I have a site made in asp.net (vb.net as backend).
This site is locateted http://localhost/TEST.
If I visit any aspx file like http://localhost/TEST/about.aspx i get redirected to login aspx. Login.aspx is set as start page in visual studio.
The problem is that if i visit http://localhost/TEST I come to a directory with a list of all the aspx files.
How do I redirect any user that visit http://localhost/TEST to http://localhost/TEST/login.aspx ??
Your post has some mixed concepts in it. Lets get them organized.
First, VS has a start page. That is the starting page used when you run the web site with or without the debugger. That only matters when you are running the site from VS. Once you deploy to IIS then that no longer has any impact.
What you are asking for is a default page the user is redirected to when they don't explicitly specify a page. You can configure the default page in the web.config like this:
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="About.aspx" />
</files>
</defaultDocument>
</system.webServer>
You don't want to specify Login.aspx as the default page. Specify a home page. If the user has already logged in then they should not be automatically navigated to the login page, you want them to go to some home page.
The login page sounds like it is already configured correctly because you mentioned that when you go to about.aspx it redirect to login.aspx. That is handled in the authentication section of the web.config file. If the user has not been authenticated then it will redirect to the login page.
<authentication mode="Forms">
<forms name="asp.ASPXAUTH" loginUrl="login.aspx" protection="All" path="/"/>
</authentication>
I think the only part you need to change is adding the defaultDocument section to web.config.
In your folder TEST, create a blank webpage called "default.aspx" that redirects visitors to the login page if they are not logged in or the about page if they are logged in.
You can simply use web.config file and disable the directory browsing.
<system.webServer>
<directoryBrowse enabled="false" />
</system.webServer>
Related
I've a WebForms site that uses ASP.NET Identity for authentication. If I haven't logged in to the site, it automatically tries to redirect me to the Login page. However, it's leaving off the ".aspx" part of the URL, so I'm left with http://localhost:10684/Login?ReturnUrl=.... Since the user doesn't have access to /Login (without the .aspx), it auto-redirects again, and again, and again, until Chrome stops it saying there's a redirect loop.
Could I get some insight into what might be causing this?
Here's the full URL I'm left with after it gets stopped when trying to go to http://localhost:10684/Default.aspx:
http://localhost:10684/Login?ReturnUrl=%2FLogin%3FReturnUrl%3D%252FLogin%253FReturnUrl%253D%25252FLogin%25253FReturnUrl%25253D%2525252FLogin%2525253FReturnUrl%2525253D%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FLogin%252525252525252525252525252525252525253FReturnUrl%252525252525252525252525252525252525253D%25252525252525252525252525252525252525252FDefault.aspx
Check your web.config's authentication settings, e.g.:
<authentication mode="Forms">
<forms loginUrl="/Login" />
</authentication>
It might be missing the .aspx extension:
<authentication mode="Forms">
<forms loginUrl="/Login.aspx" />
</authentication>
Likewise, if the redirect URL is instead defined in a code-behind somewhere, check that the extension was provided. Search for instances of /Login or ~/Login in your source code to see where it might be referenced.
For more than a couple of years, we have successfully used the approach outlined in this post for enabling mixed-mode authentication in our Asp.Net app:
https://stackoverflow.com/a/7735008
We have 2 pages, Login.aspx and WindowsLogin.aspx with appropriate elements as highlighted in above post. Everything has been working fine until recently when it broke and we are unable to figure out why or when it broke down (for a few months, we had been working on major new features in our app, we added a few managed modules and other things, but I have tried eliminating them one at a time with no avail).
We have this defined for our global authentication:
<system.web>
<authentication mode="Forms">
<forms cookieless="UseCookies" loginUrl="~/Login.aspx" slidingExpiration="true" timeout="10" />
</authentication>
</system.web>
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="true" />
<basicAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<windowsAuthentication enabled="false" />
</authentication>
</security>
</system.webServer>
Then appropriate elements exactly as in the referenced post. Now when I visit WindowsLogin.aspx directly in browser, it 302 redirects me to Login.aspx with return url set to WindowsLogin.aspx. I have tried simplifying web.config by eliminating all unneeded configuration until all remained was bare bones authentication and other pieces. Still WindowsLogin.aspx redirects to Login.aspx (i.e. Forms authentication is kicking on WindowsLogin.aspx page).
The interesting thing is if I change loginUrl to WindowsLogin.aspx (with everything else remaining exactly same), then WindowsLogin.aspx shows me the native browser authentication challenge as expected.
I have tried and exhausted all options I could think of to get this work with loginUrl set to Login.aspx, but it simply doesn't work.
I enabled IIS tracing rules for 302 redirect and captured a log file where WindowsLogin.aspx was redirecting to Login.aspx (with loginUrl set to Login.aspx). The trace file is available here:
http://imbibe.in/public/fr000001.xml
Can someone please help me in figuring out why is FormsAuthentication module kicking on WindowsLogin.aspx page when its WindowsAuthentication module that is supposed to do the auth there. And why does just switching the login url raises the 401 challenge on Windows Auth page. We are working with IIS 7.5 on Win Server 2008.
UPDATE: I created a simple web app with only 3 pages, Default, Login and WindowsLogin and followed the mixed-mode authentication approach on the same server and it worked. Which obviously means its something in our application/app pool that is interfering. I am hoping the IIS Trace log provided can shed some light on it.
If I completely remove <authentiction mode="Forms"> from our app's web.config (which essentially means no auth is enabled), then Login and WindowsLogin pages work fine.
But with the current configuration only, going to WindowsLogin redirects back to Login.aspx.
You need to add some location exceptions in your web.config file (anywhere outside the regular System.Web section):
<!-- Providing it's in the root - No leading slashes! -->
<location path="WindowsLogin.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
This will allow all non-authenticated FORMS users to access the page. Otherwise your users will keep getting redirected to the FORMS login page (as they should).
I have put my Default.aspx in a folder and now when I login with a user it redirects me to the Default.aspx in the root folder (which doesn't exist) so I get a resource not found error. Also when I do log out I just get redirected to the root folder.
How do I fix this so I get redirected to the proper location?
If you are using the built in asp.net Membership authentication, then within your web.config, there will be a section which allows you to specify the defaultUrl which is as the default Redirect after Log In or Log Out.
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" defaultUrl="[Spefify Page Here]" />
</authentication>
Alternatively, you can use Response.Redirect to specify the page within your code.
When login and logout, in the respective pages, you can use Response.Redirect Method.
http://msdn.microsoft.com/en-us/library/a8wa7sdt%28v=vs.80%29.aspx
Response.Redirect("link_of_your_desired_location", false);
I've created an application and I published it on my server. I would like to set it so when the user navigates to
appName.domainName.com
they would automatically be redirected to
appName.domainName.com/myApplication.aspx
I've set up a Default.htm file in my root directory with a redirection meta tag. However, if I set the page to be my home page, whenever I first open IE, I get a "Interent Explorer cannot display the webpage" message. Once I hit F5 it refreshes and works correctly. Does anyone have a clue as to what could be causing this?
One option would be to configure IIS to use myApplication.aspx as the "default page" when navigating to your application instead of redirecting based on a previous default page.
Using the IIS documentation, you could add this to your web.config
<configuration>
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="myApplication.aspx" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
Or otherwise use the IIS manager to set the value to your page.
In my web application i want to redirect to login page, which is in the same folder[admin folder], when i type like
"xxx.com/admin" it is redirect to login.aspx page which is in admin folder.
for this i place one index.html page and write meta tag code, even though it is not redirect to loginpage. it is going to index.aspx page. shall i have to remove this index.aspx page, i have default page also there in admin folder. can u help me.
If you are using IIS 7.5 take a look at the UrlRewrite 2 Module http://www.iis.net/download/urlrewrite
If you are using IIS 6 you can use the asp.net 2 url rewriting technique, but the xxx.com/admin/default.aspx needs to be physically existing to allow redirects to happen
Add this to your Web.config:
<authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" />
</authentication>
This will redirect users to your loginUrl if they try to access a protected page when they are not authenticated.
You should probably read up on Forms Authentication in asp.net to get all of the dirty details.
Here is an explanation of how you can add additional default documents to IIS. Default documents are used to try and determine which page a user should be directed to when they don't specify a specific page (your xxx.com/admin example)