I'm building a test web application ASP.NET VB from a tutorial see it at http://www.latinosnetwork.net/aspnetsystem/Login.aspx after successful log-in using user name jose and password abad the formsauthentication.redirectfromloginpage method redirect the application to a default.aspx at the root directory where it do not exist also the application is not at the root directory.
Any help on that.
Edit
still not work here is the configuration:
<location path="wwwroot/aspnetsystem">
<system.web>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms defaultUrl="wwwroot/aspnetsystem/Default.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Set the default page you want redirected to in web.config
<authentication mode="Forms">
<forms defaultUrl="index.aspx" />
</authentication>
Related
Problem: Forms authentication appears setup correctly. When running the following lines, the application is redirected back to the the login page. No calls to other pages are made.
e.Authenticated = true;
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, true);
Web.config
<system.web>
<authentication mode="Forms">
<forms name=".ASPXFORMSDEMO" loginUrl="login.aspx" protection="All" path="/" timeout="180" enableCrossAppRedirects="true" domain="xyz.com"/>
</authentication>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
The problem was with the web.config. The test workstation where this was setup did not like the part...
domain="xyz.com"
Removing that made the entire thing work.
I have created default master page site with login and register option.
When you create default page you get three menu option i.e HOME ABOUTUS CONTACTUS.
I have added one more menu option i.e ADMIN.
whenever someone clicks ADMIN they are suppose to login mandatory.
How can I do it?
currently anyone can surf all menu pages without login.
I want to make it compulsory.
please help, basically I need member only page
You can use the location config to specify the path of either a folder or page, see below for example and link to Microsoft details.
http://msdn.microsoft.com/en-us/library/ff648345.aspx
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="https://myserver/mywebapp/secure/Login.aspx"
protection="All"
timeout="30"
name="AppNameCookie"
path="/FormsAuth"
requireSSL="true"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseCookies"
enableCrossAppRedirects="false"/>
</authentication>
<!-- Deny access to unauthenticated users -->
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</configuration>
<!-- Allow unrestricted access to the folder with the login page -->
<location path="secure">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Add this section in your application web.config file, to deny access to all unauthenticated users to the location admin_page.aspx
<configuration>
<location path="admin_page.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
Read this for more information about Control Authorization Permissions in an ASP.NET Application
So I have set up my web.config to authenticate forms. I have the two pieces of code in my web.config but it is acting strange. When you go to www.mysite.com it redirects to the login.aspx page but when you go to www.mysite.com/default.aspx it does not redirect. why is it doing this? I also have the default doc set as default.aspx
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" timeout="2880" defaultUrl="account/default.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
<location path="default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
As clearly shown in the config file, you have allowed unauthenticated users to access "default.aspx" URL explicitly. There is no such thing for "/" URL. Note that it does not matter that they (might) end up pointing to the same physical file on disk eventually. Only the URL matters for authorization purposes. You can clone your <location> tag and simply have another one for path="/" that allows access to all users, regardless of their authentication status.
I have a log in page which is the home page so is located at www.domainname.com
when someone goes to this page it adds a returnurl to the string so they are at:
www.domainname.com/default.aspx?ReturnUrl=%2f so when they log in they get returned to http://www.domainname.com/, which is the login page again, so to access the site they have to login twice.
Does anyone know how to fix this? I think a fix to this would be to allow everyone access to the home page - http://www.domainname.com/ as well as http://www.domainname.com/default.aspx but i'm not sure how to acheive this.
I want all user roles to be denied access to every page apart from the home page before they login, i also have an admin/cms section that only Admin roles can access but everyone can access the cms login page.
I currently have this in my web.config
<authentication mode="Forms">
<forms protection="All" loginUrl="default.aspx" defaultUrl="~/home/" />
</authentication>
<authorization>
<allow roles="Admin, User"/>
<deny users="?" />
</authorization>
<location path="default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="cms/default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="cms">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
Well i seemed to have done it a bit by luck.
I just changed
<authentication mode="Forms">
<forms protection="All" loginUrl="default.aspx" defaultUrl="~/home/" />
</authentication>
To
<authentication mode="Forms">
<forms protection="All" loginUrl="/" defaultUrl="~/home/" />
</authentication>
You should send them to the page you want them to default to. What you should do is create the login page on a seperate page (login.aspx) for instance and then make the default.aspx page the home page. Then when they go to default.aspx they will be redirected to login.aspx?ReturnURL=%2f .
Yes, we can use the above solution. One problem here is when we are using SEO implementation. To achieve your requirement, you can use URLRewrite.
http://weblogs.asp.net/scottgu/archive/2010/04/20/tip-trick-fix-common-seo-problems-using-the-url-rewrite-extension.aspx
I was searching for some solution but can't find one. There is this and this ones but can't found and answer there. Im developing an asp.net application on ASP.NET development server. I have the following web.config in my root asp.net folder:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms name="4df5d465h"
loginUrl="~/login.aspx"
protection="All"
timeout="30" path="/" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
My image folder is together my main web.config at root asp.net application folder.
Inside the image folder I put the following web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<authorization>
<allow roles="*"/>
<allow users="*"/>
</authorization>
</system.web>
</configuration>
I put role attribute after to see if its work.
I wrote the main web.config in this way too:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Forms">
<forms name="3D45C7D8B0B0C"
loginUrl="~/login.aspx"
protection="All"
timeout="30" path="/" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="~/image">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
But the login page never can load the images
In design mode, inside visual studio editor, the image load in login.aspx page then image tag must be ok.
What I'm doing wrong?? Thanks a lot.
#nico, thanks a lot for format my question. No im not rewriting nothing. Its most simple and default asp.net application possible. Its default template asp.net application with an link on Default.aspx and a simple login.aspx page, its a test project, the login form works but the image doesn't load.
#Chris_Lively, yes there is a web.config in image folder, its web.config with <'allow roles='*'>, i checked, the folder is named image\ , the src of image tag point to image\ its getting me crazy
Your config file contains error - 'roles'-tag cannot use asterisk, you should define specific role name (allow element) or dont use it at all.
You'll see error message 'Parser Error Message: Authorization rule names cannot contain the '*' character' in fiddler.
I think it was reason of your problem.