Any way to have a .Net application not let a .html document go through unless they have logged in?

  • Thread starter Thread starter Mufasa
  • Start date Start date
M

Mufasa

I have a web site with a page on it (index.html) that is used for our
internal users but is on a public web site. Currently the entire directory
is password protected through IIS. Problem is - everybody uses the same User
ID/Password.

So I was going to do the normal Forms Authentication that would force
somebody to log in. Got all that to work. If they enter an invalid
password - all works fine. They log in correctly and it takes them to
index.html.

Problem is, if they go directly to index.html it let's them in. Anyway to
stop this from happening. I have <deny users="?" /> in my web.config.

This is in .Net 2.0 btw.

TIA - Jeff.
 
You can set up an HttpHandler for the HTML pages that forces the user
through the same authentication process. I would do a search for HTTP
Handler to find examples. This is, in essence, like an ISAPI filter.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*********************************************
Think outside the box!
*********************************************
 
I have a web site with a page on it (index.html) that is used for our
internal users but is on a public web site. Currently the entire directory
is password protected through IIS. Problem is - everybody uses the same User
ID/Password.

So I was going to do the normal Forms Authentication that would force
somebody to log in. Got all that to work. If they enter an invalid
password - all works fine. They log in correctly and it takes them to
index.html.

Problem is, if they go directly to index.html it let's them in. Anyway to
stop this from happening. I have <deny users="?" /> in my web.config.
Click to expand...

Why don't you just make index.html a .NET page?
 
I don't have control over the html page. It's being done by a secretary
through DreamWeaver.
 
Thanks. I'll look for that.

Cowboy (Gregory A. Beamer) said:
You can set up an HttpHandler for the HTML pages that forces the user
through the same authentication process. I would do a search for HTTP
Handler to find examples. This is, in essence, like an ISAPI filter.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*********************************************
Think outside the box!
*********************************************
Click to expand...
 
I don't have control over the html page. It's being done by a secretary
through DreamWeaver.

"Larry Bud" <[email protected]> wrote in message
Click to expand...

Still, she can just rename it to aspx. It would not be any different to her
but it would make a difference on the server
 
Jeff,

Make sure you add the protection="All" and path="/". This should solve your
problem.

<authentication mode="Forms">
<forms name=".Name" loginUrl="~/Login.aspx" timeout="20"
defaultUrl="~/index.html" protection="All" path="/"/>
</authentication>
 
This seems to work great. But now I get errors on certain controls -
RequiredFieldValidator and TreeView don't work.

Any thoughts?
 
Back
Top