473,320 Members | 1,867 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

asp.net forms authentication override based on individual pages.

Hi,
I have a asp.net application with forms authentication enabled.
Users create private (database driven) messages (pages; like a message
board) that is only viewed by logged in users.

Now I need to give the users the ability to publish these messages to the
public (if they decide the content is public safe).

Question is... is there a method to override forms authentication?
For an example; some thing like a method... where I look at the URL and
retrun true or false... so forms authentication is ignored based on this
method return value....
Basically to programatically ignore forms authentication for that request
only.

Any direction is deply appreciated
Thanks
Nalaka
Jul 6 '07 #1
5 2326
There are two ways to solve this problem.

1. Have a second page for public access to messages that filters for
messages where IsPublic=true.
2. Write your own authentication bits for the "display message" page that
alters the query based on whether the user is logged in or not.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com
Co-author: Microsoft Expression Web Bible (upcoming)

************************************************
Think outside the box!
************************************************
"Nalaka" <na******@nospam.nospamwrote in message
news:uv**************@TK2MSFTNGP02.phx.gbl...
Hi,
I have a asp.net application with forms authentication enabled.
Users create private (database driven) messages (pages; like a message
board) that is only viewed by logged in users.

Now I need to give the users the ability to publish these messages to the
public (if they decide the content is public safe).

Question is... is there a method to override forms authentication?
For an example; some thing like a method... where I look at the URL and
retrun true or false... so forms authentication is ignored based on this
method return value....
Basically to programatically ignore forms authentication for that request
only.

Any direction is deply appreciated
Thanks
Nalaka


Jul 7 '07 #2
Hi,
The feature I like in "forms authentication" is that, it first sent to login
page, and be auto forwarded to the requested page after login.

And I noticed that this is acoomplished through a URL modification when
calling login page.
like ....
http://www.my.com/login.aspx?ReturnU...ectedPage.aspx

I will try to simulate this URL thing... and to a manual redirect to the
login page with the requested URL.
Hope this calling login page manually will auto redirect after login to the
"original requested URL".

Question is... if this works... are there any issues that I have to worry
about?

Thanks
Nalaka
"Nalaka" <na******@nospam.nospamwrote in message
news:uv**************@TK2MSFTNGP02.phx.gbl...
Hi,
I have a asp.net application with forms authentication enabled.
Users create private (database driven) messages (pages; like a message
board) that is only viewed by logged in users.

Now I need to give the users the ability to publish these messages to the
public (if they decide the content is public safe).

Question is... is there a method to override forms authentication?
For an example; some thing like a method... where I look at the URL and
retrun true or false... so forms authentication is ignored based on this
method return value....
Basically to programatically ignore forms authentication for that request
only.

Any direction is deply appreciated
Thanks
Nalaka


Jul 12 '07 #3
Hi Nalaka,

Do you mean to use FormsAuthentication.RedirectFromLoginPage to redirect to
the page if the user is anonymous but the page is a public one? Please note
this method is used to redirect an authenticated user back to the
originally requested URL. I don't think it's a good idea to redirect for
anonymous user.

Personally I think Gregory's first suggestion is better and simpler to
implement.
Regards,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Jul 13 '07 #4
Hi Walter,
I have a page that should be authenticated under certain request parameters.
So, in the load method of this page, I check to see if the page needs
authentication or annonumous.

In the load method, if authentication is needed, and not a already
authenticated, I redirect the user to the login page.
(In the redirect URL I also pass in parameters like
"ReturnUrl=%2fNotProtectedFolder%2fDefault.asp x")

Then after legitimated login using loginPage.... asp.net sends the user back
to the originally requested URL (that was in the parameters).
Seem to work fine... when I tested.
This is not a protected folder... all I want is to go through loginPage...
only if (based on request parameters) the user needs to be
authenticated.....

Nalaka


"Walter Wang [MSFT]" <wa****@online.microsoft.comwrote in message
news:gy**************@TK2MSFTNGHUB02.phx.gbl...
Hi Nalaka,

Do you mean to use FormsAuthentication.RedirectFromLoginPage to redirect
to
the page if the user is anonymous but the page is a public one? Please
note
this method is used to redirect an authenticated user back to the
originally requested URL. I don't think it's a good idea to redirect for
anonymous user.

Personally I think Gregory's first suggestion is better and simpler to
implement.
Regards,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no
rights.

Jul 16 '07 #5
Hi Nalaka,

Thanks for the detailed explanation. If the folder where the page is
located not protected, then I think this approach should work.

Thank you again for sharing your experience here.
Regards,
Walter Wang (wa****@online.microsoft.com, remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Jul 17 '07 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: abdulrauf | last post by:
Hope someone can help. I am trying to build an application that will allow a user to access/deny an application, the application's individual pages, and the forms within the individual pages. ...
3
by: Kris van der Mast | last post by:
Hi, I've created a little site for my sports club. In the root folder there are pages that are viewable by every anonymous user but at a certain subfolder my administration pages should be...
2
by: Jenny | last post by:
Hi all How can the following problem be solved: My application uses forms authentication. Normally a start.aspx page should be send to the client before login.aspx is shown. Start.aspx...
0
by: Anonieko Ramos | last post by:
ASP.NET Forms Authentication Best Practices Dr. Dobb's Journal February 2004 Protecting user information is critical By Douglas Reilly Douglas is the author of Designing Microsoft ASP.NET...
4
by: MR. UNDERHILL | last post by:
I want to use forms authentication on my website. Looking at the documentation, I create a sample site for testing. One of my requirements is to ensure that SOME pages required an authenticated...
6
by: Manny Chohan | last post by:
I am using forms authetication in the web config. i can validate a user against a database and click on images which makes hidden panels visible.However when i click on the link inside a panel...
3
by: Stu Lock | last post by:
Hi, Is there a way of requiring a log in for individual asp.net pages rather than securing a entire directory. I have a web app where there are 100+ pages but only 2 need to be password...
4
by: matthias s. | last post by:
Hi there, I'm creating a web app which consists of pages, that can seen by all (even anonymous) users. For example, we have a messageboard. The individual threads can be read by all users, but a...
5
by: Rory Becker | last post by:
Having now created a Custom MembershipProvider that seems to work correctly with my Logon and ChangePassword controls, I am, as they say, a happy bunny. The next stange is to move on to the...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.