Web Forms :: Set Authentication Level's In Web Config?
Jan 11, 2010how to set authentication level's in web config.
View 3 Replieshow to set authentication level's in web config.
View 3 RepliesI am trying to implement forms authentication in my application. It has a folder named
User and an .aspx Page named Welcome.aspx. I am trying to restrict Access to this page by directly typing address in the browser. For this I have done following setting in web.config:
<location path="User">
<system.web>
<authentication
mode="Forms">
<forms
loginUrl="Login.aspx"
name=".ASPXFORMSAUTH"></forms>
</authentication>
<authorization>
<deny
users="?"/>
</authorization>
</system.web>
</location>
It works fine for the first time and redirects to Login page when I type the URL directly in browser. But when I press back button in browser and again try to redirect, this time it redirects to Welcome.aspx. How can I avoid such a situation (Don;t want to disable back button). Also If i try to Set Location Path="User", it gices error i.e. I am not able to set folder level security
When I submit a form to other page in my ASP.NET site, it asks for windows authentication. How do I remove this?
View 1 RepliesI am having an issue with caching of a web application while deployment to a webserver. the application require full trust level to be assigned but i am having partial trust level. How can i handle it. I am using Microsoft enterprise lib caching. site is displaying an error if FullTrust used nad for medium code doesn't work.
this is the error message on my website
"The current build operation (build key Build Key[Microsoft.Practices.EnterpriseLibrary.Logging.LogWriter, null]) failed:
Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. (Strategy type Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.ConfiguredObjectStrategy, index 2)"
My ISP recently has migrated my app to a new platform. The app has now to be parked in a root subfolder, say site1, rather than at the root.
The main page can still be accessed via [URL] is now located at /site1/default.aspx. Subfolder pages however cannot be accessed correctly anymore since the url includes now subfolder name "site1" ie
[URL]
instead of
[URL]
This of course breaks page referencing.
Despite multiple requests, I have not yet obtained an answer so far. Question: Is there a simple way to strip away string "site1" from the url, preferably at the web.config level? I know this can be done programmatically at the page level, to clean up page references (>30 pages). In addition, this could entail further compatibilty problems between the deployment version and the local development site.
Following is my directory structure of my web application which is also configured in IIS as virtual directory
Web Site Root
|MasterPage (file)
|Web Config (file)
|Public Contents (directory)
|ShowNewWallpapers.aspx
|Admin (directory)
| Login.aspx
|WebSiteStat.aspx
|WebConfig file (need form security here)
How is configure my both web configs to solve my issue. currently i am getting following error
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
my root web config has default settings and my Admin directory has following settings
<system.web>
My hosting provider just changed the trust level to medium but I cant figureout where to place the configuration on the web.config file! I have spent hours trying to figureout with no luck. here my web.config file
[Code]....
This is a general question and is not about any particular issue that I am facing right now.As configuration settings in the child level can override the ones in parent level,errors can occur when you have 2 web.config files one redefining configuration settings that you cannot override such as authentication or session state.Issue happens when you have authentication / session state set on the lower level web.config and also in higher level web.config. Is there any other configuration settings like these ?
View 1 RepliesWhen i disable cookie at browser level will 'Form authentication' still work ?.If not,What is the alternative that enables the 'From Authentication' ?
View 2 RepliesWe had a UAT and Production version of a .NET web application. UAT was taking around 5 seconds to run a particular operation while Prod was taking 35+ seconds.
This even happened when pointing both web applications at the same database and putting them both on the same machine.
The culprit was finally found to be the following entry, which was in the Prod but not UAT web.config
<trust level="High" originUrl="" />
why this would cause such a significant performance degradation??
I am required to control access to a specific file on our server. I suggested, for the time being (rather than affording time for other routes until we can), that we simply use the web.config to lock this file down to everyone by means of a location/system.web/authorization setting.
This soon failed to protect the resource and I quickly became aware why (I think). It is a public site and is not using Forms authentication (currently just defaulting to Windows).
So, for clarity, here are the relevant parts the config file...
<?xml version="1.0"?>
<configuration>
<system.web>
<authentication mode="Windows"/>
</system.web>
<location path="thefile.extension">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
Can I secure this resource without turning on Forms authentication? Or can I turn authentication on but never actually require authentication to occur, by allowing all resources but the ones explicitly stated, or by explicitly stating all allowed and denied resources?
I have to handle error related to web application. I am not sure how its works. I am thinking that I will add an error page (error.aspx) and in global.asax ,application_onError, I will redirecting the user to error page and that should be enough ! i mean it will handle error automatically.
View 4 Replieswhen i set forms authentication to my website to web.config file as
<authentication mode ="Forms">
<forms
loginUrl="login.aspx"></forms><authentication><authorization><deny
users="?"/></authorization>
and login button ,i write the following code
FormsAuthentication.RedirectFromLoginPage("login",
false);
and logout button ,i write the following code
FormsAuthentication.SignOut();
FormsAuthentication.RedirectToLoginPage();
it works but when i press browser back button after logout button click
it maintains the page history and the page will redirect to last requested page
I am using forms authentication to authenticate users. Application has multiple folders and one of the folders has its own web.config
[Code]....
I want to redirect the user to "info.aspx" instead of "login.aspx"Root has the following web config
[Code]....
im using visual studio 2008. in my project im using forms authentication,my project structure is as follows
root
|
login.aspx
home.aspx
web.config
admin (folder)
|
admin.aspx
web.config
root web.config is as follows
[Code]....
and inner web.config is
[Code]....
and my users are
Username Role
admin1 Admin
admin2 Admin
user1 User
user2 User
as you can see that in second web.config, i gave access to users with "Admin" role and "user1" user.
for giving access to "admin" folder, i wrote the following:
[Code]....
and saved the web.config as
[Code]....
this is working fine when i run it from visual studio development server, when i host it in IIS, im getting the following error
[Code]....
here the problem is, it is not able to save the web.config i got one solution, that is, i added
[Code]....
I have a few pages that need to use SSL and I am confused bc I read you should set the forms authentication section in the web.config to use SSL. so if this is the case, the user logs in (login page is using ssl) the forms auth cookie is created and now if i redirect to the non ssl enable home page, does this mean the auth cookie will not be transmitted, so i can't display like a welcome module or know the username of the user who logged in?
View 6 Repliesi have a problem with forms authentication. i have a website and want to restrict access to an especific folder. i want the access to this folder be made via the login form this is what i have in the web.config
<authentication mode="Forms">
<forms name="Compra" loginUrl="wfLogin.aspx" path="/" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*"/>
</authorization>
Then this to restrict folder
<location path="Admin">
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</location>
the problem is that when the user login with valid information the website return to the login form.
Im uysing my custom login for user,and suppose im having a group of user who can login in.and rest of other should be deniedso how i can maintain that in web.config,
View 2 RepliesI want to be able specify to do the following: Specify configuration settings such as appSettings and connectionStrings for multiple web apps in IIS7 No editing Machine.config or the machine-level web.config Web apps are distinct web sites in IIS (not subfolder apps) Is this possible without just duplicating the configs for each app?
View 1 RepliesI have a basic intranet website for my company but there is one page that cannot allow anonymous as I need to grab the user's login. I created the site and everything works perfectly on my development machine. once moved to the production server it no longer works.
Here is the problem: I can get the login prompt when going to the secure page, but when trying to login I get a "401.1 - Unauthorized", even when trying to login as a server administrator. Here is the authentication portion in my web.config:
[Code]....
I have done this before and always gotten it to work. I hope I am just missing something very simple...
I need to put windows authentication on a site (so when a user access the site they are prompted with a username/password box) but I need certain IP addresses to bypass this authentication.
View 2 RepliesI have logout handler which used to work fine:
public void ProcessRequest(HttpContext context)
//// Sign out
System.Web.Security.FormsAuthentication.SignOut();
//// Clear Session
if (context.Session != null)
[code]...
how can i specify two different login pages in root web.config file since i need to have authentication for two folders.for securing My Account module i did like this in the root folder i need to have it for another folder called EBox also.
View 1 RepliesI have Asp.net web application with two web.config files and one will be Forms Authentication mode and other will be Windows authentication mode.When i provide username and password in my login page (for both authentications login page will be same)based on the username(from database or local domain ).. switching has to happen between these two web.config files User Aurthentication is done using WebService.
View 4 Repliesi want a simpe login systemm using webconfig file and one login.aspx page.
View 3 Replies