Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   web.config and authentication problem. (http://www.velocityreviews.com/forums/t766203-web-config-and-authentication-problem.html)

Shailesh 06-10-2004 03:59 PM

web.config and authentication problem.
 
Hello there!

I have developed a .net web application. In this I am having some .aspx files and one web.config file. All the files are in same folder. In my web.config file I set authentication mode as 'Forms'. I also have login.aspx fine in my app. Now when I try to access any page directely (without enter UID/PWD) I am not redirected to login.aspx. Below is my web.config code

<authentication mode="Forms">
<forms name="testApp" path="/" loginUrl="login.aspx" protection="All" timeout="30">
<credentials passwordFormat="Clear">
<user name="user1" password="pwd1" />
<user name="user2" password="pwd2" />
<user name="user3" password="pwd3 />
</credentials>
</forms>
</authentication>

<authorization>
<allow users="user1,user2" />
<deny users="user2" />
</authorization>

Withour entering my UID/PWD in my login.aspx file I can access any pages, I am not getting how is it happening? Can any body help me.

Thanking you.
Shail

ranganh 06-11-2004 04:26 AM

RE: web.config and authentication problem.
 
Dear Shailesh,

you have to give the attribute

<deny users="?" />

currently you have denied only user2. that means, you are denying only him.

deny users="?" will deny all unauthenticated users.

hope it helps.




"Shailesh" wrote:

> Hello there!
>
> I have developed a .net web application. In this I am having some .aspx files and one web.config file. All the files are in same folder. In my web.config file I set authentication mode as 'Forms'. I also have login.aspx fine in my app. Now when I try to access any page directely (without enter UID/PWD) I am not redirected to login.aspx. Below is my web.config code
>
> <authentication mode="Forms">
> <forms name="testApp" path="/" loginUrl="login.aspx" protection="All" timeout="30">
> <credentials passwordFormat="Clear">
> <user name="user1" password="pwd1" />
> <user name="user2" password="pwd2" />
> <user name="user3" password="pwd3 />
> </credentials>
> </forms>
> </authentication>
>
> <authorization>
> <allow users="user1,user2" />
> <deny users="user2" />
> </authorization>
>
> Withour entering my UID/PWD in my login.aspx file I can access any pages, I am not getting how is it happening? Can any body help me.
>
> Thanking you.
> Shail


Shailesh 06-11-2004 12:57 PM

RE: web.config and authentication problem.
 
Hi, Ranganh,

Its works absolutely fine now.

Thanx for your reply.
Shail.

"ranganh" wrote:

> Dear Shailesh,
>
> you have to give the attribute
>
> <deny users="?" />
>
> currently you have denied only user2. that means, you are denying only him.
>
> deny users="?" will deny all unauthenticated users.
>
> hope it helps.
>
>
>
>
> "Shailesh" wrote:
>
> > Hello there!
> >
> > I have developed a .net web application. In this I am having some .aspx files and one web.config file. All the files are in same folder. In my web.config file I set authentication mode as 'Forms'. I also have login.aspx fine in my app. Now when I try to access any page directely (without enter UID/PWD) I am not redirected to login.aspx. Below is my web.config code
> >
> > <authentication mode="Forms">
> > <forms name="testApp" path="/" loginUrl="login.aspx" protection="All" timeout="30">
> > <credentials passwordFormat="Clear">
> > <user name="user1" password="pwd1" />
> > <user name="user2" password="pwd2" />
> > <user name="user3" password="pwd3 />
> > </credentials>
> > </forms>
> > </authentication>
> >
> > <authorization>
> > <allow users="user1,user2" />
> > <deny users="user2" />
> > </authorization>
> >
> > Withour entering my UID/PWD in my login.aspx file I can access any pages, I am not getting how is it happening? Can any body help me.
> >
> > Thanking you.
> > Shail



All times are GMT. The time now is 08:02 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.