Authentication, sometimes
-
Hi all, I am working on an intranet wep app. done entirely in ASP.NET. I would like to set up some kind of authentication method to control access to SOME of the pages. The user experience I need to achieve is: most users get to most pages with NO PROMPT for authentication. Whenever a user tries to access a "controlled" page, they are prompted to authenticate. After authentication, the "controlled" page with behave slightly differently depending on who the user is. I tried putting the controlled pages in a subfolder and adding a web.config with forms authentication to that folder, but got an error saying that that option was only valid at the application level... I could code it all from scratch...but there's gotta be an easier way, no? Anyone have any ideas? Thanks in advance Bill ps: oh! integrated windows authentication is NOT an option, since many of the machines from which this app will be accessed use a generic login.
-
Hi all, I am working on an intranet wep app. done entirely in ASP.NET. I would like to set up some kind of authentication method to control access to SOME of the pages. The user experience I need to achieve is: most users get to most pages with NO PROMPT for authentication. Whenever a user tries to access a "controlled" page, they are prompted to authenticate. After authentication, the "controlled" page with behave slightly differently depending on who the user is. I tried putting the controlled pages in a subfolder and adding a web.config with forms authentication to that folder, but got an error saying that that option was only valid at the application level... I could code it all from scratch...but there's gotta be an easier way, no? Anyone have any ideas? Thanks in advance Bill ps: oh! integrated windows authentication is NOT an option, since many of the machines from which this app will be accessed use a generic login.
Add this to you web.config for the pages you want to allow access to: Your authentication for the rest that needs restricted access will still look something like this: HTH, -Thea-
-
Add this to you web.config for the pages you want to allow access to: Your authentication for the rest that needs restricted access will still look something like this: HTH, -Thea-
Hi Thea, Thank you for the reply...it seems like a good route to go. I am trying to implement what you suggested but I am running into some trouble. After a few false starts in my application, I decided I really did not understand forms authentication and that I needed to test and learn. So I created another project with three aspx pages: FreeToAll.aspx Controlled.aspx and login.asp My web.config looks like: ... ... IIS is set to allow anonymous users. Now for my confussion: I expected that if I try to browse directly to Controlled.aspx, it would redirect me to login.aspx but if I try to browse to FreeToAll.aspx it will allow me to pass to it directly. In reality, it lets me go to either one without bouncing me to login.aspx. So I get the feeling I am missing something...any suggestions you can offer will be greatly appreciated.
-
Hi Thea, Thank you for the reply...it seems like a good route to go. I am trying to implement what you suggested but I am running into some trouble. After a few false starts in my application, I decided I really did not understand forms authentication and that I needed to test and learn. So I created another project with three aspx pages: FreeToAll.aspx Controlled.aspx and login.asp My web.config looks like: ... ... IIS is set to allow anonymous users. Now for my confussion: I expected that if I try to browse directly to Controlled.aspx, it would redirect me to login.aspx but if I try to browse to FreeToAll.aspx it will allow me to pass to it directly. In reality, it lets me go to either one without bouncing me to login.aspx. So I get the feeling I am missing something...any suggestions you can offer will be greatly appreciated.
mean allow anyone access what you need is which will deny unauthenticated users and redirect them to the login page.
-
mean allow anyone access what you need is which will deny unauthenticated users and redirect them to the login page.
Many thanks to both Mark and Thea, Here's what seems to have worked: I put all the pages I want to control access to into a single subdirectory called "controlled". The the web.config in the application root looks like: ... ... And that seems to do the trick! Any one gets to anything anywhere but the /controlled/ directory with no login prompt. But if you try to get something in /controlled/ you get redirected to the login. Thanks again for all the help, Bill