I'm using Membership Provider for create and manage users and roles in my site. I'm trying to restric access to a specific roles to the Account folder using web.config into this folder with this rule:
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*" />
</authorization>
</system.web>
I'm using Web Forms and forms authentication like show below:
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" timeout="2880" defaultUrl="~/" />
</authentication>
But when I try to access to page located into Account folder I'm getting:
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable. Below a picture with the error:
How can I do for redirect to Login when the user try to access to unauthorized folder or url?
You are accessing the Login.aspx like /Account/Login/Default.aspx which doesn't exist.
Shouldn't that be ~/Account/Login.aspx?
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
How to debug?
Make sure you can access Login.aspx properly.
Then paste that URL inside form tag in web.config like above.
Related
I have the following setup in my Web.Config:
<authentication mode="Forms">
<forms loginUrl="Landing/Login.aspx" defaultUrl="~/Member/Dashboard.aspx">
<credentials passwordFormat="SHA1"></credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
This correctly redirects when testing on locahost, but when published to Azure, logging in just redirects to http://mysite.azurewebsites.net/ and not http://mysite.azurewebsites.net/Member/Dashboard.aspx as described in the Web.Config. Interestingly enough, however, trying to navigate to a page without logging in correctly redirects to the defined loginUrl="Landing/Login.aspx". Should I be using the FQDN in this case for the defaultUrl? Are forms authentication not setup on IIS of my Azure server? Please advise.
I am using FormAuthencation in my current web application with ASP.NET 4.5. I have placed a check on Login page if (User.Identity.IsAuthenticated){ } then redirect to main page , but strange without even login i am getting User.Identity.IsAuthenticated = true i do not understand why that giving true.
Web.Config
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" name=".ASPNETAUTH" defaultUrl="~/Account/Welcome.aspx" protection="All" timeout="30" path="/"></forms>
</authentication>
Thanks
Ravi Mittal
If this is published in IIS, you need to disable anonymous access via IIS (you can see how to do that on this page).
It would also help to make sure the <authorization> section of your web.config has something like this:
<authorization>
<deny users="?"/>
</authorization>
This will block "unauthorized" users from your app.
I've a strange issue with a .NET 4.0 website published on IIS6.
It implements the Forms Authentication, and in my Web.Config I've something like:
<authentication mode="Forms">
<forms loginUrl="~/login.aspx" timeout="2880" name="AUTH_TOKEN" />
</authentication>
<authorization>
<allow roles="__AUTHUSER__" />
<deny users="*" />
</authorization>
And I've the Default.aspx setted as default document in the website.
If I try to access the www.site/default.aspx it redirects me to the www.site/login.aspx?ReturnUrl=%2fDefault.aspx
And it is fine.
The problem is that if I try to access www.site/default.aspx?ReturnUrl= it gave me a 401.2 error page: not authorized.
It's happening that this is a rebuild of an intranet application and many users actually (for some reason) have the www.site/default.aspx?ReturnUrl= url saved in the bookmarks... so I need to get it work.
Any ideas?
I have a webforms application configured to use forms authentication. It works on my development machine but since I configured it on IIS, I get a ReturnUrl on my login page with the application name, Upon logging in I get back to the same login page logged in but without the returnUrl. Logging in again redirects me to the correct page finally
How can I stop this ReturnUrl appearing on my login page?
http://localhost/myApp/login.aspx?ReturnUrl=%2MyApp%2f
I have checked directory permissions & allowed all users on login page with authorization tag in my web.config but it does not work. Some of my web.config
<authentication mode="Forms">
<forms name="MyAuthCookie" timeout="30" loginUrl="login.aspx"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
.
.
.
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
Add defaultUrl tag and give the name of page where you want to redirect after login.
Suppose you want login and redirect to "xyz.aspx" page then you have to add below code in web.config file
Note: don't give loginUrl tag.
<authentication mode="Forms">
<forms name="MyAuthCookie" timeout="30" defaultUrl="xyz.aspx"></forms>
</authentication>
<authorization>
I have such section in my web.config to deny access of anonymous users to elmah.axd. Is it possible to make exception and add credentials for admin user to allow that user access protected web page? I would like to display browser authentication dialog and ask user for credentials before accessing elmah.axd url.
<location path="elmah.axd">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
Here is how to do it.
http://www.xoc.net/works/tips/forms-authentication.asp
By the way browser authentication forms are usually used in intranets with Windows authentication. And not forms authentication.
Yes:
Add this to <system.web>
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="Login.aspx"
protection="All"
timeout="30"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="Login.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false"/>
</authentication>
It will redirect anonymous users to Login.aspx