forms authentication issue


G

Guest

I have an app that will direct to the login on any unauthorized access. It
will redirect back to the calling page when authenticated. Now here is the
problem.
I'm allowing for user registration via a link on the lgin page, but my
registrstion page is re-directing me back to login.aspx.
I've enabled session state to in proc to prevent multi logins with the same
user. Would this cause a problem?
here is my web.config sections that i've changed.
<authentication mode="Forms">
<forms
name=".STARTERCookie"
loginUrl="Login.aspx"
protection="All"
timeout="10">
</forms>
</authentication>
<authorization>
<deny users="?" />
</usthorization>
<sessionState
mode="InProc"
cookieless="true"
timeout="120"
/>

thanks (as always)
some day i'm gona pay this forum back for all the halp i'm getting
kes
 
Ad

Advertisements

G

Guest

Ya-no-wat? der'r some days dat ant no good gona happen!
well....... this is one of those days!
yes, it needs to be in a seprate directory with it's own web.config.
 
G

Guest

Hello,
You can use the <location> tag in your main web.config as well.

It would be something like this in your web.config:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="your_name" loginUrl="login.aspx" protection="All"
path="/YourApp" timeout="20" />
</authentication>
</system.web>

<location allowOverride="true">
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="your_login_register_folder">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>

Should you have any further questions or comments, let me know.

Regards,
Cesar
 
G

Guest

thanks, I did not know of this.
i do have a beginner beginner problem question on this
1. does the folder specified need to contain its own web application with
bin? and does this need to be a seprate project (different dll)?
i've not been able to get the registration page to come up without error
2. can a specific web page be allowed using the <location
allowOverride="true">
?
fyi i'm using vs.net
i can post the errors if needed.
thanks
kes
 
Ad

Advertisements

G

Guest

Hello,
NO, the subfolder is not another application with its own bin folder. It
is just a subfolder that is not protected.


With the first location tag you are telling the app to deny access to all
unauthenticated users and to allow access to all other users (notice that the
deny tag is first)
<deny users="?" />
<allow users="*" />

The second location tag is overriding the whole app security and it is
allowing ALL users (notice that the second location does not have the <deny>
tag. It is in the second location tag where you should try to use the single
file. I have not tried it though!

<location path="your_login_register_folder">

The problem that I may foresee is that if your web page has any reference
(any reference at all) to any other file, you will be requested to login.
That is, if you are showing an image, a chart, or you are even using a
stylesheet, you may be requested to login so that you would need to disable
the access to all those files.

I would suggest to use a different folder where you can isolate all those
items that are not protected.

Should you have any further questions or comments, let me know.

Regards,
Cesar Saucedo
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top