i am in a very tricky situation..
I have a page that is a part of my project and i want to access it without logging in or doing anything..
Explanation:
I have a test project which has a login page, default page, Admin folder, Guest folder, and a showmessage page.
the Admin folder has pages that are accessible to only admins
the Guest folder has pages that are accessible to all users.
now when ever i type in http://localhost/Default.aspx or any other page it first takes me to the login page and only after i enter the login credentials i go to the default page and from there to the other pages.
this system works fine for me and i dont wish to change it,
but there is this page similar to default called showmessage.aspx page.
what i want is when i type http://localhost/showmessage.aspx it should ignore all the login pages and take me directly to this page.. is there a way to do that.
i have this in my webconfig:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" defaultUrl="~/Default.aspx" name="GUI" slidingExpiration="true" timeout="30" path="/">
</forms>
</authentication>
<location path="Admin" allowOverride="true">
<system.web>
<authorization>
<allow roles="Administrators" />
<deny users="*" />
</authorization>
</system.web>
</location>
Please can some1 help me.
appreciate all the help i can get. thanks
You should be able to specify the path directly to the page and allow everyone.
<location path="ShowMessage.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Related
I restrict my users for accessing some pages
Web.config code
<location path="Pages/Management.aspx">
<system.web>
<authorization>
<allow users="admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Pages/ShoppingCart.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
but when I tried to access that page in place of redirecting me to login page it redirects me to this page
Server Error in '/' Application.
The resource cannot be found.
My Question Is
how to redirect users towards login page?
thank you
see the link that Enkode put above for some good info. you could also do something like:
if(!User.IsInRole("str"))
Response.Redirect("str");
I started with a default WebForms project with Individual Accounts. I have a bunch of content that I've built with database connections. I want to restrict all content to authenticated users with the exception of the default.aspx
I have successfully established the Identity table structures in my SQL database and can "register" new users. This all works fine. However, when I add the authentication setup to the web.config see below, it all breaks.
<system.web>
<authentication mode="Forms">
<forms name=".FormsAuth" loginUrl="Login.aspx" protection="All" slidingExpiration="false" requireSSL="false" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
I would expect this to allow me to view my Default.aspx page and redirect if I moved off of it. Instead I attempts to redirect to \account\login and fails with this message.
HTTP Error 404.15 - Not Found The request filtering module is
configured to deny a request where the query string is too long.
The ReturnURL is huge and seems to repeat itself. I've tried looking around for a start from scratch example but have not found one that works. This should be simple.
http://localhost:58573/Account/Login?ReturnUrl=%2FAccount%2FLogin%3FReturnUrl%3D%252FAccount%252FLogin%253FReturnUrl%253D%25252FAccount%25252FLogin%25253FReturnUrl%25253D%2525252FAccount%2525252FLogin%2525253FReturnUrl%2525253D%252525252FAccount%252525252FLogin%252525253FReturnUrl%252525253D%25252525252FAccount%25252525252FLogin%25252525253FReturnUrl%25252525253D%2525252525252FAccount%2525252525252FLogin%2525252525253FReturnUrl%2525252525253D%252525252525252FAccount%252525252525252FLogin%252525252525253FReturnUrl%252525252525253D%25252525252525252FAccount%25252525252525252FLogin%25252525252525253FReturnUrl%25252525252525253D%2525252525252525252FAccount%2525252525252525252FLogin%2525252525252525253FReturnUrl%2525252525252525253D%252525252525252525252FAccount%252525252525252525252FLogin%252525252525252525253FReturnUrl%252525252525252525253D%25252525252525252525252FAccount%25252525252525252525252FLogin%25252525252525252525253FReturnUrl%25252525252525252525253D%2525252525252525252525252FAccount%2525252525252525252525252FLogin%2525252525252525252525253FReturnUrl%2525252525252525252525253D%252525252525252525252525252FAccount%252525252525252525252525252FLogin%252525252525252525252525253FReturnUrl%252525252525252525252525253D%25252525252525252525252525252FAccount%25252525252525252525252525252FLogin%25252525252525252525252525253FReturnUrl%25252525252525252525252525253D%2525252525252525252525252525252FAccount%2525252525252525252525252525252FLogin%2525252525252525252525252525253FReturnUrl%2525252525252525252525252525253D%252525252525252525252525252525252FAccount%252525252525252525252525252525252FLogin%252525252525252525252525252525253FReturnUrl%252525252525252525252525252525253D%25252525252525252525252525252525252FAccount%25252525252525252525252525252525252FLogin%25252525252525252525252525252525253FReturnUrl%25252525252525252525252525252525253D%2525252525252525252525252525252525252FAccount%2525252525252525252525252525252525252FLogin%2525252525252525252525252525252525253FReturnUrl%2525252525252525252525252525252525253D%252525252525252525252525252525252525252FDefault
I figured this out. I had to remove the general "deny all anonymous" statement from web.config:
<!--<authorization>
<deny users="?"/>
</authorization>-->
...which I was trying to use to restrict ALL but the login page.
I moved all of my content into a few subfolders then called them out with the location tags and the same deny users statement.
<location path="System">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
<location path="Reports">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
At this point it seems to be working "properly" and now redirects users to login.aspx if not authenticated.
The \account\login.aspx was denyed because of the web.config.
...
<authorization>
<deny users="?"/>
</authorization>
When you redirect to the login page, because anonymous access is forbidden, you are redirected to the login page again, resulting in recursion.
You can create web.config in the account folder.The content is like this:
<system.web>
<authorization>
<allow users="*"/>
</authorization>
I am using ASP.net and having problems redirecting the the original requested URL after login. The URL is showing clearly in the address bar but when signing it it takes me to Default.aspx every time:
http://development-4/login.aspx?ReturnUrl=%2fControls%2fFinancial%2fAddressBook.aspx
The .NET framework already handles automatically redirecting using the 'ReturnUrl' value. Unless you're taking the user somewhere other than they attempted to go, use the following to redirect them to their requested page.
Replace 'userName' with the username they provided while logging in. 'isPersistant' refers to whether the cookie should persist browser sessions or be deleted when their window is closed.
FormsAuthentication.RedirectFromLoginPage("userName", isPersistant);
If you have chosen to take the user somewhere else, your code should look similar to this.
FormsAuthentication.SetAuthCookie("userName", isPersistant);
Response.Redirect("~/SomePage.aspx");
Because you didn't provide very much background information, I'll add the following config. you should have something similar.
<system.web>
<authentication mode="Forms">
<forms name="loginCookieName" loginUrl="~/login.aspx" protection="All" timeout="60" path="/" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="login.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
I have the following code:
My goal is that only when the user tries to go to the Register.aspx page they need to be authenticated with the Admin.aspx page.
I get the following message;
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused ty a virtual directory not being configured as an application in IIS.
Am I doing something wrong?
<location path="Report.aspx">
<system.web>
<authentication mode="Forms">
<forms loginUrl="Admin.aspx" >
<credentials passwordFormat="Clear">
<user name="John" password="pass#432"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>
Your application is probably sitting in a folder under your website as part of that website and not an application in its own right.
For IIS 6.1: Go into IIS, right click your applications root folder and select Convert to Application.
Give this a go and see if it helps.
If that dosn't work...
Check you are putting your authentication config in the root web.config file and not in one in a folder lower down. (for example the one sitting in the MVC views folders if using MVC).
Although not related to your problem, as someone else said you have a deny all. To deny unauthenticated users access to the page use the question mark instead of asterix.
<location path="foo.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
I have three content pages - Login.aspx, Logout.aspx, MyAccount.aspx. All three are under the same folder-Account
All three pages are part of a Content site referencing the same master page.
Now the Master page has Logout and MyAccount hyperlinks.
When I click these link I am redirected to Login.aspx. Now I dont understand why this is happening.
Actually even if I type ~/Account/MyAccount.aspx in the browser I am redirected to ~/Account/Login.aspx
Further if I try to redirect to any page under Account folder I am redirected to Login.aspx page.
Am I missing something? Please guide me.
Thanks in advance.
In your web.config you specifie your login methode and also there the site redirects if the user isnĀ“t logedin & trys to open a site without priviliges:
<forms loginUrl="~/Account/LogOn" ... />
If you want that every user has access to some ressources you have to specifie them:
<location path="Content">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
and finaly only allow authorized users access to the rest:
<system.web>
<authorization>
<allow users="*" />
</authorization>
...
</system.web>
Remove or Comment deny users tag in Account's Web Config
<authorization>
<!--<deny users="?"/>-->
</authorization>
Read this getting understand. further info
Maybe it's checking user credentials?