Advanced Forms Authentication

08-14-2006

I've got a web site with URLs like the following:

http://www.mysite.com/nnnn/webpage.aspx

where nnnn is a number which represents an ID, e.g.
http://www.mysite.com/1234/webpage.aspx.

I can easily decode the URL and retrieve the ID (which represents a specific
customer) and then rewrite the URL, removing the ID so that the page served
for the above example would be http://www.mysite.com/webpage.aspx. This
scheme makes it look like each customer has their own "directory" on the web
site, where it's actually one directory but parameterised by their ID.

The problem is that Forms Authentication seems to require a hard-coded login
page in the web.config file. But I need to be able to specify the login page
at runtime. So, for the above example, if the user isn't authenticated,
Forms Authentication should redirect to
http://www.mysite.com/1234/login.aspx, but if the ID were 9999 it should be
http://www.mysite.com/9999/login.aspx.

What's the easiest way to achieve this?

TIA

MikeS.

08-20-2006

Hi,

you could write an http module (or application event handler) that checks
for a 401 and does the redirect to the right login page manually. EndRequest
would be a good place for that.

---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com

> I've got a web site with URLs like the following:
>
> http://www.mysite.com/nnnn/webpage.aspx
>
> where nnnn is a number which represents an ID, e.g.
> http://www.mysite.com/1234/webpage.aspx.
>
> I can easily decode the URL and retrieve the ID (which represents a
> specific customer) and then rewrite the URL, removing the ID so that
> the page served for the above example would be
> http://www.mysite.com/webpage.aspx. This scheme makes it look like
> each customer has their own "directory" on the web site, where it's
> actually one directory but parameterised by their ID.
>
> The problem is that Forms Authentication seems to require a hard-coded
> login page in the web.config file. But I need to be able to specify
> the login page at runtime. So, for the above example, if the user
> isn't authenticated, Forms Authentication should redirect to
> http://www.mysite.com/1234/login.aspx, but if the ID were 9999 it
> should be http://www.mysite.com/9999/login.aspx.
>
> What's the easiest way to achieve this?
>
> TIA
>
> MikeS.
>

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Re: Advanced Python Programming Oxford Lectures [was: Re: AdvancedPython book?]	Michele Simionato	Python	1	03-27-2010 06:10 AM
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment)	JEFF	ASP .Net	1	11-12-2007 07:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie	Eric	ASP .Net Security	2	01-27-2006 10:09 PM
Forms authentication - Multiple login forms based on directory acc	Keltex	ASP .Net Security	1	01-24-2006 03:06 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication	Eric	ASP .Net	2	02-13-2004 02:14 PM