Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Login to admin system through login screen only

Reply
Thread Tools

Login to admin system through login screen only

 
 
Colin Graham
Guest
Posts: n/a
 
      04-10-2005
Hi there,

I have an issue relating to login to my asp.net application. Basically
i have built the standard login page which compares against the
database and lets me into the next screen if username and password
match a record in the database.

Now that ive done this i realise that somone could go round this
screen by typing a direct path to the next screen. I think i could
avoid this by setting a cookie in the login screen and only allowing
the next screen to open if the cookie exists with a certain value - or
something like that.

Can anyone please advise me to the best way of doing this as im new to
asp.net. any examples greatly appreciated. what about session state is
ait better to use this. Basically i want to force users to login
through my login screen.

CG
 
Reply With Quote
 
 
 
 
Joseph MCAD
Guest
Posts: n/a
 
      04-11-2005
April 8, 2005

Since you are using Form Authentication you can Easily force users by
adding a line to your web.config file. Just add the <forms> element to the
authentication element. Then specify the loginUrl="Login.aspx" attribute to
the forms element....

<authentication mode="Forms">
<forms loginUrl="YourLoginPage.aspx"/>
</authentication>

Then deny all unauthenticated users... (This will force authentication if
they are not authenticated already.)

<authorization>
<deny users="?"/> ' ? stands for unauthenticated users
</authorization>

Then you will have to put your login page in a subfolder and put a web
config file in that folder specifying that unauthenticated users can access
that folder. This will allow unauthenticated users to access your login
page...

' Subfolder Register
<authorization>
<allow users="*"/>
</authorization>

You cannot specify the authenticated element in a folder, so delete it from
the subfolder. This is all you have to do!

Joseph MCAD



"Colin Graham" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hi there,
>
> I have an issue relating to login to my asp.net application. Basically
> i have built the standard login page which compares against the
> database and lets me into the next screen if username and password
> match a record in the database.
>
> Now that ive done this i realise that somone could go round this
> screen by typing a direct path to the next screen. I think i could
> avoid this by setting a cookie in the login screen and only allowing
> the next screen to open if the cookie exists with a certain value - or
> something like that.
>
> Can anyone please advise me to the best way of doing this as im new to
> asp.net. any examples greatly appreciated. what about session state is
> ait better to use this. Basically i want to force users to login
> through my login screen.
>
> CG



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Urgent : Direct Client is looking for Informatica Admin &Developer(Admin must) sarah Fernandes Java 0 11-01-2010 05:03 PM
laptop only 1/4 screen but on full screen bugsy General Computer Support 0 04-01-2008 08:51 AM
Rails: generate scaffold Product Admin overwrites admin pages Phlip Ruby 1 09-15-2006 09:40 PM
Admin User Accounts missing from Login screen =?Utf-8?B?Z2RlbGxpbmdlcg==?= Windows 64bit 9 06-29-2005 05:11 PM
Inspiron 3200 with No Bios Screen (only BLANK screen) opensource71 Computer Support 3 02-08-2004 05:08 PM



Advertisments