when the authentication expires, the login screen appears on both
> frames.
>
> How can i make it appear on 1 central screen?
>
>
> Thank you
> Dana
>
>



Dec 13 '05 #8
Dana,

You've locked down the entire application. You'll want to specify only
certain pages to protect. Here is a sample web.config file that allows
access to an entire application but locks down a single directory:

***Note the <location> section at the bottom which contains a second
<system.web> section.

1.. <?xml version="1.0" encoding="utf-8" ?>
2.. <configuration>
3..
4.. <system.web>
5..
6.. <!-- AUTHENTICATION
7.. This section sets the authentication policies of the application.
Possible modes are "Windows",
8.. "Forms", "Passport" and "None"
9.. -->
10.. <authentication mode="Forms">
11.. <!-- The name attribute below specifies the name of the browser
cookie that contains the authentication ticket. By default the cookie is
named .ASPXAUTH. If you are configuring multiple apps on the same server,
you should give a uniques cookie name for each app. loginUrl is the page to
which users are auto-redirected to when authentication is required. timeout
is the amnt. of time in minutes before a cookie expires. The default is 30
min. -->
12.. <forms name="LoginCookieName" loginUrl="admin/login.aspx"
timeout="20">
13.. <credentials passwordFormat="SHA1">
14.. <user name="UserName"
password="C8FEBA6A531A71A9AC1BA0D982163C9AADA69820 "/>
15.. </credentials>
16.. </forms>
17.. </authentication>
18..
19.. <!-- AUTHORIZATION
20.. This section sets the authorization policies of the application. You
can allow or deny access
21.. to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
22.. (unauthenticated) users.
23.. -->
24.. <authorization>
25.. <!-- allowing anonymous users access to the entire app -->
26.. <allow users="?" />
27.. </authorization>
28..
29.. <!-- APPLICATION-LEVEL TRACE LOGGING
30.. Application-level tracing enables trace log output for every page
within an application.
31.. Set trace enabled="true" to enable application trace logging. If
pageOutput="true", the
32.. trace information will be displayed at the bottom of each page.
Otherwise, you can view the
33.. application trace log by browsing the "trace.axd" page from your web
application
34.. root.
35.. -->
36.. <trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="false" />
37..
38..
39.. <!-- GLOBALIZATION
40.. This section sets the globalization settings of the application.
41.. -->
42.. <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
43.. </system.web>
44..
45.. <!-- LOCATION
46.. The "<location>" tag allows a developer to specify a particular
folder / file to set
47.. properties for.
48.. -->
49.. <location path="admin">
50.. <system.web>
51..
52.. <!-- AUTHORIZATION
53.. This section sets the authorization policies of the application. You
can allow or deny access
54.. to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
55.. (unauthenticated) users.
56.. -->
57.. <authorization>
58.. <!-- I use the code below to allow one and only one user to access
the ADMIN folder
59.. (directory). My login script returns a username and not an id value.
If it returned an id
60.. value then the id value would be used instead. I then deny all users
and anonymous users.
61.. Thus only one user, the site admin, can access the folder "Admin" and
any pages in that
62.. folder. -->
63.. <allow users="UserName"></allow>
64.. <deny users="*"></deny>
65.. <deny users="?"></deny>
66.. </authorization>
67.. </system.web>
68.. </location>
69.. </configuration>
--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:O6*************@TK2MSFTNGP10.phx.gbl...
How can i give the users permission to "header.aspx", which is the page
they
are always allowed to open?

Thanks,
Dana
"S. Justin Gengo" <justin@[no_spam_please]aboutfortunate.com> wrote in
message news:ul**************@TK2MSFTNGP12.phx.gbl...
Dana,

I'm not certain where you set that permission you have to have done that
yourself to be locking the user out of that file. Otherwise the the page
wouldn't be redirecting to the login. There are a number of places you

could
have done so, but you've probably done that in your web.config file. Just
give all users permission to the page that shouldn't redirect, but then
do
the check in the page's code.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:ue**************@TK2MSFTNGP14.phx.gbl...
> Thank you very much.
> Just a little question - How do i remove a certain page from the forms
> authentication process?
> Thanks,
> Dana
>
> "S. Justin Gengo" <justin@[no_spam_please]aboutfortunate.com> wrote in
> message news:eB**************@TK2MSFTNGP12.phx.gbl...
>> Dana,
>>
>> If you're using forms authentication when a user is not authorized to see > a
>> page they are automatically redirected to the login page.
>>
>> Since both of your frames are checking if the user is authorized they
>> each
>> get redirected.
>>
>> To fix this in the code for the page that you don't want redirected to
>> the
>> login page you should remove it from the forms authentication process and >> then check if the user is logged in "manually" in the code-behind. If
>> they
>> are logged in display the data. If the are not then display an
>> appropriate
>> message or nothng at all...
>>
>> --
>> Sincerely,
>>
>> S. Justin Gengo, MCP
>> Web Developer / Programmer
>>
>> www.aboutfortunate.com
>>
>> "Out of chaos comes order."
>> Nietzsche
>> "dana lees" <da***@idc.ac.il> wrote in message
>> news:%2***************@TK2MSFTNGP12.phx.gbl...
>> > Hello,
>> >
>> > I am developing a C# asp.net application.
>> > I am using the authentication and authorization mechanism, which its
>> > timeout
>> > is set to 60 minutes.
>> >
>> > My application consists of 2 frames - a header frame and a main frame. >> > When i enter the application, i see the login screen on the whole
> screen,
>> > but when the authentication expires, the login screen appears on
>> > both
>> > frames.
>> >
>> > How can i make it appear on 1 central screen?
>> >
>> >
>> > Thank you
>> > Dana
>> >
>> >
>>
>>
>
>



Dec 13 '05 #9
Thank you very much!

"S. Justin Gengo" <justin@[no_spam_please]aboutfortunate.com> wrote in
message news:eR**************@TK2MSFTNGP12.phx.gbl...
Dana,

You've locked down the entire application. You'll want to specify only
certain pages to protect. Here is a sample web.config file that allows
access to an entire application but locks down a single directory:

***Note the <location> section at the bottom which contains a second
<system.web> section.

1.. <?xml version="1.0" encoding="utf-8" ?>
2.. <configuration>
3..
4.. <system.web>
5..
6.. <!-- AUTHENTICATION
7.. This section sets the authentication policies of the application.
Possible modes are "Windows",
8.. "Forms", "Passport" and "None"
9.. -->
10.. <authentication mode="Forms">
11.. <!-- The name attribute below specifies the name of the browser
cookie that contains the authentication ticket. By default the cookie is
named .ASPXAUTH. If you are configuring multiple apps on the same server,
you should give a uniques cookie name for each app. loginUrl is the page to which users are auto-redirected to when authentication is required. timeout is the amnt. of time in minutes before a cookie expires. The default is 30
min. -->
12.. <forms name="LoginCookieName" loginUrl="admin/login.aspx"
timeout="20">
13.. <credentials passwordFormat="SHA1">
14.. <user name="UserName"
password="C8FEBA6A531A71A9AC1BA0D982163C9AADA69820 "/>
15.. </credentials>
16.. </forms>
17.. </authentication>
18..
19.. <!-- AUTHORIZATION
20.. This section sets the authorization policies of the application. You can allow or deny access
21.. to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
22.. (unauthenticated) users.
23.. -->
24.. <authorization>
25.. <!-- allowing anonymous users access to the entire app -->
26.. <allow users="?" />
27.. </authorization>
28..
29.. <!-- APPLICATION-LEVEL TRACE LOGGING
30.. Application-level tracing enables trace log output for every page
within an application.
31.. Set trace enabled="true" to enable application trace logging. If
pageOutput="true", the
32.. trace information will be displayed at the bottom of each page.
Otherwise, you can view the
33.. application trace log by browsing the "trace.axd" page from your web application
34.. root.
35.. -->
36.. <trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="false" />
37..
38..
39.. <!-- GLOBALIZATION
40.. This section sets the globalization settings of the application.
41.. -->
42.. <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
43.. </system.web>
44..
45.. <!-- LOCATION
46.. The "<location>" tag allows a developer to specify a particular
folder / file to set
47.. properties for.
48.. -->
49.. <location path="admin">
50.. <system.web>
51..
52.. <!-- AUTHORIZATION
53.. This section sets the authorization policies of the application. You can allow or deny access
54.. to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
55.. (unauthenticated) users.
56.. -->
57.. <authorization>
58.. <!-- I use the code below to allow one and only one user to access
the ADMIN folder
59.. (directory). My login script returns a username and not an id value. If it returned an id
60.. value then the id value would be used instead. I then deny all users and anonymous users.
61.. Thus only one user, the site admin, can access the folder "Admin" and any pages in that
62.. folder. -->
63.. <allow users="UserName"></allow>
64.. <deny users="*"></deny>
65.. <deny users="?"></deny>
66.. </authorization>
67.. </system.web>
68.. </location>
69.. </configuration>
--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:O6*************@TK2MSFTNGP10.phx.gbl...
How can i give the users permission to "header.aspx", which is the page
they
are always allowed to open?

Thanks,
Dana
"S. Justin Gengo" <justin@[no_spam_please]aboutfortunate.com> wrote in
message news:ul**************@TK2MSFTNGP12.phx.gbl...
Dana,

I'm not certain where you set that permission you have to have done that yourself to be locking the user out of that file. Otherwise the the page wouldn't be redirecting to the login. There are a number of places you

could
have done so, but you've probably done that in your web.config file. Just give all users permission to the page that shouldn't redirect, but then
do
the check in the page's code.

--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"dana lees" <da***@idc.ac.il> wrote in message
news:ue**************@TK2MSFTNGP14.phx.gbl...
> Thank you very much.
> Just a little question - How do i remove a certain page from the forms > authentication process?
> Thanks,
> Dana
>
> "S. Justin Gengo" <justin@[no_spam_please]aboutfortunate.com> wrote in > message news:eB**************@TK2MSFTNGP12.phx.gbl...
>> Dana,
>>
>> If you're using forms authentication when a user is not authorized to
see
> a
>> page they are automatically redirected to the login page.
>>
>> Since both of your frames are checking if the user is authorized
they >> each
>> get redirected.
>>
>> To fix this in the code for the page that you don't want redirected to >> the
>> login page you should remove it from the forms authentication process and
>> then check if the user is logged in "manually" in the code-behind.

If >> they
>> are logged in display the data. If the are not then display an
>> appropriate
>> message or nothng at all...
>>
>> --
>> Sincerely,
>>
>> S. Justin Gengo, MCP
>> Web Developer / Programmer
>>
>> www.aboutfortunate.com
>>
>> "Out of chaos comes order."
>> Nietzsche
>> "dana lees" <da***@idc.ac.il> wrote in message
>> news:%2***************@TK2MSFTNGP12.phx.gbl...
>> > Hello,
>> >
>> > I am developing a C# asp.net application.
>> > I am using the authentication and authorization mechanism, which its >> > timeout
>> > is set to 60 minutes.
>> >
>> > My application consists of 2 frames - a header frame and a main

frame.
>> > When i enter the application, i see the login screen on the whole
> screen,
>> > but when the authentication expires, the login screen appears on
>> > both
>> > frames.
>> >
>> > How can i make it appear on 1 central screen?
>> >
>> >
>> > Thank you
>> > Dana
>> >
>> >
>>
>>
>
>



Dec 14 '05 #10

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by sushi | last post: by
reply views Thread by J. Babe | last post: by
1 post views Thread by Martin | last post: by
reply views Thread by Anonieko Ramos | last post: by
2 posts views Thread by Andy Fish | last post: by
2 posts views Thread by Agus Ayala | last post: by
5 posts views Thread by Cesar | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.