473,322 Members | 1,911 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

.Net Security - Not 'all' pages

I am fighting with XP-Pro and VS.Net trying to allow some of the pages in my
application to be accessable by 'all' I am using <authentication
mode="Forms" /> and if I Login - everything works fine. My code comes from
a walkthrough (I am learning) and I am currently using
(User.Identity.IsAuthenticated) in the Login.aspx page to validate UserID
against my database (I like it).
What I need is a 'simple' method by which I can set some of the generic
pages to be accessable by 'all' visitors, even those Not LogedIn. Ken
Dopierala Jr. answered another post and suggested I use <location
path="directory"> to allow Role based access to some directories and then
just <allow users="*" />.
PLEASE - There must be a 'simple' way I can desiginate a page as generic and
not require authorization to access these generic pages.
Can anyone give me some 'detail' advice on how to accomplish this?
Thanks,
Paul
Jul 21 '05 #1
7 2562
Hi Paul,

I totally recommend against doing this and instead using a Roles based
security system. But here is a workaround. Create a class and add this
code:

Option Strict On
Option Explicit On

Imports System
Imports System.Web
Imports System.Web.UI

Public Class MyBasePage
Inherits System.Web.UI.Page

Protected Overrides Sub OnLoad(ByVal e As System.EventArgs)
If (User.Identity.IsAuthenticated = False) Then
Response.Redirect("Login.aspx")
End If
End Sub
End Class

Have every page that you want to have protected inherit from this page. For
every page that you want generic have it still inherit from
"System.Web.UI.Page". Now, if a user isn't authenticated, and this is a
protected page, they will be sent to Login.aspx. Remember to set your
<authentication> tag to allow everyone, you are no longer using the the
ASP.Net built in management for authentication. I wouldn't do it this way
and in the end you'll be totally screwing yourself over. But, this will at
least do what you want it to until you switch over to Roles based
authentication. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

"PaulThomas" <Pa********@discussions.microsoft.com> wrote in message
news:11**********************************@microsof t.com...
I am fighting with XP-Pro and VS.Net trying to allow some of the pages in my application to be accessable by 'all' I am using <authentication
mode="Forms" /> and if I Login - everything works fine. My code comes from a walkthrough (I am learning) and I am currently using
(User.Identity.IsAuthenticated) in the Login.aspx page to validate UserID
against my database (I like it).
What I need is a 'simple' method by which I can set some of the generic
pages to be accessable by 'all' visitors, even those Not LogedIn. Ken
Dopierala Jr. answered another post and suggested I use <location
path="directory"> to allow Role based access to some directories and then
just <allow users="*" />.
PLEASE - There must be a 'simple' way I can desiginate a page as generic and not require authorization to access these generic pages.
Can anyone give me some 'detail' advice on how to accomplish this?
Thanks,
Paul

Jul 21 '05 #2
Ken,
I am following an example from WebMatrix called MyPics - - it allows
authorized users to (Login with UserID & Password - verified against the User
database) and to Upload pictures - and I thought anyone could view the
pictures. I am trying to get a site up (for the practice & learning) that
will allow anyone to look around, but allow Logined users more access to
secure pages.
The Login.aspx.cs is:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

namespace FGC
{
/// <summary>
/// Summary description for Login.
/// </summary>
public class Login : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label Label1;
protected System.Web.UI.WebControls.Label Label2;
protected System.Web.UI.WebControls.Label Msg;
protected System.Web.UI.WebControls.TextBox UserEMail;
protected System.Web.UI.WebControls.TextBox UserPass;
protected System.Web.UI.WebControls.Button Button2;
protected System.Web.UI.WebControls.LinkButton LinkButton1;
protected System.Web.UI.WebControls.HyperLink Hyperlink1;
protected System.Web.UI.WebControls.HyperLink Hyperlink2;
protected System.Web.UI.WebControls.HyperLink Hyperlink3;
protected System.Web.UI.WebControls.Button Button1;

private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
//if( !Page.IsPostBack )
//{
// Response.Redirect("Home.aspx");
// Response.Redirect("Default.aspx");
// return;
//}
UserEMail.Text = "ad***@nowhere.com"; //TEMP
UserPass.Text = "password"; //TEMP
//Msg.Text = "Login - Page_Load - Message initialized.";
if (!Page.IsPostBack)
Msg.Text = "Login - Page_Load - First Load.";
//output.Write("Page has just been loaded");
else
//Msg.Text = Msg.Text;
Msg.Text = "Login - Page_Load - Page is PostBack.";
//output.Write("Postback has occured");
}

private void Button1_Click(object sender, System.EventArgs e)
{
if( !Page.IsValid )
{
Msg.Text = "Some required fields are invalid.";
return;
}

int intUserId = -1;
int intRoleId = -1;

if (SSDAL.ValidateUser(UserEMail.Text, UserPass.Text,
ref intUserId, ref intRoleId))
{
// TODO -- Add Session Handling
FormsAuthentication.SetAuthCookie(UserEMail.Text, false);

Session[AppGlobals.sessKeyUserId] = intUserId;
Session[AppGlobals.sessKeyRoleId] = intRoleId;

Session[AppGlobals.sessActualUserId] = UserEMail.Text;
Session[AppGlobals.sessActualRoleId] = UserPass.Text;

Msg.Text = "ReDirecting to MainPic.aspx";
//Response.Redirect("default.aspx");
Response.Redirect("MainPic.aspx");
}
else
{
Msg.CssClass = AppGlobals.errMsgCSS;
Msg.Text = AppGlobals.errMsgInvalidUser;
Response.Redirect("AddUser/AddUser.aspx");
}
}

#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}

/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.UserEMail.TextChanged += new
System.EventHandler(this.UserEMail_TextChanged);
this.Button1.Click += new System.EventHandler(this.Button1_Click);
this.Button2.Click += new System.EventHandler(this.Button2_Click);
this.LinkButton1.Click += new System.EventHandler(this.LinkButton1_Click);
this.Load += new System.EventHandler(this.Page_Load);

}
#endregion

private void UserEMail_TextChanged(object sender, System.EventArgs e)
{

}

private void Button2_Click(object sender, System.EventArgs e)
{
Msg.Text = "ReDirecting to Default.aspx";
Response.Redirect("Default.aspx");
}

private void LinkButton1_Click(object sender, System.EventArgs e)
{
bool MyVar = true;
Msg.Text = "ReDirecting to Home.aspx";
Response.Redirect("Home.aspx",MyVar);
}

}
}

the LinkButton1 & 2 - don't work - they just re-load the Login page.....

================================================== =====

a page that uses security is MainPic and the aspx.cs is:

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

namespace FGC
{
/// <summary>
/// Summary description for Default.
/// </summary>
public class MainPic : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label lblUserId;
protected System.Web.UI.WebControls.DropDownList cboImageGroups;
protected System.Web.UI.WebControls.DropDownList cboGridPages;
protected System.Web.UI.WebControls.TextBox txtUserAlias;
protected System.Web.UI.WebControls.TextBox txtUserPassword;
protected System.Web.UI.WebControls.Button btnLogin;
protected System.Web.UI.WebControls.Panel pnlLogin;
protected System.Web.UI.WebControls.Button btnLogout;
protected System.Web.UI.WebControls.HyperLink hlinkNewImage;
protected System.Web.UI.WebControls.Panel pnlLogout;
protected System.Web.UI.WebControls.DataGrid grdImages;

private void Page_Load(object sender, System.EventArgs e)
{
AdjustUI();
//txtUserAlias.Text = "ad***@nowhere.com"; //TEMP
//txtUserPassword.Text = "password"; //TEMP
if ( !Page.IsPostBack )
{
LoadImageGroups();
LoadGridData();
LoadCboPages();
}
}

private void LoadGridData()
{
int intMinRoleId = 0;
if ( User.Identity.IsAuthenticated )
intMinRoleId =
Convert.ToInt32(Session[AppGlobals.sessKeyRoleId]);
//int groupId = 0;
//int groupId = int.Parse(cboImageGroups.SelectedValue);
//int groupIdA = int.Parse(cboImageGroups.DataTextField); //Bad
//int groupIdB = int.Parse(cboImageGroups.SelectedItem.Text); //Bad
//int groupIdC = int.Parse(cboImageGroups.SelectedItem.Value); //Bad
//int groupId = int.Parse(cboImageGroups.DataValueField); //mine Bad
DataView dv = new DataView(SSDAL.AllImages);
dv.RowFilter = "ImageGroupId = " + cboImageGroups.SelectedItem.Value; //
Mine
// dv.RowFilter = "ImageGroupId = " + cboImageGroups.SelectedValue;
grdImages.DataSource = dv;
grdImages.DataBind();
}
private void LoadImageGroups()
{
DataView dv = new DataView(SSDAL.ImageGroups);
// Perform Data Binding
if ( dv != null)
{
if ( User.Identity.IsAuthenticated )
dv.RowFilter = "MinRoleId <= " +
Session[AppGlobals.sessKeyRoleId].ToString();
else
dv.RowFilter = "MinRoleId = 0";
cboImageGroups.DataSource = dv;
cboImageGroups.DataValueField = "ImageGroupId";
cboImageGroups.DataTextField = "ImageGroup";
cboImageGroups.DataBind();
cboImageGroups.SelectedIndex = 0;
}
}

public void cboImageGroups_SelectedIndexChanged(object sender, EventArgs e)
{
grdImages.CurrentPageIndex = 0;
LoadGridData();
LoadCboPages();
}

public void grdImages_PageIndexChanged(object sender,
DataGridPageChangedEventArgs e)
{
grdImages.CurrentPageIndex = e.NewPageIndex;
LoadGridData();
}

public void grdImages_SelectedIndexChanged(object sender, EventArgs e)
{
grdImages.CurrentPageIndex = 0;
}
private void LoadCboPages()
{
DataView dv = (DataView)grdImages.DataSource;
int intRowCount = dv.Count;
int intPageSize = 5;
int intRemainder = intRowCount % intPageSize;
int intPages = ((intRowCount - intRemainder) / intPageSize);
if ( intRemainder > 0 )
intPages += 1;
if (intPages == 0)
intPages = 1; // deal with lower bound case
string[] pages = new string[intPages];
for (int i=0; i<intPages; i++)
pages[i] = "Page " + (i+1).ToString();
cboGridPages.DataSource = pages;
cboGridPages.DataBind();
}

//void cboGridPages_SelectedIndexChanged(object sender, EventArgs e) {
// private void cboImageGroups_SelectedIndexChanged
// (object sender, System.EventArgs e) {
// string strSelected = cboGridPages.SelectedValue;
// grdImages.CurrentPageIndex =
// (Convert.ToInt32(strSelected.Substring(5)) - 1);
// LoadGridData();
// }
// }

public void cboGridPages_SelectedIndexChanged(object sender, EventArgs e)
{
//string strSelected = cboGridPages.SelectedValue;
string strSelected = cboGridPages.SelectedItem.Value; // Mine
grdImages.CurrentPageIndex =
(Convert.ToInt32(strSelected.Substring(5)) - 1);
LoadGridData();
}
protected string GetImageUrl(object dataItem, bool isThumbnail)
{
string imageUrl;
string qstring;

if (isThumbnail)
{
qstring = string.Format("Path={0}&MinRole={1}",
DataBinder.Eval(dataItem, "FullImageThumbPath"),
DataBinder.Eval(dataItem, "MinRole"));
imageUrl = "ShowImage.axd?" + qstring;
}
else
{
qstring = string.Format("Path={0}&MinRole={1}",
DataBinder.Eval(dataItem, "FullImagePath"),
DataBinder.Eval(dataItem, "MinRole"));
imageUrl = "ShowImage.aspx?" + qstring;
}

return imageUrl;
}
private void btnLogin_Click(object sender, System.EventArgs e)
{
int intUserId = -1;
int intRoleId = -1;

if (SSDAL.ValidateUser(txtUserAlias.Text, txtUserPassword.Text,
ref intUserId, ref intRoleId))
{
// TODO -- Add Session Handling
FormsAuthentication.SetAuthCookie(txtUserAlias.Tex t, false);

Session[AppGlobals.sessKeyUserId] = intUserId;
Session[AppGlobals.sessKeyRoleId] = intRoleId;

Session[AppGlobals.sessActualUserId] = txtUserAlias;
Session[AppGlobals.sessActualRoleId] = txtUserPassword;

//Response.Redirect("default.aspx");
Response.Redirect("MainPic.aspx");
}
else
{
lblUserId.CssClass = AppGlobals.errMsgCSS;
lblUserId.Text = AppGlobals.errMsgInvalidUser;
}
}
private void btnLogout_Click(object sender, System.EventArgs e)
{
if ( User.Identity.IsAuthenticated )
{
Session.Remove(AppGlobals.sessKeyUserId);
Session.Remove(AppGlobals.sessKeyRoleId);

// TODO -- Add Session Handling
FormsAuthentication.SignOut();

//Response.Redirect("default.aspx");
Response.Redirect("MainPic.aspx");
}
}
private void AdjustUI()
{
bool fUA = User.Identity.IsAuthenticated;
if ( fUA )
lblUserId.Text = User.Identity.Name;
else
lblUserId.Text = AppGlobals.infoMsgAnonymous;

lblUserId.CssClass = String.Empty;
pnlLogin.Visible = (!fUA);
pnlLogout.Visible = fUA;
}

#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}

/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.btnLogin.Click += new System.EventHandler(this.btnLogin_Click);
this.btnLogout.Click += new System.EventHandler(this.btnLogout_Click);
this.Load += new System.EventHandler(this.Page_Load);

}
#endregion
}
}

================================================== ========

I want to do it the 'right' way - but I am not sure I really want Role based
security (do I?) I like the User ability to 'Register' and then have access
to 'secure' functionality.

Thanks so much for your time.
Paul

================================================== =========
================================================== =========
================================================== =========

"Ken Dopierala Jr." wrote:
Hi Paul,

I totally recommend against doing this and instead using a Roles based
security system. But here is a workaround. Create a class and add this
code:

Option Strict On
Option Explicit On

Imports System
Imports System.Web
Imports System.Web.UI

Public Class MyBasePage
Inherits System.Web.UI.Page

Protected Overrides Sub OnLoad(ByVal e As System.EventArgs)
If (User.Identity.IsAuthenticated = False) Then
Response.Redirect("Login.aspx")
End If
End Sub
End Class

Have every page that you want to have protected inherit from this page. For
every page that you want generic have it still inherit from
"System.Web.UI.Page". Now, if a user isn't authenticated, and this is a
protected page, they will be sent to Login.aspx. Remember to set your
<authentication> tag to allow everyone, you are no longer using the the
ASP.Net built in management for authentication. I wouldn't do it this way
and in the end you'll be totally screwing yourself over. But, this will at
least do what you want it to until you switch over to Roles based
authentication. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

"PaulThomas" <Pa********@discussions.microsoft.com> wrote in message
news:11**********************************@microsof t.com...
I am fighting with XP-Pro and VS.Net trying to allow some of the pages in

my
application to be accessable by 'all' I am using <authentication
mode="Forms" /> and if I Login - everything works fine. My code comes

from
a walkthrough (I am learning) and I am currently using
(User.Identity.IsAuthenticated) in the Login.aspx page to validate UserID
against my database (I like it).
What I need is a 'simple' method by which I can set some of the generic
pages to be accessable by 'all' visitors, even those Not LogedIn. Ken
Dopierala Jr. answered another post and suggested I use <location
path="directory"> to allow Role based access to some directories and then
just <allow users="*" />.
PLEASE - There must be a 'simple' way I can desiginate a page as generic

and
not require authorization to access these generic pages.
Can anyone give me some 'detail' advice on how to accomplish this?
Thanks,
Paul


Jul 21 '05 #3
Hi Paul,

The response I gave you before will do the trick. I didn't know you were
using C#. Here is how to do it.

1) Create a class:

using System;
using System.Web;
using System.Web.UI;

public class MyBasePage : System.Web.UI.Page {

override void OnLoad(System.EventArgs e) {
if (User.Identity.IsAuthenticated == false) {
Response.Redirect("Login.aspx");
}
}

}

2) Declare protected pages like this:

public class ProtectedPage : MyBasePage {
}

3) Declare public pages like this:

public class PublicPage : System.Web.UI.Page {
}

If your user isn't logged in and goes to a protected page he will be
redirected to the login page. Any page that derives from System.Web.UI.Page
will let everyone see it. In your Web.config make sure your <authorization>
tag looks like this:

<authorization>
<allow users="*" />
</authorization>

Here is a tutorial on roles based:

http://www.xoc.net/works/tips/forms-authentication.asp

Roles based lets you protect entire folders based on user type. You still
have them sign up and when they do you assign them a role. With the code
above you can implement it the way they are doing it in your example. Good
luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.
Jul 21 '05 #4
I did exactly as you said - but I get the following errors:
CODE - in MyBasePage
override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : virtual or abstract members
cannot be private

CODE - in MyBasePage
public override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : cannot change access modifiers
when overriding 'protected' inherited member
'System.Web.UI.Control.OnLoad(System.EventArgs)

I like your suggestion - and I know we are close.
Thanks again,
Paul

================================================== ========

"Ken Dopierala Jr." wrote:
Hi Paul,

The response I gave you before will do the trick. I didn't know you were
using C#. Here is how to do it.

1) Create a class:

using System;
using System.Web;
using System.Web.UI;

public class MyBasePage : System.Web.UI.Page {

override void OnLoad(System.EventArgs e) {
if (User.Identity.IsAuthenticated == false) {
Response.Redirect("Login.aspx");
}
}

}

2) Declare protected pages like this:

public class ProtectedPage : MyBasePage {
}

3) Declare public pages like this:

public class PublicPage : System.Web.UI.Page {
}

If your user isn't logged in and goes to a protected page he will be
redirected to the login page. Any page that derives from System.Web.UI.Page
will let everyone see it. In your Web.config make sure your <authorization>
tag looks like this:

<authorization>
<allow users="*" />
</authorization>

Here is a tutorial on roles based:

http://www.xoc.net/works/tips/forms-authentication.asp

Roles based lets you protect entire folders based on user type. You still
have them sign up and when they do you assign them a role. With the code
above you can implement it the way they are doing it in your example. Good
luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

Jul 21 '05 #5
I did exactly as you said - but I get the following errors:
CODE - in MyBasePage
override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : virtual or abstract members
cannot be private

CODE - in MyBasePage
public override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : cannot change access modifiers
when overriding 'protected' inherited member
'System.Web.UI.Control.OnLoad(System.EventArgs)

I like your suggestion - and I know we are close.
Thanks again,
Paul

================================================== ========

"Ken Dopierala Jr." wrote:
Hi Paul,

The response I gave you before will do the trick. I didn't know you were
using C#. Here is how to do it.

1) Create a class:

using System;
using System.Web;
using System.Web.UI;

public class MyBasePage : System.Web.UI.Page {

override void OnLoad(System.EventArgs e) {
if (User.Identity.IsAuthenticated == false) {
Response.Redirect("Login.aspx");
}
}

}

2) Declare protected pages like this:

public class ProtectedPage : MyBasePage {
}

3) Declare public pages like this:

public class PublicPage : System.Web.UI.Page {
}

If your user isn't logged in and goes to a protected page he will be
redirected to the login page. Any page that derives from System.Web.UI.Page
will let everyone see it. In your Web.config make sure your <authorization>
tag looks like this:

<authorization>
<allow users="*" />
</authorization>

Here is a tutorial on roles based:

http://www.xoc.net/works/tips/forms-authentication.asp

Roles based lets you protect entire folders based on user type. You still
have them sign up and when they do you assign them a role. With the code
above you can implement it the way they are doing it in your example. Good
luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

Jul 21 '05 #6
Hi Paul,

Try:

protected override void OnLoad(System.EventArgs e)

Instead of:

override void OnLoad(System.EventArgs e)

I think it needs to be that, this way derived classes can call it. You also
might need to put: MyBase.OnLoad(e) as the first line in the page load event
of your derived classes but I'm not totally sure. I'm also not sure if C#
uses MyBase or something else to reach it's parent class. Ken.

"PaulThomas" <Pa********@discussions.microsoft.com> wrote in message
news:C3**********************************@microsof t.com...
I did exactly as you said - but I get the following errors:
CODE - in MyBasePage
override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : virtual or abstract members
cannot be private

CODE - in MyBasePage
public override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : cannot change access modifiers when overriding 'protected' inherited member
'System.Web.UI.Control.OnLoad(System.EventArgs)

I like your suggestion - and I know we are close.
Thanks again,
Paul

================================================== ========

"Ken Dopierala Jr." wrote:
Hi Paul,

The response I gave you before will do the trick. I didn't know you were using C#. Here is how to do it.

1) Create a class:

using System;
using System.Web;
using System.Web.UI;

public class MyBasePage : System.Web.UI.Page {

override void OnLoad(System.EventArgs e) {
if (User.Identity.IsAuthenticated == false) {
Response.Redirect("Login.aspx");
}
}

}

2) Declare protected pages like this:

public class ProtectedPage : MyBasePage {
}

3) Declare public pages like this:

public class PublicPage : System.Web.UI.Page {
}

If your user isn't logged in and goes to a protected page he will be
redirected to the login page. Any page that derives from System.Web.UI.Page will let everyone see it. In your Web.config make sure your <authorization> tag looks like this:

<authorization>
<allow users="*" />
</authorization>

Here is a tutorial on roles based:

http://www.xoc.net/works/tips/forms-authentication.asp

Roles based lets you protect entire folders based on user type. You still have them sign up and when they do you assign them a role. With the code above you can implement it the way they are doing it in your example. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

Jul 21 '05 #7
Hi Paul,

Try:

protected override void OnLoad(System.EventArgs e)

Instead of:

override void OnLoad(System.EventArgs e)

I think it needs to be that, this way derived classes can call it. You also
might need to put: MyBase.OnLoad(e) as the first line in the page load event
of your derived classes but I'm not totally sure. I'm also not sure if C#
uses MyBase or something else to reach it's parent class. Ken.

"PaulThomas" <Pa********@discussions.microsoft.com> wrote in message
news:C3**********************************@microsof t.com...
I did exactly as you said - but I get the following errors:
CODE - in MyBasePage
override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : virtual or abstract members
cannot be private

CODE - in MyBasePage
public override void OnLoad(System.EventArgs e)
{
if (User.Identity.IsAuthenticated == false)
{
Response.Redirect("Login.aspx");
}
}
ERROR - MyBasePage.OnLoad(System.EventArgs) : cannot change access modifiers when overriding 'protected' inherited member
'System.Web.UI.Control.OnLoad(System.EventArgs)

I like your suggestion - and I know we are close.
Thanks again,
Paul

================================================== ========

"Ken Dopierala Jr." wrote:
Hi Paul,

The response I gave you before will do the trick. I didn't know you were using C#. Here is how to do it.

1) Create a class:

using System;
using System.Web;
using System.Web.UI;

public class MyBasePage : System.Web.UI.Page {

override void OnLoad(System.EventArgs e) {
if (User.Identity.IsAuthenticated == false) {
Response.Redirect("Login.aspx");
}
}

}

2) Declare protected pages like this:

public class ProtectedPage : MyBasePage {
}

3) Declare public pages like this:

public class PublicPage : System.Web.UI.Page {
}

If your user isn't logged in and goes to a protected page he will be
redirected to the login page. Any page that derives from System.Web.UI.Page will let everyone see it. In your Web.config make sure your <authorization> tag looks like this:

<authorization>
<allow users="*" />
</authorization>

Here is a tutorial on roles based:

http://www.xoc.net/works/tips/forms-authentication.asp

Roles based lets you protect entire folders based on user type. You still have them sign up and when they do you assign them a role. With the code above you can implement it the way they are doing it in your example. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

Jul 21 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Gary D. Rezek | last post by:
Hi All, I've got a set of asp pages used to register students into the ResNet database. Testing things out under different browser security settings I ran into a problem. The following buttons.......
1
by: Sam Vanderstraeten | last post by:
Hi all, My situation: - VB.net & Visual Studio 2002 - IIS 6.0 - Windows XP Pro (development) and Windows 2000 server (release) I created a test-application (before I started to develop the...
2
by: MW | last post by:
Hi, I'm trying to secure my application. I'm using forms authentication and I check passwords against a database. I have a login.aspx page in the root of my application, pages that I want...
5
by: Chris Zoper | last post by:
Hello, Norton Internet Security blocks some of my ASP.NET pages. The pages are very 'normal' pages though. There is no 'dangerous' code in it or something like that. Also, the page is not in a...
3
by: Mike Logan | last post by:
Questions about Role Based Security in ASP.Net: I have a few questions about role based security in an ASP.Net application. Below are some points about our system: - We have a hierarchical...
0
by: honcho | last post by:
My ASP.NET web application has a flaw that produces false security-violation alarms. There are several categories of users for this web site, e.g. Colonels, Sergeants, Private_1s, and...
3
by: PaulThomas | last post by:
I am fighting with XP-Pro and VS.Net trying to allow some of the pages in my application to be accessable by 'all' I am using <authentication mode="Forms" /> and if I Login - everything works...
4
by: tony | last post by:
I'm designing a survey form page that will be fairly complex and am becoming confident enough with PHP now to tackle most things. (Thanks to everyone here who has helped) Before I go too far...
9
by: transpar3nt | last post by:
Hello all, first time poster, long time reader. I have been studying PHP and web development for a while now but have never taken on a paid project with it until now. I have been asked by a...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.