473,378 Members | 1,500 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > .net security - not 'all' pages

Join Bytes to post your question to a community of 473,378 software developers and data experts.

.Net Security - Not 'all' pages

I am fighting with XP-Pro and VS.Net trying to allow some of the pages in my
application to be accessable by 'all' I am using <authentication
mode="Forms" /> and if I Login - everything works fine. My code comes from
a walkthrough (I am learning) and I am currently using
(User.Identity.IsAuthenticated) in the Login.aspx page to validate UserID
against my database (I like it).
What I need is a 'simple' method by which I can set some of the generic
pages to be accessable by 'all' visitors, even those Not LogedIn. Ken
Dopierala Jr. answered another post and suggested I use <location
path="directory"> to allow Role based access to some directories and then
just <allow users="*" />.
PLEASE - There must be a 'simple' way I can desiginate a page as generic and
not require authorization to access these generic pages.
Can anyone give me some 'detail' advice on how to accomplish this?
Thanks,
Paul
Jul 21 '05 #1
7 2569
Hi Paul,

I totally recommend against doing this and instead using a Roles based
security system. But here is a workaround. Create a class and add this
code:

Option Strict On
Option Explicit On

Imports System
Imports System.Web
Imports System.Web.UI

Public Class MyBasePage
Inherits System.Web.UI.Page

Protected Overrides Sub OnLoad(ByVal e As System.EventArgs)
If (User.Identity.IsAuthenticated = False) Then
Response.Redirect("Login.aspx")
End If
End Sub
End Class

Have every page that you want to have protected inherit from this page. For
every page that you want generic have it still inherit from
"System.Web.UI.Page". Now, if a user isn't authenticated, and this is a
protected page, they will be sent to Login.aspx. Remember to set your
<authentication> tag to allow everyone, you are no longer using the the
ASP.Net built in management for authentication. I wouldn't do it this way
and in the end you'll be totally screwing yourself over. But, this will at
least do what you want it to until you switch over to Roles based
authentication. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

"PaulThomas" <Pa********@discussions.microsoft.com> wrote in message
news:11**********************************@microsof t.com...
I am fighting with XP-Pro and VS.Net trying to allow some of the pages in my application to be accessable by 'all' I am using <authentication
mode="Forms" /> and if I Login - everything works fine. My code comes from a walkthrough (I am learning) and I am currently using
(User.Identity.IsAuthenticated) in the Login.aspx page to validate UserID
against my database (I like it).
What I need is a 'simple' method by which I can set some of the generic
pages to be accessable by 'all' visitors, even those Not LogedIn. Ken
Dopierala Jr. answered another post and suggested I use <location
path="directory"> to allow Role based access to some directories and then
just <allow users="*" />.
PLEASE - There must be a 'simple' way I can desiginate a page as generic and not require authorization to access these generic pages.
Can anyone give me some 'detail' advice on how to accomplish this?
Thanks,
Paul

Jul 21 '05 #2
Ken,
I am following an example from WebMatrix called MyPics - - it allows
authorized users to (Login with UserID & Password - verified against the User
database) and to Upload pictures - and I thought anyone could view the
pictures. I am trying to get a site up (for the practice & learning) that
will allow anyone to look around, but allow Logined users more access to
secure pages.
The Login.aspx.cs is:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

namespace FGC
{
/// <summary>
/// Summary description for Login.
/// </summary>
public class Login : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label Label1;
protected System.Web.UI.WebControls.Label Label2;
protected System.Web.UI.WebControls.Label Msg;
protected System.Web.UI.WebControls.TextBox UserEMail;
protected System.Web.UI.WebControls.TextBox UserPass;
protected System.Web.UI.WebControls.Button Button2;
protected System.Web.UI.WebControls.LinkButton LinkButton1;
protected System.Web.UI.WebControls.HyperLink Hyperlink1;
protected System.Web.UI.WebControls.HyperLink Hyperlink2;
protected System.Web.UI.WebControls.HyperLink Hyperlink3;
protected System.Web.UI.WebControls.Button Button1;

private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
//if( !Page.IsPostBack )
//{
// Response.Redirect("Home.aspx");
// Response.Redirect("Default.aspx");
// return;
//}
UserEMail.Text = "ad***@nowhere.com"; //TEMP
UserPass.Text = "password"; //TEMP
//Msg.Text = "Login - Page_Load - Message initialized.";
if (!Page.IsPostBack)
Msg.Text = "Login - Page_Load - First Load.";
//output.Write("Page has just been loaded");
else
//Msg.Text = Msg.Text;
Msg.Text = "Login - Page_Load - Page is PostBack.";
//output.Write("Postback has occured");
}

private void Button1_Click(object sender, System.EventArgs e)
{
if( !Page.IsValid )
{
Msg.Text = "Some required fields are invalid.";
return;
}

int intUserId = -1;
int intRoleId = -1;

if (SSDAL.ValidateUser(UserEMail.Text, UserPass.Text,
ref intUserId, ref intRoleId))
{
// TODO -- Add Session Handling
FormsAuthentication.SetAuthCookie(UserEMail.Text, false);

Session[AppGlobals.sessKeyUserId] = intUserId;
Session[AppGlobals.sessKeyRoleId] = intRoleId;

Session[AppGlobals.sessActualUserId] = UserEMail.Text;
Session[AppGlobals.sessActualRoleId] = UserPass.Text;

Msg.Text = "ReDirecting to MainPic.aspx";
//Response.Redirect("default.aspx");
Response.Redirect("MainPic.aspx");
}
else
{
Msg.CssClass = AppGlobals.errMsgCSS;
Msg.Text = AppGlobals.errMsgInvalidUser;
Response.Redirect("AddUser/AddUser.aspx");
}
}

#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}

/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.UserEMail.TextChanged += new
System.EventHandler(this.UserEMail_TextChanged);
this.Button1.Click += new System.EventHandler(this.Button1_Click);
this.Button2.Click += new System.EventHandler(this.Button2_Click);
this.LinkButton1.Click += new System.EventHandler(this.LinkButton1_Click);
this.Load += new System.EventHandler(this.Page_Load);

}
#endregion

private void UserEMail_TextChanged(object sender, System.EventArgs e)
{

}

private void Button2_Click(object sender, System.EventArgs e)
{
Msg.Text = "ReDirecting to Default.aspx";
Response.Redirect("Default.aspx");
}

private void LinkButton1_Click(object sender, System.EventArgs e)
{
bool MyVar = true;
Msg.Text = "ReDirecting to Home.aspx";
Response.Redirect("Home.aspx",MyVar);
}

}
}

the LinkButton1 & 2 - don't work - they just re-load the Login page.....

================================================== =====

a page that uses security is MainPic and the aspx.cs is:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

namespace FGC
{
/// <summary>
/// Summary description for Default.
/// </summary>
public class MainPic : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label lblUserId;
protected System.Web.UI.WebControls.DropDownList cboImageGroups;
protected System.Web.UI.WebControls.DropDownList cboGridPages;
protected System.Web.UI.WebControls.TextBox txtUserAlias;
protected System.Web.UI.WebControls.TextBox txtUserPassword;
protected System.Web.UI.WebControls.Button btnLogin;
protected System.Web.UI.WebControls.Panel pnlLogin;
protected System.Web.UI.WebControls.Button btnLogout;
protected System.Web.UI.WebControls.HyperLink hlinkNewImage;
protected System.Web.UI.WebControls.Panel pnlLogout;
protected System.Web.UI.WebControls.DataGrid grdImages;

private void Page_Load(object sender, System.EventArgs e)
{
AdjustUI();
//txtUserAlias.Text = "ad***@nowhere.com"; //TEMP
//txtUserPassword.Text = "password"; //TEMP
if ( !Page.IsPostBack )
{
LoadImageGroups();
LoadGridData();
LoadCboPages();
}
}

private void LoadGridData()
{
int intMinRoleId = 0;
if ( User.Identity.IsAuthenticated )
intMinRoleId =
Convert.ToInt32(Session[AppGlobals.sessKeyRoleId]);
//int groupId = 0;
//int groupId = int.Parse(cboImageGroups.SelectedValue);
//int groupIdA = int.Parse(cboImageGroups.DataTextField); //Bad
//int groupIdB = int.Parse(cboImageGroups.SelectedItem.Text); //Bad
//int groupIdC = int.Parse(cboImageGroups.SelectedItem.Value); //Bad
//int groupId = int.Parse(cboImageGroups.DataValueField); //mine Bad
DataView dv = new DataView(SSDAL.AllImages);
dv.RowFilter = "ImageGroupId = " + cboImageGroups.SelectedItem.Value; //
Mine
// dv.RowFilter = "ImageGroupId = " + cboImageGroups.SelectedValue;
grdImages.DataSource = dv;
grdImages.DataBind();
}
private void LoadImageGroups()
{
DataView dv = new DataView(SSDAL.ImageGroups);
// Perform Data Binding
if ( dv != null)
{
if ( User.Identity.IsAuthenticated )
dv.RowFilter = "MinRoleId <= " +
Session[AppGlobals.sessKeyRoleId].ToString();
else
dv.RowFilter = "MinRoleId = 0";
cboImageGroups.DataSource = dv;
cboImageGroups.DataValueField = "ImageGroupId";
cboImageGroups.DataTextField = "ImageGroup";
cboImageGroups.DataBind();
cboImageGroups.SelectedIndex = 0;
}
}

public void cboImageGroups_SelectedIndexChanged(object sender, EventArgs e)
{
grdImages.CurrentPageIndex = 0;
LoadGridData();
LoadCboPages();
}

public void grdImages_PageIndexChanged(object sender,
DataGridPageChangedEventArgs e)
{
grdImages.CurrentPageIndex = e.NewPageIndex;
LoadGridData();
}

public void grdImages_SelectedIndexChanged(object sender, EventArgs e)
{
grdImages.CurrentPageIndex = 0;
}
private void LoadCboPages()
{
DataView dv = (DataView)grdImages.DataSource;
int intRowCount = dv.Count;
int intPageSize = 5;
int intRemainder = intRowCount % intPageSize;
int intPages = ((intRowCount - intRemainder) / intPageSize);
if ( intRemainder > 0 )
intPages += 1;
if (intPages == 0)
intPages = 1; // deal with lower bound case
string[] pages = new string[intPages];
for (int i=0; i<intPages; i++)
pages[i] = "Page " + (i+1).ToString();
cboGridPages.DataSource = pages;
cboGridPages.DataBind();
}

//void cboGridPages_SelectedIndexChanged(object sender, EventArgs e) {
// private void cboImageGroups_SelectedIndexChanged
// (object sender, System.EventArgs e) {
// string strSelected = cboGridPages.SelectedValue;
// grdImages.CurrentPageIndex =
// (Convert.ToInt32(strSelected.Substring(5)) - 1);
// LoadGridData();
// }
// }

public void cboGridPages_SelectedIndexChanged(object sender, EventArgs e)
{
//string strSelected = cboGridPages.SelectedValue;
string strSelected = cboGridPages.SelectedItem.Value; // Mine
grdImages.CurrentPageIndex =
(Convert.ToInt32(strSelected.Substring(5)) - 1);
LoadGridData();
}
protected string GetImageUrl(object dataItem, bool isThumbnail)
{
string imageUrl;
string qstring;

if (isThumbnail)
{
qstring = string.Format("Path={0}&MinRole={1}",
DataBinder.Eval(dataItem, "FullImageThumbPath"),
DataBinder.Eval(dataItem, "MinRole"));
imageUrl = "ShowImage.axd?" + qstring;
}
else
{
qstring = string.Format("Path={0}&MinRole={1}",
DataBinder.Eval(dataItem, "FullImagePath"),
DataBinder.Eval(dataItem, "MinRole"));
imageUrl = "ShowImage.aspx?" + qstring;
}

return imageUrl;
}
private void btnLogin_Click(object sender, System.EventArgs e)
{
int intUserId = -1;
int intRoleId = -1;

if (SSDAL.ValidateUser(txtUserAlias.Text, txtUserPassword.Text,
ref intUserId, ref intRoleId))
{
// TODO -- Add Session Handling
FormsAuthentication.SetAuthCookie(txtUserAlias.Tex t, false);

Session[AppGlobals.sessKeyUserId] = intUserId;
Session[AppGlobals.sessKeyRoleId] = intRoleId;

Session[AppGlobals.sessActualUserId] = txtUserAlias;
Session[AppGlobals.sessActualRoleId] = txtUserPassword;

//Response.Redirect("default.aspx");
Response.Redirect("MainPic.aspx");
}
else
{
lblUserId.CssClass = AppGlobals.errMsgCSS;
lblUserId.Text = AppGlobals.errMsgInvalidUser;
}
}
private void btnLogout_Click(object sender, System.EventArgs e)
{
if ( User.Identity.IsAuthenticated )
{
Session.Remove(AppGlobals.sessKeyUserId);
Session.Remove(AppGlobals.sessKeyRoleId);

// TODO -- Add Session Handling
FormsAuthentication.SignOut();

//Response.Redirect("default.aspx");
Response.Redirect("MainPic.aspx");
}
}
private void AdjustUI()
{
bool fUA = User.Identity.IsAuthenticated;
if ( fUA )
lblUserId.Text = User.Identity.Name;
else
lblUserId.Text = AppGlobals.infoMsgAnonymous;

lblUserId.CssClass = String.Empty;
pnlLogin.Visible = (!fUA);
pnlLogout.Visible = fUA;
}

#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}

/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.btnLogin.Click += new System.EventHandler(this.btnLogin_Click);
this.btnLogout.Click += new System.EventHandler(this.btnLogout_Click);
this.Load += new System.EventHandler(this.Page_Load);

}
#endregion
}
}

================================================== ========

I want to do it the 'right' way - but I am not sure I really want Role based
security (do I?) I like the User ability to 'Register' and then have access
to 'secure' functionality.

Thanks so much for your time.
Paul

================================================== =========
================================================== =========
================================================== =========

"Ken Dopierala Jr." wrote:
Hi Paul,

I totally recommend against doing this and instead using a Roles based
security system. But here is a workaround. Create a class and add this
code:

Option Strict On
Option Explicit On

Imports System
Imports System.Web
Imports System.Web.UI

Public Class MyBasePage
Inherits System.Web.UI.Page

Protected Overrides Sub OnLoad(ByVal e As System.EventArgs)
If (User.Identity.IsAuthenticated = False) Then
Response.Redirect("Login.aspx")
End If
End Sub
End Class

Have every page that you want to have protected inherit from this page. For
every page that you want generic have it still inherit from
"System.Web.UI.Page". Now, if a user isn't authenticated, and this is a
protected page, they will be sent to Login.aspx. Remember to set your
<authentication> tag to allow everyone, you are no longer using the the
ASP.Net built in management for authentication. I wouldn't do it this way
and in the end you'll be totally screwing yourself over. But, this will at
least do what you want it to until you switch over to Roles based
authentication. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

"PaulThomas" <Pa********@discussions.microsoft.com> wrote in message
news:11**********************************@microsof t.com...
I am fighting with XP-Pro and VS.Net trying to allow some of the pages in

my
application to be accessable by 'all' I am using <authentication
mode="Forms" /> and if I Login - everything works fine. My code comes

from
a walkthrough (I am learning) and I am currently using
(User.Identity.IsAuthenticated) in the Login.aspx page to validate UserID
against my database (I like it).
What I need is a 'simple' method by which I can set some of the generic
pages to be accessable by 'all' visitors, even those Not LogedIn. Ken
Dopierala Jr. answered another post and suggested I use <location
path="directory"> to allow Role based access to some directories and then
just <allow users="*" />.
PLEASE - There must be a 'simple' way I can desiginate a page as generic

and
not require authorization to access these generic pages.
Can anyone give me some 'detail' advice on how to accomplish this?
Thanks,
Paul


Jul 21 '05 #3
Hi Paul,

The response I gave you before will do the trick. I didn't know you were
using C#. Here is how to do it.

1) Create a class:

using System;
using System.Web;
using System.Web.UI;

public class MyBasePage : System.Web.UI.Page {

override void OnLoad(System.EventArgs e) {
if (User.Identity.IsAuthenticated == false) {
Response.Redirect("Login.aspx");
}
}

}

2) Declare protected pages like this:

public class ProtectedPage : MyBasePage {
}

3) Declare public pages like this:

public class PublicPage : System.Web.UI.Page {
}

If your user isn't logged in and goes to a protected page he will be
redirected to the login page. Any page that derives from System.Web.UI.Page
will let everyone see it. In your Web.config make sure your <authorization>
tag looks like this:

<authorization>
<allow users="*" />
</authorization>

Here is a tutorial on roles based:

http://www.xoc.net/works/tips/forms-authentication.asp

Roles based lets you protect entire folders based on user type. You still
have them sign up and when they do you assign them a role. With the code
above you can implement it the way they are doing it in your example. Good
luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.
Jul 21 '05 #4
I did exactly as you said - but I get the following errors:
CODE - in MyBasePage
override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : virtual or abstract members
cannot be private

CODE - in MyBasePage
public override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : cannot change access modifiers
when overriding 'protected' inherited member
'System.Web.UI.Control.OnLoad(System.EventArgs)

I like your suggestion - and I know we are close.
Thanks again,
Paul

================================================== ========

"Ken Dopierala Jr." wrote:
Hi Paul,

The response I gave you before will do the trick. I didn't know you were
using C#. Here is how to do it.

1) Create a class:

using System;
using System.Web;
using System.Web.UI;

public class MyBasePage : System.Web.UI.Page {

override void OnLoad(System.EventArgs e) {
if (User.Identity.IsAuthenticated == false) {
Response.Redirect("Login.aspx");
}
}

}

2) Declare protected pages like this:

public class ProtectedPage : MyBasePage {
}

3) Declare public pages like this:

public class PublicPage : System.Web.UI.Page {
}

If your user isn't logged in and goes to a protected page he will be
redirected to the login page. Any page that derives from System.Web.UI.Page
will let everyone see it. In your Web.config make sure your <authorization>
tag looks like this:

<authorization>
<allow users="*" />
</authorization>

Here is a tutorial on roles based:

http://www.xoc.net/works/tips/forms-authentication.asp

Roles based lets you protect entire folders based on user type. You still
have them sign up and when they do you assign them a role. With the code
above you can implement it the way they are doing it in your example. Good
luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

Jul 21 '05 #5
I did exactly as you said - but I get the following errors:
CODE - in MyBasePage
override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : virtual or abstract members
cannot be private

CODE - in MyBasePage
public override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : cannot change access modifiers
when overriding 'protected' inherited member
'System.Web.UI.Control.OnLoad(System.EventArgs)

I like your suggestion - and I know we are close.
Thanks again,
Paul

================================================== ========

"Ken Dopierala Jr." wrote:
Hi Paul,

The response I gave you before will do the trick. I didn't know you were
using C#. Here is how to do it.

1) Create a class:

using System;
using System.Web;
using System.Web.UI;

public class MyBasePage : System.Web.UI.Page {

override void OnLoad(System.EventArgs e) {
if (User.Identity.IsAuthenticated == false) {
Response.Redirect("Login.aspx");
}
}

}

2) Declare protected pages like this:

public class ProtectedPage : MyBasePage {
}

3) Declare public pages like this:

public class PublicPage : System.Web.UI.Page {
}

If your user isn't logged in and goes to a protected page he will be
redirected to the login page. Any page that derives from System.Web.UI.Page
will let everyone see it. In your Web.config make sure your <authorization>
tag looks like this:

<authorization>
<allow users="*" />
</authorization>

Here is a tutorial on roles based:

http://www.xoc.net/works/tips/forms-authentication.asp

Roles based lets you protect entire folders based on user type. You still
have them sign up and when they do you assign them a role. With the code
above you can implement it the way they are doing it in your example. Good
luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

Jul 21 '05 #6
Hi Paul,

Try:

protected override void OnLoad(System.EventArgs e)

Instead of:

override void OnLoad(System.EventArgs e)

I think it needs to be that, this way derived classes can call it. You also
might need to put: MyBase.OnLoad(e) as the first line in the page load event
of your derived classes but I'm not totally sure. I'm also not sure if C#
uses MyBase or something else to reach it's parent class. Ken.

"PaulThomas" <Pa********@discussions.microsoft.com> wrote in message
news:C3**********************************@microsof t.com...
I did exactly as you said - but I get the following errors:
CODE - in MyBasePage
override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : virtual or abstract members
cannot be private

CODE - in MyBasePage
public override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : cannot change access modifiers when overriding 'protected' inherited member
'System.Web.UI.Control.OnLoad(System.EventArgs)

I like your suggestion - and I know we are close.
Thanks again,
Paul

================================================== ========

"Ken Dopierala Jr." wrote:
Hi Paul,

The response I gave you before will do the trick. I didn't know you were using C#. Here is how to do it.

1) Create a class:

using System;
using System.Web;
using System.Web.UI;

public class MyBasePage : System.Web.UI.Page {

override void OnLoad(System.EventArgs e) {
if (User.Identity.IsAuthenticated == false) {
Response.Redirect("Login.aspx");
}
}

}

2) Declare protected pages like this:

public class ProtectedPage : MyBasePage {
}

3) Declare public pages like this:

public class PublicPage : System.Web.UI.Page {
}

If your user isn't logged in and goes to a protected page he will be
redirected to the login page. Any page that derives from System.Web.UI.Page will let everyone see it. In your Web.config make sure your <authorization> tag looks like this:

<authorization>
<allow users="*" />
</authorization>

Here is a tutorial on roles based:

http://www.xoc.net/works/tips/forms-authentication.asp

Roles based lets you protect entire folders based on user type. You still have them sign up and when they do you assign them a role. With the code above you can implement it the way they are doing it in your example. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

Jul 21 '05 #7
Hi Paul,

Try:

protected override void OnLoad(System.EventArgs e)

Instead of:

override void OnLoad(System.EventArgs e)

I think it needs to be that, this way derived classes can call it. You also
might need to put: MyBase.OnLoad(e) as the first line in the page load event
of your derived classes but I'm not totally sure. I'm also not sure if C#
uses MyBase or something else to reach it's parent class. Ken.

"PaulThomas" <Pa********@discussions.microsoft.com> wrote in message
news:C3**********************************@microsof t.com...
I did exactly as you said - but I get the following errors:
CODE - in MyBasePage
override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : virtual or abstract members
cannot be private

CODE - in MyBasePage
public override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : cannot change access modifiers when overriding 'protected' inherited member
'System.Web.UI.Control.OnLoad(System.EventArgs)

I like your suggestion - and I know we are close.
Thanks again,
Paul

================================================== ========

"Ken Dopierala Jr." wrote:
Hi Paul,

The response I gave you before will do the trick. I didn't know you were using C#. Here is how to do it.

1) Create a class:

using System;
using System.Web;
using System.Web.UI;

public class MyBasePage : System.Web.UI.Page {

override void OnLoad(System.EventArgs e) {
if (User.Identity.IsAuthenticated == false) {
Response.Redirect("Login.aspx");
}
}

}

2) Declare protected pages like this:

public class ProtectedPage : MyBasePage {
}

3) Declare public pages like this:

public class PublicPage : System.Web.UI.Page {
}

If your user isn't logged in and goes to a protected page he will be
redirected to the login page. Any page that derives from System.Web.UI.Page will let everyone see it. In your Web.config make sure your <authorization> tag looks like this:

<authorization>
<allow users="*" />
</authorization>

Here is a tutorial on roles based:

http://www.xoc.net/works/tips/forms-authentication.asp

Roles based lets you protect entire folders based on user type. You still have them sign up and when they do you assign them a role. With the code above you can implement it the way they are doing it in your example. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

Jul 21 '05 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Under High IE Security buttons don't work
by: Gary D. Rezek | last post by:
Hi All, I've got a set of asp pages used to register students into the ResNet database. Testing things out under different browser security settings I ran into a problem. The following buttons.......
ASP / Active Server Pages
1
Setting up security on my web application
by: Sam Vanderstraeten | last post by:
Hi all, My situation: - VB.net & Visual Studio 2002 - IIS 6.0 - Windows XP Pro (development) and Windows 2000 server (release) I created a test-application (before I started to develop the...
ASP.NET
2
application security
by: MW | last post by:
Hi, I'm trying to secure my application. I'm using forms authentication and I check passwords against a database. I have a login.aspx page in the root of my application, pages that I want...
ASP.NET
5
Norton Internet Security blocks some of my ASP.NET pages
by: Chris Zoper | last post by:
Hello, Norton Internet Security blocks some of my ASP.NET pages. The pages are very 'normal' pages though. There is no 'dangerous' code in it or something like that. Also, the page is not in a...
ASP.NET
3
Role Based Security Question
by: Mike Logan | last post by:
Questions about Role Based Security in ASP.Net: I have a few questions about role based security in an ASP.Net application. Below are some points about our system: - We have a hierarchical...
ASP.NET
0
False Alarm from Forms Security Validation
by: honcho | last post by:
My ASP.NET web application has a flaw that produces false security-violation alarms. There are several categories of users for this web site, e.g. Colonels, Sergeants, Private_1s, and...
ASP.NET
3
.Net Security - Not 'all' pages
by: PaulThomas | last post by:
I am fighting with XP-Pro and VS.Net trying to allow some of the pages in my application to be accessable by 'all' I am using <authentication mode="Forms" /> and if I Login - everything works...
.NET Framework
4
Looking for general advice on security
by: tony | last post by:
I'm designing a survey form page that will be fairly complex and am becoming confident enough with PHP now to tackle most things. (Thanks to everyone here who has helped) Before I go too far...
PHP
9
Security concerns...
by: transpar3nt | last post by:
Hello all, first time poster, long time reader. I have been studying PHP and web development for a while now but have never taken on a paid project with it until now. I have been asked by a...
PHP
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!