Any way to have a .Net application not let a .html document go through unless they have logged in?

M

Mufasa

I have a web site with a page on it (index.html) that is used for our
internal users but is on a public web site. Currently the entire directory
is password protected through IIS. Problem is - everybody uses the same User
ID/Password.

So I was going to do the normal Forms Authentication that would force
somebody to log in. Got all that to work. If they enter an invalid
password - all works fine. They log in correctly and it takes them to
index.html.

Problem is, if they go directly to index.html it let's them in. Anyway to
stop this from happening. I have <deny users="?" /> in my web.config.

This is in .Net 2.0 btw.

TIA - Jeff.
 
C

Cowboy \(Gregory A. Beamer\)

You can set up an HttpHandler for the HTML pages that forces the user
through the same authentication process. I would do a search for HTTP
Handler to find examples. This is, in essence, like an ISAPI filter.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*********************************************
Think outside the box!
*********************************************
 
L

Larry Bud

I have a web site with a page on it (index.html) that is used for our
internal users but is on a public web site. Currently the entire directory
is password protected through IIS. Problem is - everybody uses the same User
ID/Password.

So I was going to do the normal Forms Authentication that would force
somebody to log in. Got all that to work. If they enter an invalid
password - all works fine. They log in correctly and it takes them to
index.html.

Problem is, if they go directly to index.html it let's them in. Anyway to
stop this from happening. I have <deny users="?" /> in my web.config.
Click to expand...

Why don't you just make index.html a .NET page?
 
M

Mufasa

I don't have control over the html page. It's being done by a secretary
through DreamWeaver.
 
M

Mufasa

Thanks. I'll look for that.

Cowboy (Gregory A. Beamer) said:
You can set up an HttpHandler for the HTML pages that forces the user
through the same authentication process. I would do a search for HTTP
Handler to find examples. This is, in essence, like an ISAPI filter.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*********************************************
Think outside the box!
*********************************************
Click to expand...
 
R

Rad [Visual C# MVP]

I don't have control over the html page. It's being done by a secretary
through DreamWeaver.

"Larry Bud" <[email protected]> wrote in message
Click to expand...

Still, she can just rename it to aspx. It would not be any different to her
but it would make a difference on the server
 
K

Kris Lankford

Jeff,

Make sure you add the protection="All" and path="/". This should solve your
problem.

<authentication mode="Forms">
<forms name=".Name" loginUrl="~/Login.aspx" timeout="20"
defaultUrl="~/index.html" protection="All" path="/"/>
</authentication>
 
M

Mufasa

This seems to work great. But now I get errors on certain controls -
RequiredFieldValidator and TreeView don't work.

Any thoughts?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What am I doing wrong with authentication? 3
.NET Membership - Domain Authorization doesn't work with roles 1
Forms Authentication for single directory 1
How to start/stop windows service on a remote machine? 3
Have a web site that is 'secure' but want to have a subdirectory that is not. 1
Domain user name 1
winform security: strange error, where as I expected a redirect 2
Going to a link but need to log in. 3

Top