469,890 Members | 1,425 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,890 developers. It's quick & easy.

question about login and roles

Ben
Hi,
I defined roles in order to deny access for some pages to anonymous users.
I tested it by typing the url of a denied page to test the system
(http://denypage.aspx).

It works (access denied), and i'm automatically redirected to the login.aspx
file that is defined in the root of the application.

Now i wonder how asp.net knows where the file containing the login control
is. I tried this:
- changing the location of file login.aspx (putting it into a subdir)
- changing the name of login.aspx to login2.aspx

In both cases, when trying to access a denied file, i get the error:"The
resource cannot be found: /app_name/login.aspx .

May i conclude that file "login.aspx" always MUST be in the root of the
application and that its name MUST be 'login.aspx'?

Thanks
Mar 12 '07 #1
4 1236
I take you you're using Forms Authentication. In which case, you will have
something like this in your Web.config file:

<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="adAuthCookie" timeout="10" path="/">
</forms>
</authentication>

It is the name in the <formselement LoginUrl attribute that determines
where the user is redirected (if I understand correctly).

HTH
Peter

"Ben" <bn*@mail.dewrote in message
news:u7**************@TK2MSFTNGP03.phx.gbl...
Hi,
I defined roles in order to deny access for some pages to anonymous users.
I tested it by typing the url of a denied page to test the system
(http://denypage.aspx).

It works (access denied), and i'm automatically redirected to the
login.aspx file that is defined in the root of the application.

Now i wonder how asp.net knows where the file containing the login control
is. I tried this:
- changing the location of file login.aspx (putting it into a subdir)
- changing the name of login.aspx to login2.aspx

In both cases, when trying to access a denied file, i get the error:"The
resource cannot be found: /app_name/login.aspx .

May i conclude that file "login.aspx" always MUST be in the root of the
application and that its name MUST be 'login.aspx'?

Thanks

Mar 12 '07 #2
Ben
Hi, thanks for replying.
All i have about authentification in web.config is:

<authentication mode="Forms"/>
Maybe are in that case (when nothing is specified) the default values for
the location the root and for the name of the file 'login.aspx'?
"Peter Bradley" <pb******@uwic.ac.ukschreef in bericht
news:u0**************@TK2MSFTNGP03.phx.gbl...
>I take you you're using Forms Authentication. In which case, you will have
something like this in your Web.config file:

<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="adAuthCookie" timeout="10" path="/">
</forms>
</authentication>

It is the name in the <formselement LoginUrl attribute that determines
where the user is redirected (if I understand correctly).

HTH
Peter

"Ben" <bn*@mail.dewrote in message
news:u7**************@TK2MSFTNGP03.phx.gbl...
>Hi,
I defined roles in order to deny access for some pages to anonymous
users.
I tested it by typing the url of a denied page to test the system
(http://denypage.aspx).

It works (access denied), and i'm automatically redirected to the
login.aspx file that is defined in the root of the application.

Now i wonder how asp.net knows where the file containing the login
control is. I tried this:
- changing the location of file login.aspx (putting it into a subdir)
- changing the name of login.aspx to login2.aspx

In both cases, when trying to access a denied file, i get the error:"The
resource cannot be found: /app_name/login.aspx .

May i conclude that file "login.aspx" always MUST be in the root of the
application and that its name MUST be 'login.aspx'?

Thanks


Mar 12 '07 #3
yep "~/login.aspx" is the default value...
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Hi, thanks for replying.
All i have about authentification in web.config is:
<authentication mode="Forms"/>
Maybe are in that case (when nothing is specified) the default values
for
the location the root and for the name of the file 'login.aspx'?
"Peter Bradley" <pb******@uwic.ac.ukschreef in bericht
news:u0**************@TK2MSFTNGP03.phx.gbl...
>I take you you're using Forms Authentication. In which case, you
will have something like this in your Web.config file:

<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="adAuthCookie" timeout="10"
path="/">
</forms>
</authentication>
It is the name in the <formselement LoginUrl attribute that
determines where the user is redirected (if I understand correctly).

HTH

Peter

"Ben" <bn*@mail.dewrote in message
news:u7**************@TK2MSFTNGP03.phx.gbl...
>>Hi,

I defined roles in order to deny access for some pages to anonymous
users.
I tested it by typing the url of a denied page to test the system
(http://denypage.aspx).
It works (access denied), and i'm automatically redirected to the
login.aspx file that is defined in the root of the application.

Now i wonder how asp.net knows where the file containing the login
control is. I tried this:
- changing the location of file login.aspx (putting it into a
subdir)
- changing the name of login.aspx to login2.aspx
In both cases, when trying to access a denied file, i get the
error:"The resource cannot be found: /app_name/login.aspx .

May i conclude that file "login.aspx" always MUST be in the root of
the application and that its name MUST be 'login.aspx'?

Thanks

Mar 12 '07 #4
Ben
thanks

"Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.comschre ef in
bericht news:51*************************@news.microsoft.co m...
yep "~/login.aspx" is the default value...
-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
>Hi, thanks for replying.
All i have about authentification in web.config is:
<authentication mode="Forms"/>
Maybe are in that case (when nothing is specified) the default values
for
the location the root and for the name of the file 'login.aspx'?
"Peter Bradley" <pb******@uwic.ac.ukschreef in bericht
news:u0**************@TK2MSFTNGP03.phx.gbl...
>>I take you you're using Forms Authentication. In which case, you
will have something like this in your Web.config file:

<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="adAuthCookie" timeout="10"
path="/">
</forms>
</authentication>
It is the name in the <formselement LoginUrl attribute that
determines where the user is redirected (if I understand correctly).

HTH

Peter

"Ben" <bn*@mail.dewrote in message
news:u7**************@TK2MSFTNGP03.phx.gbl...

Hi,

I defined roles in order to deny access for some pages to anonymous
users.
I tested it by typing the url of a denied page to test the system
(http://denypage.aspx).
It works (access denied), and i'm automatically redirected to the
login.aspx file that is defined in the root of the application.

Now i wonder how asp.net knows where the file containing the login
control is. I tried this:
- changing the location of file login.aspx (putting it into a
subdir)
- changing the name of login.aspx to login2.aspx
In both cases, when trying to access a denied file, i get the
error:"The resource cannot be found: /app_name/login.aspx .

May i conclude that file "login.aspx" always MUST be in the root of
the application and that its name MUST be 'login.aspx'?

Thanks


Mar 12 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by nicholas | last post: by
5 posts views Thread by V. Jenks | last post: by
2 posts views Thread by Frank Bishop | last post: by
1 post views Thread by Alex Nitulescu | last post: by
1 post views Thread by Jakob Lithner | last post: by
1 post views Thread by Waqarahmed | last post: by
reply views Thread by Salome Sato | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.