Re: web.config roles
- From: Andrew <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 30 Mar 2006 05:07:02 -0800
i forgot to add that it is not working.
my login page keeps getting redirected back to itself. the url is:
http://localhost/MainFolder/UserLogin.aspx?Action=login&ReturnUrl=%2fMainFolder%2fFolderA%2fxxx.aspx
Note: xxx.aspx is located within FolderA of the MainFolder.
"Andrew" wrote:
hi,.
thanks for your reply.
what i have tried is to use a role based authorization.
I have 3 web.config files, one in the main folder n one each in the 2
subfolders.
My main web.config has:
<authentication mode="Forms">
<forms name="logincookie" path="/" loginUrl="UserLogin.aspx?Action=login"
protection="All" timeout="60" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<location path="default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
my subfolder web.config has:
<authentication mode="Forms">
<forms name="logincookie" path="/"
loginUrl="../UserLogin.aspx?Action=login" protection="All" timeout="20" />
</authentication>
<authorization>
<deny users="?"/>
<allow roles="Admin"/>
</authorization>
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admin"/>
</authorization>
</system.web>
</location>
Any help appreciated. Am I on the right track ?
regards,
andrew
"Patrick.O.Ige" wrote:
You can use location path like below.
You can even add for example admin.aspx page to the location path.
then deny users or allow users
<configuration>
<appSettings/>
<connectionStrings/>
<location path="Admin">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Users">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" />
<authentication mode="Forms">
<forms loginUrl ="Login.aspx" timeout ="10">
</forms>
</authentication>
</system.web>
</configuration
Patrick
"Andrew" <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0507CABC-6604-4DD7-A21D-A069E6084525@xxxxxxxxxxxxxxxx
Hi,
I have a default.aspx which allows the user to choose between module Admin
and module B. When the user clicks either one, he will be redirected to a
FormsAuthentication login page. The problem I have is that currently,
users
of one module are able to access the other since I have only 1 login page.
How do I prevent this ?
I am not sure how to go about configuring the web.config file for having 2
modules that have a separate set of users for each. The files are all in
the
same directory.
I've written the code for the login using the genericprincipal class etc.
However, I got the error at "Thread was aborted" on my Login.aspx. I can't
figure out why. The debugger jumps to the exception at the
"Response.Redirect" (last) line:
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
(string)Session["UserLoginName"], DateTime.Now,
DateTime.Now.AddMinutes(30),
false, (string)Session["UserDomain"]);
// Encrypt the ticket
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket as data
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection
Response.Cookies.Add(authCookie);
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text,
true));
Am I on the right path ? Any help appreaciated.
regards,
andrew
- References:
- Re: web.config roles
- From: Patrick.O.Ige
- Re: web.config roles
- From: Andrew
- Re: web.config roles
- Prev by Date: Re: Bug or Feature ;)
- Next by Date: Literal control doesn't have CssClass property?
- Previous by thread: Re: web.config roles
- Next by thread: Re: web.config roles
- Index(es):
Relevant Pages
|
