login
-
you could place the testimonial.aspx and order.aspx into a certain directory and set up forms authentication on that directory using your web.config. once you've done that, a request to those pages will be authenticated by asp.net for you. that is, the user (on your index page) clicks on the order.aspx page link. the order page, since a "restricted" resource, will check whether the user has been through a successful login. if not, he's redirected to the login page with a follow up back to the order page. btw and if that was your question, the login page has to be specified in the authentication section in your web.config. hth. /matthias
I love deadlines. I like the whooshing sound they make as they fly by.
[Douglas Adams]hey thanks for the solution. but im not sure about the web config.. can show me a sample of how to do it in web config?
-
Hi there, As Matthias pointed out that you may need to set up the Forms Authentication in your ASP.NET application to protect the restricted pages, the user will be directed to the login page when he tries to access those resources. And the originally requested url is added to the query string, once the user is authenticated, you can get that url in the query string with the key
ReturnURL.hey thanks. i will get back to you.;)
-
hey thanks for the solution. but im not sure about the web config.. can show me a sample of how to do it in web config?
hi there, I just copied some snippet from a small test app I've written some time ago. This is how the webconfig looks like: here goes the authentication section, instructing asp.net to use forms-authentication: here goes the restricted areas section (all users except admins are denied in the subdirectory 'restricted'): when implementing this, you'll have to make sure that you assign a security principle to each request that comes in. you can do that in the Application_AuthenticateRequest of your global asax code file. there are plenty of good articles on how to set up forms authentication and it really is understood and done quickly. I'd post some good links, but I don't have any. try cp or google instead. hth. /matthias
I love deadlines. I like the whooshing sound they make as they fly by.
[Douglas Adams] -
Hi there, As Matthias pointed out that you may need to set up the Forms Authentication in your ASP.NET application to protect the restricted pages, the user will be directed to the login page when he tries to access those resources. And the originally requested url is added to the query string, once the user is authenticated, you can get that url in the query string with the key
ReturnURL.i did this in login.aspx..but cant seems to direct me to the requested page.. am i doing it right?
if (status == 0) { string url = Request.QueryString["ReturnUrl"]; FormsAuthentication.RedirectFromLoginPage(txtUserID.Value.Trim(), true); Response.Redirect(url); } else { lbl.Text = "Invalid UserID or Password!"; }:confused: -
i did this in login.aspx..but cant seems to direct me to the requested page.. am i doing it right?
if (status == 0) { string url = Request.QueryString["ReturnUrl"]; FormsAuthentication.RedirectFromLoginPage(txtUserID.Value.Trim(), true); Response.Redirect(url); } else { lbl.Text = "Invalid UserID or Password!"; }:confused:You can use either the RedirectFromLoginPage method or the Redirect method to direct thr authenticated user to the originally requested page. Also, if you set up the Forms Authentication mode properly, then you will see the requested url added to the query string when the user is directed to the login page. http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetHT03.asp[^] http://www.codeproject.com/aspnet/formsroleauth.asp[^]
-
You can use either the RedirectFromLoginPage method or the Redirect method to direct thr authenticated user to the originally requested page. Also, if you set up the Forms Authentication mode properly, then you will see the requested url added to the query string when the user is directed to the login page. http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetHT03.asp[^] http://www.codeproject.com/aspnet/formsroleauth.asp[^]
i did my web.config as shown but still cant get it to work.. 1)
<configuration> <system.web> <compilation defaultLanguage="c#" debug="true"/> <authentication mode="Forms"> <forms name="LoginForm" loginUrl="login.aspx" protection="All" timeout="60" slidingExpiration="true" path="/" /> </authentication> <machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1"/> </system.web> <location path="Temp"> <system.web> <authorization> <allow roles="Admin" /> <deny users="*" /> </authorization> </system.web> </location> </configuration>2) do i need to create application name in Application Settings under the directory tab for the folder (Temp) where i place my order.aspx and customerinfo.aspx in IIS properties? 3)do i need to place the login page into the Temp folder too? -
i did my web.config as shown but still cant get it to work.. 1)
<configuration> <system.web> <compilation defaultLanguage="c#" debug="true"/> <authentication mode="Forms"> <forms name="LoginForm" loginUrl="login.aspx" protection="All" timeout="60" slidingExpiration="true" path="/" /> </authentication> <machineKey validationKey="AutoGenerate" decryptionKey="AutoGenerate" validation="SHA1"/> </system.web> <location path="Temp"> <system.web> <authorization> <allow roles="Admin" /> <deny users="*" /> </authorization> </system.web> </location> </configuration>2) do i need to create application name in Application Settings under the directory tab for the folder (Temp) where i place my order.aspx and customerinfo.aspx in IIS properties? 3)do i need to place the login page into the Temp folder too?1. What do you mean by cannot get it to work? You cannot get the requedted URL or the authenticated user is always redirected to the login page? If so, can you run it in debug mode to see if you can get the url. 2. You don't need to create an Application for the temp folder, otherwise this folder is considered as a new application. 3. No, the login page should be accessible to all users.
-
1. What do you mean by cannot get it to work? You cannot get the requedted URL or the authenticated user is always redirected to the login page? If so, can you run it in debug mode to see if you can get the url. 2. You don't need to create an Application for the temp folder, otherwise this folder is considered as a new application. 3. No, the login page should be accessible to all users.
oh it keeps redirecting me to login page..im able to get the requested URL
-
oh it keeps redirecting me to login page..im able to get the requested URL
-
Do you have any code to set the role of the user? If no, you now can take a look at Heath's article to see how to do that because at the moment all the users are not allowed to access the Temp folder except those belong to the Admin group(role).
hey THANKS!!!!!!!!!!!!!!!! with your help im able to do it..anw i found another website which oso explain about it. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/html/secmod18.asp
-
Do you have any code to set the role of the user? If no, you now can take a look at Heath's article to see how to do that because at the moment all the users are not allowed to access the Temp folder except those belong to the Admin group(role).
hey sorry im back!!:-D yea i've got this problem. remember about the login n the web config thingy, i just test my program n this time the web browser says im not autorized to view tt page.. im not sure why but yester it was working..i didnt touch anything. the error was http 403 .. however if i click onto the back button till the index page and click the link to customerinfo.aspx, im able to go link to it..
-
hey sorry im back!!:-D yea i've got this problem. remember about the login n the web config thingy, i just test my program n this time the web browser says im not autorized to view tt page.. im not sure why but yester it was working..i didnt touch anything. the error was http 403 .. however if i click onto the back button till the index page and click the link to customerinfo.aspx, im able to go link to it..
-
Hi there, Can you post the full error message as there are a number of different http 403.x errors? Can you also take look at the ASP.NET Trace[^] to see if it can help?
Very sorry for the late reply, have been away. ok here is the error: You might not have permission to view this directory or page using the credentials you supplied. HTTP Error 403 - Forbidden :~ Chris