question about login and roles

Hi,
I defined roles in order to deny access for some pages to anonymous users.
I tested it by typing the url of a denied page to test the system
(http://denypage.aspx).

It works (access denied), and i'm automatically redirected to the
login.aspx file that is defined in the root of the application.

Now i wonder how asp.net knows where the file containing the login control
is. I tried this:
- changing the location of file login.aspx (putting it into a subdir)
- changing the name of login.aspx to login2.aspx

In both cases, when trying to access a denied file, i get the error:"The
resource cannot be found: /app_name/login.aspx .

May i conclude that file "login.aspx" always MUST be in the root of the
application and that its name MUST be 'login.aspx'?

Thanks

>I take you you're using Forms Authentication. In which case, you will have
something like this in your Web.config file:

<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="adAuthCookie" timeout="10" path="/">
</forms>
</authentication>

It is the name in the <formselement LoginUrl attribute that determines
where the user is redirected (if I understand correctly).

HTH
Peter

"Ben" <bn*@mail.dewrote in message
news:u7**************@TK2MSFTNGP03.phx.gbl...

>Hi,
I defined roles in order to deny access for some pages to anonymous
users.
I tested it by typing the url of a denied page to test the system
(http://denypage.aspx).

It works (access denied), and i'm automatically redirected to the
login.aspx file that is defined in the root of the application.

Now i wonder how asp.net knows where the file containing the login
control is. I tried this:
- changing the location of file login.aspx (putting it into a subdir)
- changing the name of login.aspx to login2.aspx

In both cases, when trying to access a denied file, i get the error:"The
resource cannot be found: /app_name/login.aspx .

May i conclude that file "login.aspx" always MUST be in the root of the
application and that its name MUST be 'login.aspx'?

Thanks

Hi, thanks for replying.
All i have about authentification in web.config is:
<authentication mode="Forms"/>
Maybe are in that case (when nothing is specified) the default values
for
the location the root and for the name of the file 'login.aspx'?
"Peter Bradley" <pb******@uwic.ac.ukschreef in bericht
news:u0**************@TK2MSFTNGP03.phx.gbl...

>I take you you're using Forms Authentication. In which case, you
will have something like this in your Web.config file:

<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="adAuthCookie" timeout="10"
path="/">
</forms>
</authentication>
It is the name in the <formselement LoginUrl attribute that
determines where the user is redirected (if I understand correctly).

HTH

Peter

"Ben" <bn*@mail.dewrote in message
news:u7**************@TK2MSFTNGP03.phx.gbl...

>>Hi,

I defined roles in order to deny access for some pages to anonymous
users.
I tested it by typing the url of a denied page to test the system
(http://denypage.aspx).
It works (access denied), and i'm automatically redirected to the
login.aspx file that is defined in the root of the application.

Now i wonder how asp.net knows where the file containing the login
control is. I tried this:
- changing the location of file login.aspx (putting it into a
subdir)
- changing the name of login.aspx to login2.aspx
In both cases, when trying to access a denied file, i get the
error:"The resource cannot be found: /app_name/login.aspx .

May i conclude that file "login.aspx" always MUST be in the root of
the application and that its name MUST be 'login.aspx'?

Thanks

yep "~/login.aspx" is the default value...
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)

>Hi, thanks for replying.
All i have about authentification in web.config is:
<authentication mode="Forms"/>
Maybe are in that case (when nothing is specified) the default values
for
the location the root and for the name of the file 'login.aspx'?
"Peter Bradley" <pb******@uwic.ac.ukschreef in bericht
news:u0**************@TK2MSFTNGP03.phx.gbl...

>>I take you you're using Forms Authentication. In which case, you
will have something like this in your Web.config file:

<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="adAuthCookie" timeout="10"
path="/">
</forms>
</authentication>
It is the name in the <formselement LoginUrl attribute that
determines where the user is redirected (if I understand correctly).

HTH

Peter

"Ben" <bn*@mail.dewrote in message
news:u7**************@TK2MSFTNGP03.phx.gbl...

Hi,

I defined roles in order to deny access for some pages to anonymous
users.
I tested it by typing the url of a denied page to test the system
(http://denypage.aspx).
It works (access denied), and i'm automatically redirected to the
login.aspx file that is defined in the root of the application.

Now i wonder how asp.net knows where the file containing the login
control is. I tried this:
- changing the location of file login.aspx (putting it into a
subdir)
- changing the name of login.aspx to login2.aspx
In both cases, when trying to access a denied file, i get the
error:"The resource cannot be found: /app_name/login.aspx .

May i conclude that file "login.aspx" always MUST be in the root of
the application and that its name MUST be 'login.aspx'?

Thanks