use that Web.config file above however set up your first page as another one as eg registered.aspx - how your cookie was not still generated by the authentication and authorization processes, your app will return page defined into loginUrl attribute
<configuration>
<system.web>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="AuthCookie"
path="/"
loginUrl="login.aspx"
protection="Validation"
timeout="30" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</configuration>
thanks for the help but im still confused, i dont really know what you mean by this
"how your cookie was not still generated by the authentication and authorization processes, your app will return page defined into loginUrl attribute "
cheers
Firstly let me know what you exactly want to do - just allowing these two pages you've told, more pages... are you using event FORMS authentication? provide please more information
im using FORMS authentication alright, i want to allow all users to access both login.aspx and register.aspx, but they must be logged in to access all other pages ! let me know if there is any other information you need.
To use Forms authentication to identify and authorize users, follow these steps:
* Create a Web form to collect logon information(LogIn.aspx)
* Create a file or db to store user names and passwords
* Create a Web form to return content only for authorized users(eg AuthorizedUsers.aspx)
If you're using VS.NET do not forget to set AuthorizedUsers.aspx as start page and by keeping Login.aspx as the loginUrl attribute page into Web.config file.
A thing worth noting about that is when users access for the first time your ASP.NET Web application they do not have a ticket authentication provided by a cookie that is installed in the client machine.
So, even the first page you set for your app has been AuthorizedUsers.aspx, loginUrl attribute will redirect your app to Login.aspx for registration - I don't know but I think your doubt resides on that information.
After that you have two basic ways to allow access into Web.config file:
* You can create specific user names directly inside Web.config:
<authentication mode="Forms">
<!-- Set authentication mode -->
<forms loginUrl="LogIn.aspx">
<!-- Specify a log on form -->
<credentials passwordFormat="Clear">
<!-- Create a user list -->
<user name="a" password="a"/>
<user name="b" password="b"/>
<user name="c" password="c"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?"/>
<!-- Authenticate all users -->
</authorization>
then calling into code-behind by using the Authenticate property:
FormsAuthentication.Authenticate(txtUserName.Text, txtPassword.Text);
* Or by generating authentication against the db you've created
I used to apply that procedure below that uses encryption and encapsulates all necessary logic:
CheckPassword(txtUserName.Text, txtPassword.Text)
...
private bool CheckPassword(string UserName, string Password)
{
// Declare variable to track success/failure.
bool bSuccess = false;
// Encrypt the password.
Password = FormsAuthentication.HashPasswordForStoringInConfigFile(Password, "SHA1");
// Create command to get row from users table based on UserName.
OleDbCommand oleCommand = new OleDbCommand("SELECT * FROM Users" +
" WHERE UserName='" + txtUserName.Text + "'", oledbUsers);
// Check for errors using database
try
{
// Open the database connection.
oledbUsers.Open();
// Get the author ID.
OleDbDataReader rdrUsers = oleCommand.ExecuteReader();
while (rdrUsers.Read())
{
if (Password == rdrUsers["Password"].ToString())
bSuccess = true;
}
// Close connection.
oledbUsers.Close();
}
catch
{
// Otherwise set failure.
bSuccess = false;
// Close connection.
oledbUsers.Close();
}
return bSuccess;
}private void chkEnable_CheckedChanged(object sender, System.EventArgs e)
{
butAddUser.Enabled = chkEnable.Checked;
}
And Web.config:
<authorization>
<deny users="?"/>
<!-- Authenticate all users -->
</authorization>
Let me know if you've found any troubles
HTH
Hello Roberot, i was gonna ask the same question when i saw this post ...............you are saying to set AuthorizedUsers.aspx as the start page...
my situation is i have these aspx pages, Home.aspx, Login.aspx, AddQuestion.aspx, EditQuestion.aspx.
Home.aspx, is my start page, and theres is a menu called ...Login....what i want to do is not allow access to AddQuestion and EditQuestion unless a user has logged in...i have done all my DB stuff,
If IsValid = True Then
Dim accountSystem As ExamManager.DataAccessLayer.InstructorDB = New ExamManager.DataAccessLayer.InstructorDB
Dim instructorId As String = accountSystem.Login(txtUserName.Text, txtPassword.Text, x)If instructorId <> "" Then
Dim instructorDetails As ExamManager.BusinessLogicLayer.Instructor = accountSystem.GetInstructorDetails(instructorId,x)Server.Transfer("NewExam.aspx")
Else
lblMessage.Text = "Login Failed"
End If
End If
So what are u saying, that Home.aspx should be AuthorizedUsers.aspx or Login.aspx should be AuthorizedUsers.aspx
Here is what you need to setup:
Put login.aspx in the Authentication tag, this makes login.aspx available to all.
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="login.aspx" path="/"></forms>
</authentication>
Then use the location tag to allow anonymous access to register.aspx.
<location path="register.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
Please note that <location> tag's parent tag is <configuration>.
Hope this help.
Just realize that you have
<allow users="*" />in your authorization tag. You may want to remove it. Just leave
<deny users="?" />This will force all the users to login when they try to access any page but register.aspx (sure login.aspx as well). The special treatment for register.aspx is granted in the location tag (please see the previous post).
Please let me know if it still does not work for you.
cheers for the help but its still not working, now it wont let me access any pages !!
this is what my web.config file looks like ! let me know where im going wrong if ya can please
<configuration>
<system.web>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="AuthCookie"
path="/"
loginUrl="login.aspx"
protection="Validation"
timeout="30" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="register.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location
</configuration
anyone out there able to help me with this? its been bothering me for weeks !
sorry for delay, try:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="register.aspx">
</forms>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
Thanks again for the help, do i insert this code into my web.config file above or is this a complete one itself?
I tried using just the code you gave me above but again it wont allow me to access any pages at all !
replace your Web.config with code above
0 comments:
Post a Comment