I setup a really basic authentication schema using a SHA1 pw and credentials stored in web.config.
After deploying the .Net 4.0 site (in IIS 7), I can successfully login when I go to the www location from the server the site resides on.
However when trying to login from a browser on another computer, putting in the appropriate credentials just cycles right back to the login screen.
In the site's IIS Authentication, I enabled Anonymous, Basic and Forms.
<system.web>
<compilation debug="true" targetFramework="4.0">
</compilation>
<authentication mode="Forms">
<!-- <forms loginUrl="~/Account/Login.aspx" timeout="2880"/> -->
<forms name=".ASPXFORMSAUTH" loginUrl="~/Account/Login.aspx" defaultUrl="~/AdminPages/Default.aspx" cookieless="UseCookies" timeout="30">
<credentials passwordFormat="SHA1">
<user name="user1" password="77A80B8DE9F00DD1CC502344C38FC1BA24CC0897" />
<user name="user2" password="329E66AD5EC6E09AA8002311ACAF6ADBACD12DC4" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="Styles">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Scripts">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Account">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="AdminPages">
<system.web>
<authorization>
<allow users="user1,user2"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Any ideas?
Thanks.
Using the following configuration, I was able to achieve the desired user-based authentication with credentials stored in the Web.config with SHA1 pw encryption. Hope it helps someone:
<authentication mode="Forms">
<forms defaultUrl="~/AdminPages/Website.aspx" loginUrl="~/Account/Login.aspx" slidingExpiration="true" timeout="1000">
<credentials passwordFormat="SHA1">
<user name="baden1" password="77A80B8DE9F00DD1CC502344C38FC1BA24CC0897"/>
<user name="bruno1" password="329E66AD5EC6E09AA8002311ACAF6ADBACD12DC4"/>
</credentials>
</forms>
</authentication>
<authorization>
<allow users="admin"/>
<deny users="?"/>
</authorization>
Related
as the title says, i am trying to exclude a few pages such as my register.aspx from Form Authentication Redirection, here is my web.config
<authentication mode="Forms">
<forms name="MyAppCookie" loginUrl="Login.aspx" protection="All" timeout="120" defaultUrl="Default.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
Use the location tag in your web.config.
<location path="register.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
See this article for more information.
I have the following setup, but when I access the ManageContacts.aspx (from IIS express), it does not point me to the login.aspx, did I do anything wrong ? Simple password are for illustration purpose only.
<location path="~/ManageContacts.aspx">
<system.web>
<authorization>
<deny users="?"/>
<allow users="admin"/>
</authorization>
<authentication mode="Forms">
<forms loginUrl="~/Account/Login">
<credentials>
<user name="admin" password="123456"/>
</credentials>
</forms>
</authentication>
</system.web>
</location>
Try this following code:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginurl="Account/Login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="ManageContacts.aspx">
<system.web>
<authorization>
<deny users="?" />
<allow users="admin" />
</authorization>
</system.web>
</location></configuration>
I'm struggling to get around this problem with form authorization. I've got it all working as it should, people can only access the pages i specify apart from the root. By that i mean if they go to www.mysite.com they get the unauthorized access page but if i go directly to default.aspx, it works fine.
I'm still learning for please forgive me if it's something blatantly obvious :)
Here's my webconfig code:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
I've set my default doc in IIS to default.aspx but that's not fixed it.
How to i allow all user access to the root of my site?
Thanks all!
Update: I've tried this:
<location path="/">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
but i get a HTTP Error 500.19 :(
Updated: i've answered my own question - even though i cant answer it yet on here!
Well, it looks like i was doing it wrong - i've now changed to allow all pages and block the folder/pages i want like this:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="username"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Well, it looks like i was doing it wrong - i've now changed to allow all pages and block the folder i want like this:
<forms name=".ASPXFORMSDEMO" loginUrl="Logon.aspx" protection="All" path="/" timeout="30" defaultUrl="Default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="username"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
I use authencation in asp.net mvc4
<authentication mode="Forms">
<forms loginUrl="~/Login" timeout="2880" />
</authentication>
when I'm not logged in, can not call functions registered in RegisterController. I try
<location path="~/Register">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
but is not.
How to solve?
<location path="Register">
<system.web>
<authorization>
<allow roles="roles if any" />
<deny users="*" />
</authorization>
</system.web>
</location>
try this this may work .. change the role if u got any that need access!!
<authentication mode="Forms">
<forms name="MyAppCookie" loginUrl="~/Registration.aspx" protection="All" timeout="30" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
I added this code in the configuration file and the master page wont appear whenever i load my pages. Why and how can i fix this?
Another issue that i experience is when i go to Website---> ASP configuration,, no WAT window opens!?!
I had to do this in the web.config for one of my sites:
<location path="Scripts">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="Images">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>