ASP.NET Roles and Permissions - asp.net

I'm using the ASP.NET/C# Login control and that entire authentication and authorization system.
I set up the roles and have users go to certain pages when they log into the system dependent on their role. Right now I'm trying to restrict access to certain pages, which is working correctly. However, when it restricts the access to a user who shouldn't be allowed in that web page it redirects to login.aspx. I don't have a login page, I just have a login user control that sits on a master page.
How can I get it to redirect to a different page on permission failure rather than go to login.aspx

<authentication mode="Forms">
<forms loginUrl="login.aspx"name=".ASPXFORMSAUTH" />
</authentication>
set the login page in web.config

Related

MVC Authentication default page for a specific folder

Is it possible to have two default landing page for authentication in ASP.Net MVC? One for a specific folder i.e. Pages for Admin and the other is for everything else?
This is the scenario. I have an application with an Admin portal where only administrators can access and the Main portal for any active users. I am using the default forms authentication for MVC with the root web.config configured as below:
<authentication mode="Forms">
<forms loginUrl="~/Account/Login" timeout="240" defaultUrl="~/" slidingExpiration="true"/>
</authentication>
So every user will be redirected to Account/Login when not they are not authenticated. Now, I want to have a separate landing page (Admin/Login) for admin pages when admin user is not yet authenticated. All Admin pages are in a folder named Admin. So is there a way for me to configure the authentication in the web.config of that folder to default to Admin/Login instead of Account/Login?
Edit:
The rules are simple. When a user tries to access any admin page i.e. Directly changing the URL, and they are not logged in, then I was hoping they would be redirected to Admin/Login, instead of Account/Login. We don't need to check for role since we are already restricting the controller to Admin Roles only.
Is it better to do this in an actionfilter instead?
Unless there is a way for you to differentiate admin from regular user on page loading then no.. If it is the same IP address being logged from you could do it like that ... or if its linked over from another account such as google login ... where you could check the user name and redirect based on if its saved as an admin... You would have to have a way to distinguish before you re-routed

problem with asp.net redirection after login to admin page

I built a simple site which has an open section and admin page, which you can get to, only after loging in.
I implemented the default asp .net login control.
The problem is, after successful login (the login page is called admin.aspx) I want to redirect to another page called groups.aspx (redirecting it by code - Response.Redirect("AdminTools\\Groups.aspx") ), but instead I get an error "The resource cannot be found.", which says that cannot find "login.aspx". The problem is I don't have a page called login.aspx in my site, and I can't manage to find the place where I can configure it.
Always use ~ root operator.
Response.Redirect("~/AdminTools/Groups.aspx")
You can configure your own login url by setting the LoginUrl in web.config.
<authentication mode="Forms">
<forms loginUrl="~/mylogin.aspx">
</forms>
</authentication>

Form Authentication w/ multiple login pages

I have read the many posts of people trying to use two different login pages: one for users and one for admins. My question is very different. I have a Site.master page with a LoginView and LoginControl. I then have three root level pages Default.aspx, About.aspx, and Contact.aspx that derive from the Site.master. All three pages are set in the web.config to be allowed to all users. I then have a MemberPage in a Member folder which is only accessible to authenticated users. What I want to have happen is to be able to login from either the Default, About, or Contact pages and then be directed to the MemberPage.
The way Form Authentication is set now, I can only have one loginUrl and one defaultUrl. Which means if I have this settings in my web.config:
<authentication mode="Forms">
<forms name="ishAuth" loginUrl="Default.aspx" timeout="50" defaultUrl="~/Member/MemberPage.aspx"></forms>
</authentication>
the only page that redirects to the /Member/MemberPage.aspx is the Default.aspx. I want my users to be able to browse through the anonymous section of the site and login from any page and then be redirected to the MemberPage. Right now if I am on the About.aspx page and log in I am authenticated but remain on the About page.
Is there a way around the properties of the element? Can I turn off the default actions of the element and do the redirect using my own custom code?
I don't have access to Visual studio right now, but you should be able to use the "OnLoggedIn" event of the login control to do what you want. Create the even handler for that event, and simply just put Response.Redirect("~/Member/MemberPage.aspx") and your users should get redirected to the right page.
You can have a look at this page on the MSDN for more information.

Redirecting to another page automatically?

In my web application i want to redirect to login page, which is in the same folder[admin folder], when i type like
"xxx.com/admin" it is redirect to login.aspx page which is in admin folder.
for this i place one index.html page and write meta tag code, even though it is not redirect to loginpage. it is going to index.aspx page. shall i have to remove this index.aspx page, i have default page also there in admin folder. can u help me.
If you are using IIS 7.5 take a look at the UrlRewrite 2 Module http://www.iis.net/download/urlrewrite
If you are using IIS 6 you can use the asp.net 2 url rewriting technique, but the xxx.com/admin/default.aspx needs to be physically existing to allow redirects to happen
Add this to your Web.config:
<authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".ASPXFORMSAUTH" />
</authentication>
This will redirect users to your loginUrl if they try to access a protected page when they are not authenticated.
You should probably read up on Forms Authentication in asp.net to get all of the dirty details.
Here is an explanation of how you can add additional default documents to IIS. Default documents are used to try and determine which page a user should be directed to when they don't specify a specific page (your xxx.com/admin example)

single sign on in asp.net

We have developed implemented single sign on methodology to authenticate user.
When a page is requested, if it is not authenticated then a login page will be redirected. Once they logged in the requested page will be shown.
this is working when we don't assign a domain to the virtual directory. But when we assign the domain to virtual directory after the authentication the application is not redirecting to the requested page.
We are using FormsAuthentication.GetRedirectUrl method to redirect the requested page.
Why this is happening? How can we resolve this issue?
You might want to check Windows Identity Framework too.
Good article here : Windows Identity Foundation features for passive single sign-on and single sign-out
First add defaulturl to your web.config and see if page can redirect to defaulturl after authentication
<authentication mode="Forms">
<forms loginUrl = "login.aspx" defaultUrl="default.aspx" />
</authentication>
If defaulturl works then you have to check ReturnUrl parameter in your login page address

Resources