Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > page vs directory security

Reply
Thread Tools

page vs directory security

 
 
js
Guest
Posts: n/a
 
      11-23-2005
I am trying to use the form futhentication where the configuration
parameters are specified in web.config in my application root directory
"/".

My applciation has secured pages and public pages scatter in various
directory, and the start page (main.aspx) is public page with a logon
button to control the accessibility of secured pages. When I use the
following configuration, I will get "Server Error in "/" Applciation.
How to set the Web.config so that it will redirect user to login.aspx
discretionally when accessing secured page. Thanks.

<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="Off" />

<authentication mode="Forms" />
<authorization>
<deny users="?" />
</authorization>
<forms name=".ASPXCOOKIEDEMO"
loginUrl="Login.aspx" protection="all" timeout="30" path="/">
</forms>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState cookieless="true" timeout="20" />
</system.web>

 
Reply With Quote
 
 
 
 
Wouter van Vugt
Guest
Posts: n/a
 
      11-23-2005
Hi,

use the following config file to redirect a user to Login.aspx:

<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"/>
</authentication>
</system.web>

Grtz, Wouter van Vugt,
Trainer Info Support - www.infosupport.com
www.dive-in-it.nl

 
Reply With Quote
 
 
 
 
js
Guest
Posts: n/a
 
      11-24-2005
Thanks but it doesn't work. I think this configuration is for entire
site but not for just secured pages.

 
Reply With Quote
 
Wouter van Vugt
Guest
Posts: n/a
 
      11-24-2005

js schreef:

> Thanks but it doesn't work. I think this configuration is for entire
> site but not for just secured pages.


Hi JS,

sorry to say, it does work. When a user hits a protected page,(using
the authorization element in the web.config), the framework will auto
redirect to the login page specified like i said. If you want to secure
just a directory, add an extra config file to that directory and
specify the security settings in there.

Grtz, Wouter

 
Reply With Quote
 
Patrick.O.Ige
Guest
Posts: n/a
 
      11-24-2005
You must be missing something
IT DOES WORK

"js" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Thanks but it doesn't work. I think this configuration is for entire
> site but not for just secured pages.
>



 
Reply With Quote
 
na
Guest
Posts: n/a
 
      11-24-2005
Ok. It worked that upon hiting my website the request is redirected to
the Login.aspx, but I only need the visitors to login when they request
any secured page. After they login, their credentials are persisted
during the active session, they WON'T see the Login.aspx again. By
configuring the way you suggested, the first thing user sees is the
Login.aspx.

Say, my web site URL is http://www.mywebsite.com which contains
Main.aspx (the default page, no login required),
\directory1\Public1.aspx, \directory1\Private2.aspx,
\directory2\Public3.aspx, \directory2\Private4.aspx. When a user hits
the URL, they will see the Main.aspx, they should NOT see Login.aspx.
Neither should they see the Login.aspx when they click the links or
buttons of Public1.aspx or Public3.aspx. ONLY when they click the links
or buttons of Private2.aspx or Private4.aspx will they be asked to
login.

Hope this explains my situation. Thanks.


*** Sent via Developersdex http://www.developersdex.com ***
 
Reply With Quote
 
na
Guest
Posts: n/a
 
      11-28-2005
Well, I figured it out. I just added <location> tags for those pages
that are public. The following is partail of my Web.config setting.

<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="RemoteOnly" />
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState cookieless="true" timeout="20" />
<authentication mode="Forms">
<forms name="my_Authorization"
loginUrl="Login.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="false">
<credentials passwordFormat = "SHA1"/>
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>

<location path="main.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

<location path="directory1/public1.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>

<location path="directory2/public3.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>




*** Sent via Developersdex http://www.developersdex.com ***
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
System.IO.Directory.GetDirectories() and System.IO.Directory.GetFiles() are not returning the specified directory Nathan Sokalski ASP .Net 2 09-06-2007 03:58 PM
Virtual directory error: "directory does not exist or is not accessible because of security settings" Dave ASP .Net 1 10-24-2005 02:05 AM
Server cannot access application directory... The directory does not exist or is not accessible because of security settings. ASP .Net Security 1 05-21-2004 03:47 PM
question regarding overriding of web.config in the root directory..in a web app in a virtual directory dotnetprogram ASP .Net 1 12-27-2003 06:02 AM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM



Advertisments