Security :: How To Turn On And Off Access To Aspx Pages During A Session Using Forms Authentication
Apr 9, 2010
Using VS 2010 RC, VB, and Forms authentication to allow access to the site, depending on the login rights of a user, I want to turn on and off access to certain pages. I can turn on and off buttons to access the pages, but a user can type the page into the url, and it will still go to them.
I want to use the login component with forms authentication, but i don't want to use the whole package. I have a database with users in it, and i create the users manually, through another section of my site. I will authenticate them using my own functions, in the Authenticate event.
But, specifying the forms authentication in web.config, i seem to recall having seen somewhere, that i could add pages that were protected, while the rest of the site wasn't.
How do i do this? Currently, i have only 1 page that i want to protect.
I have a website developed in ASP.NET created by someone else, sitting on another server... until now... a simple(ish) setup with login to update content. The site was zipped up and I was told it would be a simple case of uploading all the files onto the new server. I've managed to upload the site and it works fine... but I can't access the editing pages as it will no longer accept the username and password when I go to login. The host server is running ASP.NET v4 and IIS v7. Hosting is with [URL] so I'm also getting used to their way of doing things.
I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
In one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
I have used the Forms Authentication for logging in and in that i have created the Forms Authentication Ticket and in that ticket i have passing the data with comma seperated values.how can i get the data which is in the ticket to access in the Authenticated user pages
I have a few pages that are completely static. They only change at build time. But they are expensive to create. For the ones that are kind of expensive to create, I cache them for very long times using the ASP.NET output caching. But for one page, I really want it cached forever and ever or until the the next build.
What is the most expedient way to make this happen? Is there a build in feature that achieves this or a 3rd party tool?
(yeah, for the moment I plan to do the "view source" and copy paste thing, which isn't a very elegant build step)
I want to create a website that a user can logon and view their data. They should also be able to logout. I'm wondering how to achieve this WITHOUT using the Membership provider api provided by Microsoft. This is what I think should happen.
1. user enters name and password and clicks button.
2.If username and password are correct the user is redirected to a webpage with their details.
I read that with IIS 7, ASP.NET has become an intrinsic part of IIS instead of an external ISAPI DLL. They say that the main reason for this change is that it's now possible to secure files that previously have not been handled by ASP.NET.
I want to check this out, so I have created a Forms authentication web site and added the following files to it:
Default.aspxLogin.aspxHtmlPage.html
Moreover, I have set the web.config to deny anonymous users and I have enabled Forms authentication in IIS.
Here's my problem:
While the ASPX page perfectly requires me to log in, the HTML page does not. It just yields error 401.2.
So my question is:
What did I do wrong? What is necessary to have HTML files (or images) secured using Forms authentication?
This could be very straight forward for some of you, but I got caught up. I am doing very simple test - browsing from IIS Manager to see the default page or "under Construction", however I am being challenged to provide my login credential . When I provide my login credential, I am able to see the default page. I wanted to see the default page without providing my credential since Enable anoymous access + basic authentication I am simply wanted to see the default page asit is working on other servers except this one. I have included screen print to make sure may question is clear.
I have 3 seperate applications (under the same domain) for which I use Forms authentication with single sign-on.
The 3 applications have different session timeout periods. I was on various articles that when we use forms authentication and specify the loginurl in the <Forms> tag in the web.config, it should automatically get redirected to the login page, when the session timesout. But in my case, it doesn't happen, I think because of different timeout values.
I wnat to aacess this path with images in aspx(design-source) side. I successfully tested this with html controls but it contains error with server controls here is the aspx content [Code]....
I need to have a root web site using Windows Authentication and subweb under it as Forms Authentication. But when I access the subweb it still ask me for the Windows Authentication.
I have read the many posts of people trying to use two different login pages: one for users and one for admins. My question is very different. I have a Site.master page with a LoginView and LoginControl. I then have three root level pages Default.aspx, About.aspx, and Contact.aspx that derive from the Site.master. All three pages are set in the web.config to be allowed to all users. I then have a MemberPage in a Member folder which is only accessible to authenticated users. What I want to have happen is to be able to login from either the Default, About, or Contact pages and then be directed to the MemberPage.
how to add pages in the Form Authentication Sample Code. I am required to add a registration form in this Custom Security Solution. It lets me add the .cs files but when I add .aspx file, it gives errors in building. let me know what architecture have they followed? Why they have .resx files?
I have a web app, which contains a folder Uploads, to which users (authenticated) upload their files (for some reason it has to be a folder in the root of the web app).I want to deny access to this folder and files to all non-authenticated users.
In my web.config I have:
[Code]....
and everything seems to work in development, but on a staging server it redirects non-authenticated users to login page ONLY from aspx pages, but not when entering the url to the file in Uploads folder.
I am using the Session ID Manager. Now the session count is 0 between the access to pages, so I cannot access the Session variables. How do I save the value of Session variables.
Is there any way that I can create a session variable AFTER authentication? It needs to be populated from the users record in a sql database. Basically I tried using Application_AuthenticateRequest in global.asax with an application variable but this made it available to all users. Using session_start is not working as when this runs my user is not currently logged in, so the variable is always empty when I try and grab it's value.
I am using IIS7's URLRewrite feature to hide the .aspx extension in my ASP.NET WebForms application's URLs.
I'm using the following configuration:
[code]....
I can now browse to:
[URL]
and this is rewritten to:
[URL]
This preserves the "pretty" url in the browser address bar. I have also updated all my links on the site to use the extensionless URLs.
The problem is that the underlying .aspx pages can still be accessed directly and I'd like to prevent this.
If a user browses to [URL] I'd like it to either redirect/rewrite to [URL], or at the very least just return a "Page not found".
Update:
I managed to get this working by redirecting all .aspx pages to the home directory. This isn't ideal as I'd prefer to send them to the non-.aspx version, but it will do for now.
I developed our feature rich web page which is constantly changing. I'm not much of a programmer but I know HTML and CSS pretty well. I have a need to create a couple of login page for prospects and end users to get to secured content. I put together a page that works perfectly in Microsoft Visual Web developer Express 2010. This includes a login page. Ironically, after learning how to do all this from a book, there is a web page that perfectly chronicles what I am trying to accomplish and the steps to do it. It's here: [URL]
I don't expect you to watch it, but there is a simple aspx page created for login and then users are created and the content is displayed after successful login. It works fine in m development environment, but when I post, nothing. Furthermore, twice in the last two days, after downloading my current site to my hard drive, and then posting back after adding this functionality, my FrontPage forms stopped working. I had to have my website restored from backup. The whole thing makes no sense and I can't find any precedence posted on any user forums. So any testing I do seems to wipe out my navigation structure.
I'm going to establish the site on a different server tonight and see if its configuration. If that works, I'm not sure where to g next. I'd appreciate any thoughts. The worst part is I can't post a test page or my Fropage contact forms stop working.
I have a website statistics program that creates .htm pages for viewing. Im trying to keep them in their own folder on the root - "Statistics"After reading many posts I have tried many iterations of:
[code]...
Problem is, an .aspx pages in there won't get served with login, but all the .htm pages will.