Problem with Form based authentication
-
I've the following on my web.config file:
<authentication mode= "Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="login.aspx"
protection="All" path="/" timeout="30" />
</authentication>
</system.web><!-- Require authorization for all files --> <!-- in the "member" subdirectory --><system.web>
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
</system.web><location path="images">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>This last section (path="images") its because not authorized users need to access image files so they can load login.aspx. However, with this configuration, unauthorized users can access others .aspx, they are not redirect to login.aspx. They are allowed to access anywhere. Why is it happening?
-
I've the following on my web.config file:
<authentication mode= "Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="login.aspx"
protection="All" path="/" timeout="30" />
</authentication>
</system.web><!-- Require authorization for all files --> <!-- in the "member" subdirectory --><system.web>
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
</system.web><location path="images">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>This last section (path="images") its because not authorized users need to access image files so they can load login.aspx. However, with this configuration, unauthorized users can access others .aspx, they are not redirect to login.aspx. They are allowed to access anywhere. Why is it happening?
Maxdd 7 wrote:
As far as my understanding means every one can access...!If u want to restrict access to every one and access to only login users it should be
< deny users="?" / >
if you want to give access to all remove tht section simple as tht..!
LatestArticle :Log4Net Why Do Some People Forget To Mark as Answer .If It Helps.
-
Maxdd 7 wrote:
As far as my understanding means every one can access...!If u want to restrict access to every one and access to only login users it should be
< deny users="?" / >
if you want to give access to all remove tht section simple as tht..!
LatestArticle :Log4Net Why Do Some People Forget To Mark as Answer .If It Helps.
I need to give access to all to login.aspx, and restrict access to the rest, only to authorized users, that's why I allow unauthorized users to subdirectory images (so they can load images of login.aspx) and then try restrict access to the other pages :
allow users="*" />
<deny users="?" />But obviously I'm doing wrong..
-
I need to give access to all to login.aspx, and restrict access to the rest, only to authorized users, that's why I allow unauthorized users to subdirectory images (so they can load images of login.aspx) and then try restrict access to the other pages :
allow users="*" />
<deny users="?" />But obviously I'm doing wrong..
Maxdd 7 wrote:
deny users="?"
Why to give this again.Its no need..! Oh Your Folder Structure,i am not getting it ..!
Maxdd 7 wrote:
I need to give access to all to login.aspx, and restrict access to the rest, only to authorized users
This is bit confusing:confused: You need to be more clear . AS far as my understanding..! 1)You have login page which need to access for all..! 2)The images in the login page is to be restricted to all user Is Tht what you Want to do? Then Thts bit typical way you are using..! try like this.Move the login.aspx to root..! but restrict only the folder images is a bad idea..!
LatestArticle :Log4Net Why Do Some People Forget To Mark as Answer .If It Helps.
-
I've the following on my web.config file:
<authentication mode= "Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="login.aspx"
protection="All" path="/" timeout="30" />
</authentication>
</system.web><!-- Require authorization for all files --> <!-- in the "member" subdirectory --><system.web>
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
</system.web><location path="images">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>This last section (path="images") its because not authorized users need to access image files so they can load login.aspx. However, with this configuration, unauthorized users can access others .aspx, they are not redirect to login.aspx. They are allowed to access anywhere. Why is it happening?
<allow users="\*" /> <deny users="?" />The first rule applies, in this case allow users = "*" If you want to only allow access to authenticated users, use something like deny users = "?" But never use allow users = "*" as the first rule, because oncea rule applies the ones below are ignored
Alexei Rodriguez
-
<allow users="\*" /> <deny users="?" />The first rule applies, in this case allow users = "*" If you want to only allow access to authenticated users, use something like deny users = "?" But never use allow users = "*" as the first rule, because oncea rule applies the ones below are ignored
Alexei Rodriguez
AlexeiXX3 wrote:
But never use allow users = "*" as the first rule, because oncea rule applies the ones below are ignored
Yes that was the problem. So what I did is just put all files (except login.aspx) on a folder members, and then all I just need is that:
<location path="members">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>