Authentication/Automatic Redirect?

  • Thread starter Thread starter Donald Williamson
  • Start date Start date
D

Donald Williamson

Hi

Hope someone can help me with authentication and how the redirects work. I'
ve already tried searching previous posts but didn't really find anything.

for I have a page that checks to see if the user has logged in. If not, it
redirects them to the login page for authentication. After authenticating, I
want to redirect them back to the original page that sent them. I always get
redirected back to the default page. I noticed that the '?RedirectURL'
parameter is not being set so my question is how does this get set?

Here's me web.config code"
<authentication mode="Forms" >
<forms
name="fpSupport"
path="/"
loginUrl="Accounts/Login.aspx"
protection="All"
timeout="30">
</forms>
</authentication>


Here's the code that redirects them to the login page if they are not
authenticated:
If Not Context.User.Identity.IsAuthenticated Then
Response.Redirect("Accounts/Login.aspx")
End If


And here's the code on the login page after they have been authenticated:

FormsAuthentication.SetAuthCookie(UserName.Text, chkPersist.Checked)
FormsAuthentication.RedirectFromLoginPage(UserName.Text,
chkPersist.Checked)

Any assistance would greatly be appreciated!

- Donald
 
Donald Williamson said:
Hi

Hope someone can help me with authentication and how the redirects work. I'
ve already tried searching previous posts but didn't really find anything.

for I have a page that checks to see if the user has logged in. If not, it
redirects them to the login page for authentication. After authenticating, I
want to redirect them back to the original page that sent them. I always get
redirected back to the default page. I noticed that the '?RedirectURL'
parameter is not being set so my question is how does this get set?

Here's me web.config code"
<authentication mode="Forms" >
<forms
name="fpSupport"
path="/"
loginUrl="Accounts/Login.aspx"
protection="All"
timeout="30">
</forms>
</authentication>


If you're using Forms Authentication, your code should not be checking to
see if the user is authenticated. Instead, set up the <authorization>
section properly, and Forms Authentication will do it for you.
 
Thanks John,

One more question about the <authorization>. I am setting up many multiple
directories. I only want to give anonymous permission to a few select
files. Most others will require that they be authenticated to view the files
in most of the directories.



Do I create a separate <authorization> config file for each directory that
needs to be authenticated or what is the best way to do this? Thanks again
for any help.



- Donald
 
Donald Williamson said:
Thanks John,

One more question about the <authorization>. I am setting up many multiple
directories. I only want to give anonymous permission to a few select
files. Most others will require that they be authenticated to view the files
in most of the directories.



Do I create a separate <authorization> config file for each directory that
needs to be authenticated or what is the best way to do this? Thanks again
for any help.

You can put a separate web.config in each directory if you like. Mostly,
people use <location> elements to specify the configuration of the
subdirectories.
 
Thanks again John,

Getting closer ... hopefully my last question :) I'm working on the
location path. Here's what I have in my web.config:

<location path="~/Modules/SupportViewRequests/viewrequest.aspx">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>

This is placed before the main <system.web> settings where, in part, I have
the following:
<authentication mode="Forms" >
<forms
name="fpSupport"
path="/"
loginUrl="Accounts/Login.aspx"
protection="All"
timeout="30">
</forms>
</authentication>

I did remove the redirect in my main page. However, I'm never automatically
getting redirected to the log-in page. What am I missing?

- Donald
 
Got it! FYI here's the correct code to lock the directory:

<location path="Modules/SupportViewRequests">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

- Donald
 
Donald Williamson said:
Thanks again John,

Getting closer ... hopefully my last question :) I'm working on the
location path. Here's what I have in my web.config:

<location path="~/Modules/SupportViewRequests/viewrequest.aspx">
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</location>

This is placed before the main <system.web> settings where, in part, I have
the following:
<authentication mode="Forms" >
<forms
name="fpSupport"
path="/"
loginUrl="Accounts/Login.aspx"
protection="All"
timeout="30">
</forms>
</authentication>

I did remove the redirect in my main page. However, I'm never automatically
getting redirected to the log-in page. What am I missing?

Where's your main <authorization> element?
 
Back
Top