In my application there are two sub folders which needs to be authenticated. In my application web.config, i have given like this
<authentication mode="Forms">
<forms loginUrl="Customer/My Accounts/Default.aspx" name="formsauth1"
/>
</authentication>
This will work for only one sub folder having the path Customer/My Accounts/Default.aspx but I need to authenticate another sub folder having path Arab/Customer/My Accounts/Default.aspx. I want to know how to identify both the folders and how to authenticate them by modifying the above said code
You want to set the loginUrl equal to your login page, not the restricted page.
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="formsauth1" />
</authentication>
Then in the sub folders you want to create a web.config in each with the following:
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
So what will happen is that when an unauthenticated user tries to access those sub folders, the <authorization> element will deny them and redirect them to the loginUrl. After they log in, they'll be returned to the original page they were trying to access.
Related
I'm using Membership Provider for create and manage users and roles in my site. I'm trying to restric access to a specific roles to the Account folder using web.config into this folder with this rule:
<system.web>
<authorization>
<allow roles="Administrator"/>
<deny users="*" />
</authorization>
</system.web>
I'm using Web Forms and forms authentication like show below:
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" timeout="2880" defaultUrl="~/" />
</authentication>
But when I try to access to page located into Account folder I'm getting:
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable. Below a picture with the error:
How can I do for redirect to Login when the user try to access to unauthorized folder or url?
You are accessing the Login.aspx like /Account/Login/Default.aspx which doesn't exist.
Shouldn't that be ~/Account/Login.aspx?
<authentication mode="Forms">
<forms loginUrl="~/Account/Login.aspx" timeout="2880" />
</authentication>
How to debug?
Make sure you can access Login.aspx properly.
Then paste that URL inside form tag in web.config like above.
I have a webforms application configured to use forms authentication. It works on my development machine but since I configured it on IIS, I get a ReturnUrl on my login page with the application name, Upon logging in I get back to the same login page logged in but without the returnUrl. Logging in again redirects me to the correct page finally
How can I stop this ReturnUrl appearing on my login page?
http://localhost/myApp/login.aspx?ReturnUrl=%2MyApp%2f
I have checked directory permissions & allowed all users on login page with authorization tag in my web.config but it does not work. Some of my web.config
<authentication mode="Forms">
<forms name="MyAuthCookie" timeout="30" loginUrl="login.aspx"></forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
.
.
.
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
Add defaultUrl tag and give the name of page where you want to redirect after login.
Suppose you want login and redirect to "xyz.aspx" page then you have to add below code in web.config file
Note: don't give loginUrl tag.
<authentication mode="Forms">
<forms name="MyAuthCookie" timeout="30" defaultUrl="xyz.aspx"></forms>
</authentication>
<authorization>
ASP.Net 4.0 application, using Forms Authentication, timeout="1". The redirect page is Login.aspx.
As soon as I log into the application, I am taken into a default page (Page A), and if I wait idle for 1 minute and then try to access another page (Page B), I am re-directed to the login page (correctly).
If however, as soon as I log in, I access Page B and wait idle for 1 minute and then try to perform some other postback action, I am allowed to do so (where as I should be thrown back to the Login.aspx)
Am I missing something here?
Make sure the all the required folders are managed by FA...
<system.web>
<authentication mode="Forms">
<forms name=".AUTH_COOKIE" loginUrl="~/login.aspx" protection="All" timeout="2880" requireSSL="false"/>
</authentication>
</system.web>
Then, just after the system.web element of the web.config, add as many of these entries as are required to secure folders (remember, leave out the initial forward slash - all paths are absolute by default)...
<location path="securefolder">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>
EDIT:
Keep in mind that sub folders of secured folders are secured by default - the allows the specification of multiple folders that are not nested.
Error i got is
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. C:\Users\Jangid\Downloads\TestWebSite1\TestWebSite1\Backup\TestWebSite1\Web.config 26
I have hosted a website in a server using ASP.Net 2.0, i have a web.config in the root folder and also one in the Admin folder, but the admin folder is not a virtual directory and i dont want to create.
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx" name=".ASPXFORMSAUTH"/>
</authentication>
<authorization>
<allow roles="Admins"/>
<deny users="*"/>
<deny users="?"/>
</authorization>
But for authentication and login work for Admin folder, i have used ASP.Net Login Control, but this error preventing me to move formward.
And also please can any one give me a link for learning ASP.Net Login Control, Like user who visit Admin folder should be authenticated with a Role as admin,
How can i create a Role and assign to user on a server
<system.web>
<authentication mode="Forms">
<forms name="cokiename"
loginUrl="./protectedFolder/login.aspx"
protection="All"
timeout="60"
defaultUrl="./protectedFolder/protectedPafe.aspx"/>
</authentication>
</system.web>
This should be in your main web.config file
Following goes into your sub directory config
<configuration>
<system.web>
<customErrors mode="Off"/>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
protected folder contains the login page, protected pages and the web.config
You need to have the authentication tag in your main web.config.
Separate Login page for admins is not required.
You need to create admin role in your membership database.(can do using asp.net website administrator)
This is how you work with membership database
http://revenmerchantservices.com/page/ASpnet-20-step-by-step-Membership-Provider-.aspx
http://msdn.microsoft.com/en-us/library/ms178329.aspx
This is for role based security using which you can secure your directories(virtual)
http://www.codeproject.com/KB/web-security/formsroleauth.aspx
I was wondering if it is possible to use two different formsauthentification logins with the following directory structure:
/default.aspx
/login.aspx
/web.config
/subdirectory/sublogin.aspx
/subdirectory/subdefault.aspx
/subdirectory/web.config
The web.config in the root contains the following settings:
<authentication mode="Forms">
<forms protection="All" slidingExpiration="true" loginUrl="~/login.aspx" path="/"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
What I want to achieve is, that all directories except 'subdirectory' are protected by the login.aspx in the root. 'subdirectory' has its own login.aspx (sublogin.aspx)
How would the correct content of the web.config in subdirectory look like?
The <authentication> web.config section can only be defined in machine.config or in the application's root web.config. It cannot be specified in sub-folders of your application.
What you can do, however, is create another ASP.NET application that happens to exist within the other application. Then each one can have its own authentication settings. In this case they will be separate applications, though, which might cause other problems.