Re: web.config roles
- From: Andrew <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 31 Mar 2006 00:09:01 -0800
Hi,
I should have said that I am still using aspnet1.0.
I did as u suggested n i got an error saying that "Threat is being aborted"
when it hits the "Response.Redirect" line in my UserLogin.aspx page, it then
jumps to my catch(Exception ex) error handler. I put here an excerpt of my
login page:
string returnUrl = Request.QueryString["ReturnUrl"];
if (returnUrl == null) returnUrl = "UserLogin.aspx";
lblMessage.Text = returnUrl;
Response.Redirect(returnUrl);
When using the debugger I could see that the returnURL value is:
/MainFolder/FolderA/AdminMenu.aspx
which is correct.
Dun know why.. Help ??
regards,
andrew
"DWS" wrote:
Andrew,.
Yeah, your on right track and I have divined that you've used the asp.net
configuration tool security tab because you have a web.config file in your
sub folder.
Proplem:
deny users="?" reads deny users that aren't authenticated to asp.net once
logged in they could go to the admin folder.
Solution: deny users="*" wild card to exclude everyone.
The authorization works top to bottom your in or your out. There is no
middle ground logical processing so you have to allow admin first then deny
everyone.
Your new web.config for the admin folder.
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0";>
<system.web>
<authorization>
<allow roles="Admin"/> /*admin is allowed */
<deny users="*"/> /* man nobody gets by the wildcard */
</authorization>
</system.web>
</configuration>
Try it watch how asp.net adds a query string "ReturnUrL" to redirect after
login. Cool stuff it will pick up the location of the login page from the
root web.config and automatically redirect there if it needs to, once you log
in asp.net will automatically redirect you back to the page that needs
authentication like any page in the admin folder.
Good Luck
DWS
"Andrew" wrote:
hi,
thanks for your reply.
what i have tried is to use a role based authorization.
I have 3 web.config files, one in the main folder n one each in the 2
subfolders.
My main web.config has:
<authentication mode="Forms">
<forms name="logincookie" path="/" loginUrl="UserLogin.aspx?Action=login"
protection="All" timeout="60" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<location path="default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
my subfolder web.config has:
<authentication mode="Forms">
<forms name="logincookie" path="/"
loginUrl="../UserLogin.aspx?Action=login" protection="All" timeout="20" />
</authentication>
<authorization>
<deny users="?"/>
<allow roles="Admin"/>
</authorization>
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
<allow roles="Admin"/>
</authorization>
</system.web>
</location>
Any help appreciated. Am I on the right track ?
regards,
andrew
"Patrick.O.Ige" wrote:
You can use location path like below.
You can even add for example admin.aspx page to the location path.
then deny users or allow users
<configuration>
<appSettings/>
<connectionStrings/>
<location path="Admin">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Users">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" />
<authentication mode="Forms">
<forms loginUrl ="Login.aspx" timeout ="10">
</forms>
</authentication>
</system.web>
</configuration
Patrick
"Andrew" <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0507CABC-6604-4DD7-A21D-A069E6084525@xxxxxxxxxxxxxxxx
Hi,
I have a default.aspx which allows the user to choose between module Admin
and module B. When the user clicks either one, he will be redirected to a
FormsAuthentication login page. The problem I have is that currently,
users
of one module are able to access the other since I have only 1 login page.
How do I prevent this ?
I am not sure how to go about configuring the web.config file for having 2
modules that have a separate set of users for each. The files are all in
the
same directory.
I've written the code for the login using the genericprincipal class etc.
However, I got the error at "Thread was aborted" on my Login.aspx. I can't
figure out why. The debugger jumps to the exception at the
"Response.Redirect" (last) line:
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,
(string)Session["UserLoginName"], DateTime.Now,
DateTime.Now.AddMinutes(30),
false, (string)Session["UserDomain"]);
// Encrypt the ticket
string encryptedTicket = FormsAuthentication.Encrypt(authTicket);
// Create a cookie and add the encrypted ticket as data
HttpCookie authCookie = new
HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
// Add the cookie to the outgoing cookies collection
Response.Cookies.Add(authCookie);
Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUserName.Text,
true));
Am I on the right path ? Any help appreaciated.
regards,
andrew
- References:
- Re: web.config roles
- From: Patrick.O.Ige
- Re: web.config roles
- From: Andrew
- Re: web.config roles
- From: DWS
- Re: web.config roles
- Prev by Date: Re: Get mouse position in control.
- Next by Date: Re: How to access input fields written into a label field
- Previous by thread: Re: web.config roles
- Next by thread: Why Repeater.ItemCreated is fired before Page_Load on postback
- Index(es):
Relevant Pages
|
