I have the following setup, but when I access the ManageContacts.aspx (from IIS express), it does not point me to the login.aspx, did I do anything wrong ? Simple password are for illustration purpose only.
<location path="~/ManageContacts.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="admin"/>
</authorization>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login">
<credentials>
<user name="admin" password="123456"/>
</credentials>
</forms>
</authentication>
</system.web>
</location>
Try this following code:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginurl="Account/Login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="ManageContacts.aspx">
<system.web>
<authorization>
<deny users="?" />
<allow users="admin" />
</authorization>
</system.web>
</location></configuration>
Related
so i'm trying to put a forms authentication the problem is i'm getting 401.2 Error when i try to go to my login.aspx page, i'm working with iisexpress
<authorization>
<deny users="?"/>
</authorization>
<authentication mode="Forms">
<!--<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" path="/"></forms>-->
<!--<forms loginUrl="Login.aspx" timeout="2880" defaultUrl="/" />-->
</authentication>
I tried to add this but it didn't solve my problem
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="Content">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="fonts">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="Scripts">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
I searched and tried several solution but no chance have you any idea?
Simple Forms Authentication from MSDN
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
very clear and good article I have in bookmarks http://weblogs.asp.net/gurusarkar/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config
Finally i made a workarround like this
I deleted this part :
<authorization>
<deny users="?"/>
</authorization>
then I modified the locations tags like this :
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Users.aspx">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Content">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="fonts">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
<location path="Scripts">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
So when I tru to go to default or users page i'm gettting redirected automatically to login page.
I really searched a lot to understand what i'm doing wrong but didn't find out so I'm adopting this solution for the moment.
I'm struggling to get around this problem with form authorization. I've got it all working as it should, people can only access the pages i specify apart from the root. By that i mean if they go to www.mysite.com they get the unauthorized access page but if i go directly to default.aspx, it works fine.
I'm still learning for please forgive me if it's something blatantly obvious :)
Here's my webconfig code:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
I've set my default doc in IIS to default.aspx but that's not fixed it.
How to i allow all user access to the root of my site?
Thanks all!
Update: I've tried this:
<location path="/">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
but i get a HTTP Error 500.19 :(
Updated: i've answered my own question - even though i cant answer it yet on here!
Well, it looks like i was doing it wrong - i've now changed to allow all pages and block the folder/pages i want like this:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="username"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Well, it looks like i was doing it wrong - i've now changed to allow all pages and block the folder i want like this:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="username"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
I use authencation in asp.net mvc4
<authentication mode="Forms">
<forms loginUrl="~/Login" timeout="2880" />
</authentication>
when I'm not logged in, can not call functions registered in RegisterController. I try
<location path="~/Register">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
but is not.
How to solve?
<location path="Register">
<system.web>
<authorization>
<allow roles="roles if any" />
<deny users="*" />
</authorization>
</system.web>
</location>
try this this may work .. change the role if u got any that need access!!
I setup a really basic authentication schema using a SHA1 pw and credentials stored in web.config.
After deploying the .Net 4.0 site (in IIS 7), I can successfully login when I go to the www location from the server the site resides on.
However when trying to login from a browser on another computer, putting in the appropriate credentials just cycles right back to the login screen.
In the site's IIS Authentication, I enabled Anonymous, Basic and Forms.
<system.web>
<compilation debug="true" targetFramework="4.0">
</compilation>
<authentication mode="Forms">
<!-- <forms loginUrl="~/Account/Login.aspx" timeout="2880"/> -->
<forms name=".ASPXFORMSAUTH" loginUrl="~/Account/Login.aspx" defaultUrl="~/AdminPages/Default.aspx" cookieless="UseCookies" timeout="30">
<credentials passwordFormat="SHA1">
<user name="user1" password="77A80B8DE9F00DD1CC502344C38FC1BA24CC0897" />
<user name="user2" password="329E66AD5EC6E09AA8002311ACAF6ADBACD12DC4" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="Styles">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Scripts">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Account">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="AdminPages">
<system.web>
<authorization>
<allow users="user1,user2"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Any ideas?
Thanks.
Using the following configuration, I was able to achieve the desired user-based authentication with credentials stored in the Web.config with SHA1 pw encryption. Hope it helps someone:
<authentication mode="Forms">
<forms defaultUrl="~/AdminPages/Website.aspx" loginUrl="~/Account/Login.aspx" slidingExpiration="true" timeout="1000">
<credentials passwordFormat="SHA1">
<user name="baden1" password="77A80B8DE9F00DD1CC502344C38FC1BA24CC0897"/>
<user name="bruno1" password="329E66AD5EC6E09AA8002311ACAF6ADBACD12DC4"/>
</credentials>
</forms>
</authentication>
<authorization>
<allow users="admin"/>
<deny users="?"/>
</authorization>
<authentication mode="Forms">
<forms name="MyAppCookie" loginUrl="~/Registration.aspx" protection="All" timeout="30" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
I added this code in the configuration file and the master page wont appear whenever i load my pages. Why and how can i fix this?
Another issue that i experience is when i go to Website---> ASP configuration,, no WAT window opens!?!
I had to do this in the web.config for one of my sites:
<location path="Scripts">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Images">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>