|
Any way to have a .Net application not let a .html document go through unless they have logged in?
I have a web site with a page on it (index.html) that is used for our
internal users but is on a public web site. Currently the entire directory is password protected through IIS. Problem is - everybody uses the same User ID/Password. So I was going to do the normal Forms Authentication that would force somebody to log in. Got all that to work. If they enter an invalid password - all works fine. They log in correctly and it takes them to index.html. Problem is, if they go directly to index.html it let's them in. Anyway to stop this from happening. I have <deny users="?" /> in my web.config. This is in .Net 2.0 btw. TIA - Jeff. |
Re: Any way to have a .Net application not let a .html document go through unless they have logged in?
You can set up an HttpHandler for the HTML pages that forces the user
through the same authentication process. I would do a search for HTTP Handler to find examples. This is, in essence, like an ISAPI filter. -- Gregory A. Beamer MVP; MCP: +I, SE, SD, DBA http://gregorybeamer.spaces.live.com ********************************************* Think outside the box! ********************************************* "Mufasa" <jb@nowhere.com> wrote in message news:O8vxtzdfHHA.4156@TK2MSFTNGP02.phx.gbl... >I have a web site with a page on it (index.html) that is used for our >internal users but is on a public web site. Currently the entire directory >is password protected through IIS. Problem is - everybody uses the same >User ID/Password. > > So I was going to do the normal Forms Authentication that would force > somebody to log in. Got all that to work. If they enter an invalid > password - all works fine. They log in correctly and it takes them to > index.html. > > Problem is, if they go directly to index.html it let's them in. Anyway to > stop this from happening. I have <deny users="?" /> in my web.config. > > This is in .Net 2.0 btw. > > TIA - Jeff. > > |
Re: Any way to have a .Net application not let a .html document go through unless they have logged in?
On Apr 13, 11:03 am, "Mufasa" <j...@nowhere.com> wrote:
> I have a web site with a page on it (index.html) that is used for our > internal users but is on a public web site. Currently the entire directory > is password protected through IIS. Problem is - everybody uses the same User > ID/Password. > > So I was going to do the normal Forms Authentication that would force > somebody to log in. Got all that to work. If they enter an invalid > password - all works fine. They log in correctly and it takes them to > index.html. > > Problem is, if they go directly to index.html it let's them in. Anyway to > stop this from happening. I have <deny users="?" /> in my web.config. Why don't you just make index.html a .NET page? |
Re: Any way to have a .Net application not let a .html document go through unless they have logged in?
I don't have control over the html page. It's being done by a secretary
through DreamWeaver. "Larry Bud" <larrybud2002@yahoo.com> wrote in message news:1176478170.716882.234740@n59g2000hsh.googlegr oups.com... > On Apr 13, 11:03 am, "Mufasa" <j...@nowhere.com> wrote: >> I have a web site with a page on it (index.html) that is used for our >> internal users but is on a public web site. Currently the entire >> directory >> is password protected through IIS. Problem is - everybody uses the same >> User >> ID/Password. >> >> So I was going to do the normal Forms Authentication that would force >> somebody to log in. Got all that to work. If they enter an invalid >> password - all works fine. They log in correctly and it takes them to >> index.html. >> >> Problem is, if they go directly to index.html it let's them in. Anyway to >> stop this from happening. I have <deny users="?" /> in my web.config. > > Why don't you just make index.html a .NET page? > > > |
Re: Any way to have a .Net application not let a .html document go through unless they have logged in?
Thanks. I'll look for that.
"Cowboy (Gregory A. Beamer)" <NoSpamMgbworld@comcast.netNoSpamM> wrote in message news:A3277343-4A78-4D9B-8A43-336D2B8030C7@microsoft.com... > You can set up an HttpHandler for the HTML pages that forces the user > through the same authentication process. I would do a search for HTTP > Handler to find examples. This is, in essence, like an ISAPI filter. > > -- > Gregory A. Beamer > MVP; MCP: +I, SE, SD, DBA > http://gregorybeamer.spaces.live.com > > ********************************************* > Think outside the box! > ********************************************* > "Mufasa" <jb@nowhere.com> wrote in message > news:O8vxtzdfHHA.4156@TK2MSFTNGP02.phx.gbl... >>I have a web site with a page on it (index.html) that is used for our >>internal users but is on a public web site. Currently the entire directory >>is password protected through IIS. Problem is - everybody uses the same >>User ID/Password. >> >> So I was going to do the normal Forms Authentication that would force >> somebody to log in. Got all that to work. If they enter an invalid >> password - all works fine. They log in correctly and it takes them to >> index.html. >> >> Problem is, if they go directly to index.html it let's them in. Anyway to >> stop this from happening. I have <deny users="?" /> in my web.config. >> >> This is in .Net 2.0 btw. >> >> TIA - Jeff. >> >> > |
Re: Any way to have a .Net application not let a .html document go through unless they have logged in?
On Fri, 13 Apr 2007 13:03:32 -0400, Mufasa wrote:
> I don't have control over the html page. It's being done by a secretary > through DreamWeaver. > > "Larry Bud" <larrybud2002@yahoo.com> wrote in message Still, she can just rename it to aspx. It would not be any different to her but it would make a difference on the server -- Bits.Bytes http://bytes.thinkersroom.com |
Re: Any way to have a .Net application not let a .html document go through unless they have logged in?
Jeff,
Make sure you add the protection="All" and path="/". This should solve your problem. <authentication mode="Forms"> <forms name=".Name" loginUrl="~/Login.aspx" timeout="20" defaultUrl="~/index.html" protection="All" path="/"/> </authentication> "Mufasa" <jb@nowhere.com> wrote in message news:O8vxtzdfHHA.4156@TK2MSFTNGP02.phx.gbl... >I have a web site with a page on it (index.html) that is used for our >internal users but is on a public web site. Currently the entire directory >is password protected through IIS. Problem is - everybody uses the same >User ID/Password. > > So I was going to do the normal Forms Authentication that would force > somebody to log in. Got all that to work. If they enter an invalid > password - all works fine. They log in correctly and it takes them to > index.html. > > Problem is, if they go directly to index.html it let's them in. Anyway to > stop this from happening. I have <deny users="?" /> in my web.config. > > This is in .Net 2.0 btw. > > TIA - Jeff. > > |
Re: Any way to have a .Net application not let a .html document go through unless they have logged in?
This seems to work great. But now I get errors on certain controls -
RequiredFieldValidator and TreeView don't work. Any thoughts? "Kris Lankford" <knlankford@hotmail.com> wrote in message news:D841D6A4-39C2-4186-98EB-106F7AAF6EDE@microsoft.com... > Jeff, > > Make sure you add the protection="All" and path="/". This should solve > your problem. > > <authentication mode="Forms"> > <forms name=".Name" loginUrl="~/Login.aspx" timeout="20" > defaultUrl="~/index.html" protection="All" path="/"/> > </authentication> > > "Mufasa" <jb@nowhere.com> wrote in message > news:O8vxtzdfHHA.4156@TK2MSFTNGP02.phx.gbl... >>I have a web site with a page on it (index.html) that is used for our >>internal users but is on a public web site. Currently the entire directory >>is password protected through IIS. Problem is - everybody uses the same >>User ID/Password. >> >> So I was going to do the normal Forms Authentication that would force >> somebody to log in. Got all that to work. If they enter an invalid >> password - all works fine. They log in correctly and it takes them to >> index.html. >> >> Problem is, if they go directly to index.html it let's them in. Anyway to >> stop this from happening. I have <deny users="?" /> in my web.config. >> >> This is in .Net 2.0 btw. >> >> TIA - Jeff. >> >> |
| All times are GMT. The time now is 07:57 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.