Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Forms Authentication for only selected webforms? How to do this

Reply
Thread Tools

Forms Authentication for only selected webforms? How to do this

 
 
Rich
Guest
Posts: n/a
 
      03-16-2005
Hi,

I might have missed this perhaps, but here's my query:

I am presently designing a site that is for public use in general. However,
several forms (pages) I need authentication from members.

For example: default.aspx is allowed for everyone, but members.aspx isn't
(and so are various pages)

So when public users try to access the members.aspx site, they will need to
log in. (typically on login.aspx)

If I use Forms-authentication, normally ALL requested pages will be
re-directed to the generic login.aspx page, on which the user credentials are
checked. This scenario will not work for me.

My main question is therefore, while using forms-authentication, can I setup
my default.aspx in such a way that it will NOT redirect to login.aspx when a
public user requests it? Would there be a property or such that I can set,
for example, so that requests to default.aspx will sort of bypass the
form-authentication mechanism.

Alternatively, I could check user credentials in every page.load-event in a
some kind of custom-security way, and deal with redirection to login.aspx
from there, but i guess I need to be sure whether nothing already exists that
deals with this while using forms-authentication.

Appreciate any feedback, tips, and comments etc...


 
Reply With Quote
 
 
 
 
Brock Allen
Guest
Posts: n/a
 
      03-16-2005
If you want to selectively configure authorization use the <location> element
in web.config. It allows you to change settings for a specific path:

<configuration>
<system.web>.....</system.web>

<location path="default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

<location path="admin.aspx">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>

</configuration>

-Brock
DevelopMentor
http://staff.develop.com/ballen



> Hi,
>
> I might have missed this perhaps, but here's my query:
>
> I am presently designing a site that is for public use in general.
> However, several forms (pages) I need authentication from members.
>
> For example: default.aspx is allowed for everyone, but members.aspx
> isn't (and so are various pages)
>
> So when public users try to access the members.aspx site, they will
> need to log in. (typically on login.aspx)
>
> If I use Forms-authentication, normally ALL requested pages will be
> re-directed to the generic login.aspx page, on which the user
> credentials are checked. This scenario will not work for me.
>
> My main question is therefore, while using forms-authentication, can I
> setup my default.aspx in such a way that it will NOT redirect to
> login.aspx when a public user requests it? Would there be a property
> or such that I can set, for example, so that requests to default.aspx
> will sort of bypass the form-authentication mechanism.
>
> Alternatively, I could check user credentials in every page.load-event
> in a some kind of custom-security way, and deal with redirection to
> login.aspx from there, but i guess I need to be sure whether nothing
> already exists that deals with this while using forms-authentication.
>
> Appreciate any feedback, tips, and comments etc...
>




 
Reply With Quote
 
 
 
 
Rich
Guest
Posts: n/a
 
      03-16-2005
Thanks! This is great help. I'm going to try that out, and am sure it will
solve my little problem.

Cheers!
Richard

"Brock Allen" wrote:

> If you want to selectively configure authorization use the <location> element
> in web.config. It allows you to change settings for a specific path:
>
> <configuration>
> <system.web>.....</system.web>
>
> <location path="default.aspx">
> <system.web>
> <authorization>
> <allow users="*" />
> </authorization>
> </system.web>
> </location>
>
> <location path="admin.aspx">
> <system.web>
> <authorization>
> <allow roles="Admin" />
> <deny users="*" />
> </authorization>
> </system.web>
> </location>
>
> </configuration>
>
> -Brock
> DevelopMentor
> http://staff.develop.com/ballen
>
>
>
> > Hi,
> >
> > I might have missed this perhaps, but here's my query:
> >
> > I am presently designing a site that is for public use in general.
> > However, several forms (pages) I need authentication from members.
> >
> > For example: default.aspx is allowed for everyone, but members.aspx
> > isn't (and so are various pages)
> >
> > So when public users try to access the members.aspx site, they will
> > need to log in. (typically on login.aspx)
> >
> > If I use Forms-authentication, normally ALL requested pages will be
> > re-directed to the generic login.aspx page, on which the user
> > credentials are checked. This scenario will not work for me.
> >
> > My main question is therefore, while using forms-authentication, can I
> > setup my default.aspx in such a way that it will NOT redirect to
> > login.aspx when a public user requests it? Would there be a property
> > or such that I can set, for example, so that requests to default.aspx
> > will sort of bypass the form-authentication mechanism.
> >
> > Alternatively, I could check user credentials in every page.load-event
> > in a some kind of custom-security way, and deal with redirection to
> > login.aspx from there, but i guess I need to be sure whether nothing
> > already exists that deals with this while using forms-authentication.
> >
> > Appreciate any feedback, tips, and comments etc...
> >

>
>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
Forms authentication - Multiple login forms based on directory acc Keltex ASP .Net Security 1 01-24-2006 03:06 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments