Saturday, March 31, 2012

Web.Config File

Is it possible to allow users to enter 2 pages, without pages authorized ! i have a login page setup and the web.config file only allows users to enter the website using this page first but how do i allow a second page, e.g. a registration page ! while still blocking users from entering all other pages until they have logged inThe way I do it is to have my index page, login page, registration page, general public viewable info pages inside the root folder.

All pages that are private for members go inside a "UserAdmin" folder - a subfolder of root. In this folder I put a web.config with...


<?xml version="1.0" encoding="utf-8" ?>
<configuration>
 <system.web>
<authorization>
<deny users="?" />
</authorization>
 </system.web>
</configuration>

This will deny anyone who hasn't logged in.

In login.aspx use


 System.Web.Security.FormsAuthentication.SetAuthCookie(strTextUsername, False)
 strReturnPath = Request.QueryString("ReturnUrl")
 If strReturnPath <> "" Then
 Response.Redirect(FormsAuthentication.GetRedirectUrl(strTextUsername, False))
 Else
 Response.Redirect("UserAdmin/index.aspx")
 End If

after you've checked the db to see if they entered valid information. If they tried to access a specific page such as /UserAdmin/uploadPics.aspx it will redirect them to that page after they authenticate(log in) which is nice for when people bookmark pages inside that folder.

Plenty of other ways to do this but so far I've found this to be the easiest for me.

Posted by establishertg at 11:46 AM
Labels: , , , , , , , , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)