Security :: FormsAuthentication RedirectFromLoginPage Change Default.aspx
Oct 14, 2010
I know this post is the same than other around but I can't get it to work the way I want, the thing is that the Login.aspx page have it in a folder not in the root of the directory, also the page that I want to redirect the user to is in the same folder, so far I got this in my web.config file
[Code]....
All pages contained in the Admin folder want it to be protected, the administrator needs to authenticate first, so my question is what I am doing wrong? need to take the Login.aspx and the admin.aspx out of the admin folder?
View 5 Replies
Similar Messages:
Mar 16, 2010
What is the difference between:
FormsAuthentication.RedirectFromLoginPage
AND
FormsAuthentication.SetAuthCookie(Text_txtUserName.Text, true);
HttpContext.Current.Response.Redirect(RedirectFromLoginAddress);
View 3 Replies
May 24, 2010
i'm using the FormsAuthentication.RedirectFromLoginPage for the user login and for redirect to default.aspx page. I want that if a user called admin do the login is redirected to the page admin.aspx
View 3 Replies
Mar 23, 2010
I have an ASPX web site and I have code in there to redirect from the login page with the call to
"FormsAuthentication.RedirectFromLoginPage(username, false);" This sends the user from the root website folder to 'website/Admin/'. I have a 'default.aspx' page in 'website/Admin/' and the call to redirect works on a previous version of the website we have running currently, but the one that I am updating on a separate test server is not working. It gives me the error "Directory Listing Denied. This Virtual Directory does not allow contents to be listed." I have this in the config file:
<authorization>
<allow users="*" />
</authorization>
under the "authentication" option and...
<location path="Admin">
<system.web>
<authorization>[code]....
for the location of Admin.Also, there is no difference in the code between the web.config, Login.aspx, or the default.aspx files on the current server and the one on the test server, so I am confused as to why the redirect will not work on both. It even works in the Visual Studio server environment, for which the code is also identical.
View 1 Replies
May 5, 2010
I have the following code in my secure/login.aspx page using .NET 3.5 and VB.NET
[Code]....
[Code]....
I read some articles that mentioned specifying the domain attribute within the <forms tag but that did not seem to work either. e.g.
View 4 Replies
Dec 19, 2010
How to set Request.IsAuthenticated to true when not using FormsAuthentication.RedirectFromLoginPage?
View 3 Replies
Jan 5, 2010
I reach my login page with the parameter "returnUrl" set to the URL I was on. Then, I login via OpenID (DotNetOpenAuth), and call FormsAuthentication.RedirectFromLoginPage(). The login is successful, however I am not returned to the original page I was on.
I'm having the same problem on logout - when I log out I don't remain on the same page, even though the logout link contains the correct "returnUrl" parameter.
What am I doing wrong?
Here is the code snippet. I am returning EmptyResult() after the call to RedirectFromLoginPage, because I don't really know what to do (see this related question)
using (var relayingParty = new OpenIdRelyingParty())
{
var response = relayingParty.GetResponse();[code]....
View 1 Replies
Dec 30, 2010
Is it OK to call FormsAuthentication.RedirectFromLoginPage many times?
On login page we test if user is already logged in, and if it is we just redirect him to default page with FormsAuthentication.RedirectFromLoginPage...
Question is if user sets a script that loads login page 10'000 times, would calling the FormsAuthentication.RedirectFromLoginPage that many times make problems?
View 2 Replies
Mar 3, 2010
I have a page, URI looks like this:
http://domain.example.com/Profiles/Profile.aspx?username=blah#blahtab
When that fragment (#blahtab) is present, some jQuery picks up on that and displays a different section of the page initially. However, that page requires a user to authenticate first. Coming back from the authentication step using FormsAuthentication, the fragment is discarded, regardless of the UrlEncode step.
I don't see the fragment actually sent to the server when I use a debugger on my local machine. Is this standard fare and the fragment is only for the client side?How can I keep that tacked on without writing my own redirection code on the login page?
Alternately, should I use another method to preserve the view of the page?
View 1 Replies
Jan 18, 2011
When I navigate to [URL] (the default page for the directory) it displays it without logging in (as I want). But when going to [URL] FormsAuthentication redirects to [URL] to login. There isn't a way to set the path for just "/" in the web.config, I get an error. This only happens on my ISP (hosted Windows 2003), I can't reproduce this issue locally on my test 2003 boxes.
[Code]....
View 4 Replies
Jan 19, 2011
I am trying to secure very mixed content that is located in an ASP.NET directory. For purposes of this question, it can be ~/MyApp/.
I want all of the content in the directory and its subdirectories restricted to authenticated users. The default.aspx page, though, should be accessible to everyone. This is the web.config in that directory:
[Code]....
Now if you are an unauthenticated user, everything works fine if you request [code]....
The problem occurs in that visitors do not always request "Default.aspx". We have a default document configured so that they get Default.aspx even if they just request "/MyApp". An authenticated user works fine, but an unauthenticated user is directed to the login page.
Now I know that essentially this happens because even though the request for "/MyApp/" will actually end up serving up "/MyApp/Default.aspx", the security system is only checking for "/MyApp/" since that is what I requested. That is then getting the default security for the directory.
How can you configure an exception to allow access when no particular file is requested in the directory??
Is there some dependency between DefaultDocumentModule and UrlAuthorizationModule? In this environment, the UrlAuthorizationModule has been removed and re-added in order to make sure it fires for non-managed requests. I would not expect that to change the order of execution, though, since UrlAuthorizationModule usually goes after DefaultDocument.
A workaround could be to set up the opposite security with the directory being open, and then trying to secure individual files. Because of the (changing) number of files, and extensions, etc, and the fact that you cannot use wildcards in a <location>, this is not really a workable solution for me.
View 1 Replies
Nov 28, 2010
First of all, thank you for the attention.
I am having some trouble, I am very new to asp.net, and the last problem I had, I spent about 59 hours trying to solve, Now I have a new one !
:D well, I guess this is part of the learning process...
Well, in Visual Studio 2010, I clicked New Website. @ C# language, ... The template it gives is pretty nice, it creates a database MDF file, and a login/register setup ready to go !...
You guys can see it live AT CLICK HERE ...
Everything is working, well at least here at the local machine...
There are 2 pages in there, Default.aspX, and About.aspx ... I want to allow ONLY logged in users to view those 2 pages... I tryed a few things, added my account to a role called ADMIN,
In the web.cong I changed Allow"*" to allow"ADMIN" ... still didn't work.. Also, I was trying to avoid using roles for now, and I was trying to find a way to do this for individual pages in the same directory as well... If possible with out touching the web.config file...
View 3 Replies
Apr 15, 2010
I need to change this www.mydomain.com/Default.aspx towww.mydomain.com/Home i tryed this:
[Code]....
in web.config but nothig happend
View 1 Replies
Mar 17, 2010
How can I do this?I want to be able to manually specify the location that I want the user to be redirected to using this method....?
FormsAuthentication.RedirectFromLoginPage
View 4 Replies
May 12, 2010
I have created two iis web sites (site1,site2) both have the following configuration
[Code]....
from site1 i do
[Code]....
and in site2 if i checked if the user is authenticated ,i get a true, and i see "user1" as the current user.i know that what i have done above use a cookie,and as i know cookie are visible in the same domain (site) or sub domain,how form authentication make the cookie visible for both sites , this scenario must work for a site with two virtual directory inside it(sub site or application), but what is happening here any explanation.
View 5 Replies
Nov 22, 2010
I have an ASP.NET MVC app and am using Forms auth. When going to a page that requires authentication, meaning there is an [Authorize] attribute on the controller action, it redirects the user to the login page with a return url like http://localhost/Login?ReturnUrl=/MyAuthorizedUrl.
This is how my config is setup:
<authentication mode="Forms">
<forms loginUrl="~/Login" timeout="2880" defaultUrl="~/" />
</authentication>
This is how I'm getting the redirect url:
var url = FormsAuthentication.GetRedirectUrl( model.Email, model.RememberMe );
This always returns the default url.
View 1 Replies
Apr 14, 2010
I've got a masterpage wih a LoginStatus control on my masterpage, when I click this it brings up loginpage.aspx. I log in and then it automatically returns me to default.aspx, how can I chage this to EngineersHome.aspx? I've tried changing the webconfig file so it has
authentication
mode="Forms">
forms
loginUrl="Login.aspx"
defaultUrl="EngineersHome.aspx"
/>
</authentication>
but this hasn't worked. When I logout using the LoginStatus it directs me to Default.aspx which is fine, I want this to stay as it is.
View 2 Replies
Apr 18, 2010
I am using the personal website template. The login button is no longer work (do not thing when push the button) from the default.aspx page after I added following code:
<div>
<!-- Emulated Google CSE Search Box Begins -->
<asp:TextBox ID="q" MaxLength="512" Width="275px" AutoPostBack="false" runat="server" />
<asp:Button ID="_btnSearch" Text="Google Search" OnClick="_btnSearch_Click" runat="server" />
<asp:RequiredFieldValidator ID="_rfvQ" ControlToValidate="q" runat="server" />
<asp:HiddenField ID="cx" Value="partner-pub-xxxxxxxxxxxxxxxxxxxxxx" runat="server" />
<asp:HiddenField ID="cof" Value="FORID:9" runat="server" />
<script type="text/javascript" src="[URL]"></script>
<!--
In order to make the button's click event fire when the text box is highlighted, we have to have a second text box be a part of the form. Make it invisible so that the user never knows it's there. From what research I did, this appears to be an IE-specific problem. Nevertheless, this was the only "solution" I found.
-->
<input name="dummyHidden" value="" style="visibility:hidden;display:none;" />
<!-- Emulated Google CSE Search Box Ends -->
</div>
View 3 Replies
May 28, 2010
I want to redirect my Javascript and CSS URLs to Homepage(Default.aspx) by web.config or via anyother way in ASP.Net. I tried to try it but I can't able to do this thing. I have already checkout ASP.Net professional book but I can't get any reference for it anywhere.
View 2 Replies
May 16, 2010
I'd like change masterpage.aspx "body" element style from default.aspx.cs. how can I do It?
View 15 Replies
Mar 30, 2010
In PDF.aspx, I create a pdf of a webpage. Because a new browser window opens here, the user is lost and the application will return to the login screen --> result: a pdf is created of the login screen.
My question: how can I know exclude the pdf.aspx webform from the FormsAuthentication and still remains safe
View 6 Replies
Oct 7, 2010
what is the use formsAuthentication.user.identity
is it one of the property of page
View 1 Replies
Apr 23, 2010
I have a login page that is set to the loginUrl property in the authentication section of my web.config file. I am trying to reference a CSS stylesheet, but it doesn't seem to be doing anything. Here is my markup:
[Code]....
I am able to do this just fine on my other page. One thing I noticed was when I click on "View Source" and try to click the link to the stylesheet, it doesn't take me there, and instead changes the "action" property of the form element to this:
[Code]....
View 2 Replies
Dec 1, 2010
Just a quick question i've been asked to look at enhancing security but encrypting passwords we store in a db table, essentially the data thats linked to the user account isnt sensitive however its more to stop someone reading passwords out of the table directly etc
I've read multiple ways of implimenting hashing etc i've started using FormsAuthentication.HashPasswordForStoringInConfigFile
//create new salt and update the password
Hashtable newInfo = new Hashtable();
newInfo["salt"] = GenerateFriendlyPassword(5);
string tmppass = FormsAuthentication.HashPasswordForStoringInConfigFile(txtNewPass1.Text.ToString() + newInfo["salt"].ToString(), "SHA1");
newInfo["passwordHash"] = tmppass;
Generate friendly password returns a 5 char string based on a random position in a valid char array containing a - z and 0 - 9At present the functionality is at page level in the code behind, re this is the forms authentication HashPasswordForStoringInConfigFile function thread safe? Or do i need to look at implimenting this in a different wayCheers appreciate your response as im always jubious about multi threading etc,
View 1 Replies
Jan 8, 2010
In my account controller I am calling FormsAuthentication.SetAuthCookie( emailAddress, rememberMe ).
Response.Cookies has my cookie. However, after the redirect the cookie is gone and the request is not authenticated.
View 6 Replies
