Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > FormAuthentication on ascx files

Reply
Thread Tools

FormAuthentication on ascx files

 
 
Joey Lee
Guest
Posts: n/a
 
      12-05-2004
Hi,

I have a default.aspx page which has PlaceHolder where it will call
different *.acx file based on the request url.
eg http://localhost/default.aspx?module=home
will put a home.ascx in the place holder
and
eg http://localhost/default.aspx?module=admin
will put a admin.ascx in the place holder

both the home and admin have its own folder respectively, where home.ascx is
in /home folder and admin.ascx is in /admin folder.

So I would like to implement form authentication, that if the user is not
authenticated, when the default page is called with the parameter of
module=admin, the user will be rejected.

As normal i will create another web.config file in the folder and restrict
all user which is not authenticated. However this did not work in my case
where the page which is invoked is the default.aspx page regardless of all
the .ascx files that are called.

From the look of it only if i create an aspx file in the admin folder and
call it like
http://localhost/admin/admin.aspx then the authentication will work where
the user is rejected.

Is there any way to use form authentication for this?, or would I have to do
a different set of coding in the default page which will check if the ascx
page being called is retricted or not?

Or, would it be my design is totally wrong where i shouldn't have only a
single aspx file calling different "module" which are totally coded as ascx
files?

Thanks in advance.

Joey


 
Reply With Quote
 
 
 
 
ranganh
Guest
Posts: n/a
 
      12-06-2004


Dear Joey,

Your idea is good. But it doenst work as with normal when it comes to ascx
files. Basically ascx files are not pages but parts of a page and they are
rendered before the page is rendered.

One way to restrict users would be is to put the following code in the
codebehind of the usercontrol's page_load event as

If(! Page.User.Identity.IsAuthenticated)
{
Response.Redirect("LoginPage.aspx");
}

This should help you in filtering anonymous calls to admin sections.

Does that help.


"Joey Lee" wrote:

> Hi,
>
> I have a default.aspx page which has PlaceHolder where it will call
> different *.acx file based on the request url.
> eg http://localhost/default.aspx?module=home
> will put a home.ascx in the place holder
> and
> eg http://localhost/default.aspx?module=admin
> will put a admin.ascx in the place holder
>
> both the home and admin have its own folder respectively, where home.ascx is
> in /home folder and admin.ascx is in /admin folder.
>
> So I would like to implement form authentication, that if the user is not
> authenticated, when the default page is called with the parameter of
> module=admin, the user will be rejected.
>
> As normal i will create another web.config file in the folder and restrict
> all user which is not authenticated. However this did not work in my case
> where the page which is invoked is the default.aspx page regardless of all
> the .ascx files that are called.
>
> From the look of it only if i create an aspx file in the admin folder and
> call it like
> http://localhost/admin/admin.aspx then the authentication will work where
> the user is rejected.
>
> Is there any way to use form authentication for this?, or would I have to do
> a different set of coding in the default page which will check if the ascx
> page being called is retricted or not?
>
> Or, would it be my design is totally wrong where i shouldn't have only a
> single aspx file calling different "module" which are totally coded as ascx
> files?
>
> Thanks in advance.
>
> Joey
>
>
>

 
Reply With Quote
 
 
 
 
Joey Lee
Guest
Posts: n/a
 
      12-06-2004
Thanks. That helps.

However i am wondering what does it mean by "form authentication protects
ascx files as well as all other a* files " which i read on the internet.

Joey

"ranganh" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
>
> Dear Joey,
>
> Your idea is good. But it doenst work as with normal when it comes to

ascx
> files. Basically ascx files are not pages but parts of a page and they

are
> rendered before the page is rendered.
>
> One way to restrict users would be is to put the following code in the
> codebehind of the usercontrol's page_load event as
>
> If(! Page.User.Identity.IsAuthenticated)
> {
> Response.Redirect("LoginPage.aspx");
> }
>
> This should help you in filtering anonymous calls to admin sections.
>
> Does that help.
>
>
> "Joey Lee" wrote:
>
> > Hi,
> >
> > I have a default.aspx page which has PlaceHolder where it will call
> > different *.acx file based on the request url.
> > eg http://localhost/default.aspx?module=home
> > will put a home.ascx in the place holder
> > and
> > eg http://localhost/default.aspx?module=admin
> > will put a admin.ascx in the place holder
> >
> > both the home and admin have its own folder respectively, where

home.ascx is
> > in /home folder and admin.ascx is in /admin folder.
> >
> > So I would like to implement form authentication, that if the user is

not
> > authenticated, when the default page is called with the parameter of
> > module=admin, the user will be rejected.
> >
> > As normal i will create another web.config file in the folder and

restrict
> > all user which is not authenticated. However this did not work in my

case
> > where the page which is invoked is the default.aspx page regardless of

all
> > the .ascx files that are called.
> >
> > From the look of it only if i create an aspx file in the admin folder

and
> > call it like
> > http://localhost/admin/admin.aspx then the authentication will work

where
> > the user is rejected.
> >
> > Is there any way to use form authentication for this?, or would I have

to do
> > a different set of coding in the default page which will check if the

ascx
> > page being called is retricted or not?
> >
> > Or, would it be my design is totally wrong where i shouldn't have only a
> > single aspx file calling different "module" which are totally coded as

ascx
> > files?
> >
> > Thanks in advance.
> >
> > Joey
> >
> >
> >



 
Reply With Quote
 
ranganh
Guest
Posts: n/a
 
      12-10-2004

It refers to that forms authentication protects by default, the files
handled by asp.net (aspnet_isapil.dll) such as aspx, ascx so that you dont
have to exclusively map the extensions to be handled by asp.net

Ok, say you want to protect a doc from being downloaded then along with
forms authentication, you also need to specify the handler in the IIS to make
asp.net handle the request for the doc type file. Else, it will be ignored
and will be downloaded regardless of whether the user is logged in or not.

Hope it clarifies.

"Joey Lee" wrote:

> Thanks. That helps.
>
> However i am wondering what does it mean by "form authentication protects
> ascx files as well as all other a* files " which i read on the internet.
>
> Joey
>
> "ranganh" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >
> >
> > Dear Joey,
> >
> > Your idea is good. But it doenst work as with normal when it comes to

> ascx
> > files. Basically ascx files are not pages but parts of a page and they

> are
> > rendered before the page is rendered.
> >
> > One way to restrict users would be is to put the following code in the
> > codebehind of the usercontrol's page_load event as
> >
> > If(! Page.User.Identity.IsAuthenticated)
> > {
> > Response.Redirect("LoginPage.aspx");
> > }
> >
> > This should help you in filtering anonymous calls to admin sections.
> >
> > Does that help.
> >
> >
> > "Joey Lee" wrote:
> >
> > > Hi,
> > >
> > > I have a default.aspx page which has PlaceHolder where it will call
> > > different *.acx file based on the request url.
> > > eg http://localhost/default.aspx?module=home
> > > will put a home.ascx in the place holder
> > > and
> > > eg http://localhost/default.aspx?module=admin
> > > will put a admin.ascx in the place holder
> > >
> > > both the home and admin have its own folder respectively, where

> home.ascx is
> > > in /home folder and admin.ascx is in /admin folder.
> > >
> > > So I would like to implement form authentication, that if the user is

> not
> > > authenticated, when the default page is called with the parameter of
> > > module=admin, the user will be rejected.
> > >
> > > As normal i will create another web.config file in the folder and

> restrict
> > > all user which is not authenticated. However this did not work in my

> case
> > > where the page which is invoked is the default.aspx page regardless of

> all
> > > the .ascx files that are called.
> > >
> > > From the look of it only if i create an aspx file in the admin folder

> and
> > > call it like
> > > http://localhost/admin/admin.aspx then the authentication will work

> where
> > > the user is rejected.
> > >
> > > Is there any way to use form authentication for this?, or would I have

> to do
> > > a different set of coding in the default page which will check if the

> ascx
> > > page being called is retricted or not?
> > >
> > > Or, would it be my design is totally wrong where i shouldn't have only a
> > > single aspx file calling different "module" which are totally coded as

> ascx
> > > files?
> > >
> > > Thanks in advance.
> > >
> > > Joey
> > >
> > >
> > >

>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Storing Role And User Id in UserData of FormAuthentication Jamie Pollard ASP .Net 4 07-15-2005 11:49 AM
Need help in FrameBased FormAuthentication Pradeep Sabharwal ASP .Net 2 12-10-2004 09:35 AM
Strange behaviour with formauthentication and breakpoints T-Bone ASP .Net 1 11-24-2004 01:46 PM
Multiple *.ascx files with a single *.ascx.cs in VS.NET 2003 Holger (David) Wagner ASP .Net 2 07-03-2004 09:23 AM
Timeout not working for Formauthentication tfs ASP .Net 1 06-27-2004 07:02 AM



Advertisments