Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Forms Authorization

Thread Tools

Forms Authorization

Alex Dinu
Posts: n/a
I'm setting up my authorization in web.config to reject
everybody and allow users with a specific role to a folder.

When a user that does not have the role somehow ends up
requesting a page in the restricted folder, I get the
login page, which is what I expect.

When they log in again, it actually redirects the user to
view the page which the user was just rejected from

Assuming that it's not a caching issue, my thinking is
that the role is still not given to the user the second
time they log on, so they should be re-directed to the
login page again.

I'm keeping the principal data in a cookie which is
written to the ticket in the logon and in
Application_AuthenticationRequest method in Global.asax to
make sure the cookie timeout is refreshed on all

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
URL Authorization does not override File Authorization? SeanRW ASP .Net Security 1 05-25-2006 06:18 AM
cannot use stylesheet while using authorization mode forms and deny users=* Alper Özgür ASP .Net 0 05-15-2006 12:21 PM
Master pages and Forms Authorization gilly3 ASP .Net 1 03-26-2006 06:44 AM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Forms authorization cookie always set to expire in 2055? Amil ASP .Net 4 07-22-2005 10:14 PM