473,378 Members | 1,110 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > web.config login problem

Join Bytes to post your question to a community of 473,378 software developers and data experts.

web.config login problem

Hi,

I have a default.aspx which allows the user to choose between module Admin
and module B. When the user clicks either one, he will be redirected to a
FormsAuthentication login page. The problem I have is that currently, users
of one module are able to access the other since I have only 1 login page.
How do I prevent this ?

I am not sure how to go about configuring the web.config file for having 2
modules that have a separate set of users for each. The files are all in the
same directory. Do I have to modify the Admins role in the authorization tag
in the web.config file. if yes, then how does this "roles" keyword relate to
my c# code ?
eg.
<authorization>
<allow roles="Admins"/>
</authorization>

Am I on the right path ? Any help appreaciated.
regards,
andrew

Mar 28 '06 #1
5 1470
Jed
I think you could resolve this by having two separate roles.

Admin and ModuleB

Then just do a check using IsInRole.

http://msdn.microsoft.com/library/de...RoleTopic2.asp
"Andrew" wrote:
Hi,

I have a default.aspx which allows the user to choose between module Admin
and module B. When the user clicks either one, he will be redirected to a
FormsAuthentication login page. The problem I have is that currently, users
of one module are able to access the other since I have only 1 login page.
How do I prevent this ?

I am not sure how to go about configuring the web.config file for having 2
modules that have a separate set of users for each. The files are all in the
same directory. Do I have to modify the Admins role in the authorization tag
in the web.config file. if yes, then how does this "roles" keyword relate to
my c# code ?
eg.
<authorization>
<allow roles="Admins"/>
</authorization>

Am I on the right path ? Any help appreaciated.
regards,
andrew

Mar 28 '06 #2
Hi,

Thanks for your reply.
From my understanding of the url u gave me, the role refers to the the name
of the Windows user group for which to check membership. However, the "Admin"
role that I have for my users are just for my application. Am I right ?

regards,
andrew

"Jed" wrote:
I think you could resolve this by having two separate roles.

Admin and ModuleB

Then just do a check using IsInRole.

http://msdn.microsoft.com/library/de...RoleTopic2.asp
"Andrew" wrote:
Hi,

I have a default.aspx which allows the user to choose between module Admin
and module B. When the user clicks either one, he will be redirected to a
FormsAuthentication login page. The problem I have is that currently, users
of one module are able to access the other since I have only 1 login page.
How do I prevent this ?

I am not sure how to go about configuring the web.config file for having 2
modules that have a separate set of users for each. The files are all in the
same directory. Do I have to modify the Admins role in the authorization tag
in the web.config file. if yes, then how does this "roles" keyword relate to
my c# code ?
eg.
<authorization>
<allow roles="Admins"/>
</authorization>

Am I on the right path ? Any help appreaciated.
regards,
andrew

Mar 28 '06 #3
Jed
When you use FormsAuthentication you are actually getting a new user context.

This is how you would access the role assignments.
HttpContext.Current.User.IsInRole("ModuleB")

You may want to test for whether the current user is authenticated with
something like this.
HttpContext.Current.Request.IsAuthenticated

These links may make more sense.
http://aspnet.4guysfromrolla.com/art...82703-1.2.aspx
http://dotnet.org.za/stuartg/articles/1415.aspx

You are probably better off breaking the two areas into subfolders. Each
subfolder could have it's own config file specifying the role access.

Alternatively, you could create an admin base page and a module b base page
where you test for roles. Then make sure relevant pages inherit from the
right one. If the roles overlap then maybe admin inherits from module b.

"Andrew" wrote:
Hi,

Thanks for your reply.
From my understanding of the url u gave me, the role refers to the the name
of the Windows user group for which to check membership. However, the "Admin"
role that I have for my users are just for my application. Am I right ?

regards,
andrew

Mar 28 '06 #4
Thanks for the links, very informative articles.

"Jed" wrote:
When you use FormsAuthentication you are actually getting a new user context.

This is how you would access the role assignments.
HttpContext.Current.User.IsInRole("ModuleB")

You may want to test for whether the current user is authenticated with
something like this.
HttpContext.Current.Request.IsAuthenticated

These links may make more sense.
http://aspnet.4guysfromrolla.com/art...82703-1.2.aspx
http://dotnet.org.za/stuartg/articles/1415.aspx

You are probably better off breaking the two areas into subfolders. Each
subfolder could have it's own config file specifying the role access.

Alternatively, you could create an admin base page and a module b base page
where you test for roles. Then make sure relevant pages inherit from the
right one. If the roles overlap then maybe admin inherits from module b.

"Andrew" wrote:
Hi,

Thanks for your reply.
From my understanding of the url u gave me, the role refers to the the name
of the Windows user group for which to check membership. However, the "Admin"
role that I have for my users are just for my application. Am I right ?

regards,
andrew

Mar 29 '06 #5
hi,

I've written the code for the login using the genericprincipal class etc.
However, I got the error at "Thread was aborted" on my Login.aspx. I can't
figure out why. The debugger jumps to the exception at the
"Response.Redirect" (last) line:

FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
(string)Session["UserLoginName"], DateTime.Now, DateTime.Now.AddMinutes(30),
false, (string)Session["UserDomain"]);
// Encrypt the ticket
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket as data
HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection
Response.Cookies.Add(authCookie);
Response.Redirect(FormsAuthentication.GetRedirectU rl(txtUserName.Text, true));

Any help is appreciated. Thanks

regards,
andrew

"Andrew" wrote:
Thanks for the links, very informative articles.

"Jed" wrote:
When you use FormsAuthentication you are actually getting a new user context.

This is how you would access the role assignments.
HttpContext.Current.User.IsInRole("ModuleB")

You may want to test for whether the current user is authenticated with
something like this.
HttpContext.Current.Request.IsAuthenticated

These links may make more sense.
http://aspnet.4guysfromrolla.com/art...82703-1.2.aspx
http://dotnet.org.za/stuartg/articles/1415.aspx

You are probably better off breaking the two areas into subfolders. Each
subfolder could have it's own config file specifying the role access.

Alternatively, you could create an admin base page and a module b base page
where you test for roles. Then make sure relevant pages inherit from the
right one. If the roles overlap then maybe admin inherits from module b.

"Andrew" wrote:
Hi,

Thanks for your reply.
From my understanding of the url u gave me, the role refers to the the name
of the Windows user group for which to check membership. However, the "Admin"
role that I have for my users are just for my application. Am I right ?

regards,
andrew

Mar 29 '06 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
help!! credentials stored in web.config vs in database
by: Gamze | last post by:
Hi, I have difficulties about authentication & authorization thing. My project has an admin folder (which can only be accessed by administrator) and a secret folder - (can be accessed by...
.NET Framework
3
Passwords in web.config... is this secure?
by: John Buchmann | last post by:
In my web.config, I have a section that has a name and password: <credentials passwordFormat="Clear"> <user name="aaa" password="bbb" /> </credentials> Is this secure? What is to stop...
ASP.NET
1
question regarding overriding of web.config in the root directory..in a web app in a virtual directory
by: dotnetprogram | last post by:
I have a web application in the parent directory(http://localhost/). it has a web.config setting as follows: <authentication mode="Forms"> <forms loginUrl="Login.aspx" name="UserToken"...
ASP.NET
2
Weird web.config issue
by: CW | last post by:
I have run into a really strange problem. My objective is that I only want user who have authenticated themselves to be able to access the website (and authentication is performed by form...
ASP.NET
4
can I set web.config to require authentication only for some files?
by: Bennett Haselton | last post by:
If I add this to my web.config file: <authentication mode="Forms"> <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" /> </authentication> I can configure the...
ASP.NET
9
how to let the web.config in the sub-directory to NOT to inherited from Root's web.config.
by: Benny Ng | last post by:
Hi,all, How to let the sub-directory to avoid the authentication control from Root's webconfig? I heard that we can add a new web.config to the sub-directory. And then we can slove the problem....
ASP.NET
4
Suggestion for handling pages requiring redirect using Config File
by: Greg Scharlemann | last post by:
I thought I had a workable approach to specifing which pages required a redirect in a config file, but it appears the way I'm attempting to do it is not going to work. The idea is that I can...
PHP
5
web.config roles
by: Andrew | last post by:
Hi, I have a default.aspx which allows the user to choose between module Admin and module B. When the user clicks either one, he will be redirected to a FormsAuthentication login page. The...
ASP.NET
4
web.config and Login control problem
by: hrawada | last post by:
Hello everyone, I have built a simple website with a simple login page and another page that is the destination page after logging in. The website works fine on my machince however when I...
ASP.NET
4
web.config error in cassini 2.0
by: yancheng.cheok | last post by:
Hello all, I have a web application, which I had developed few years ago with ASP .NET 1.1 Today, I would like to deploy the web application to client, using ASP .NET 2.0 + UltiDev Cassini...
ASP.NET
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!