A
Alan Silver
Hello,
Sorry this is a bit wordy, but it's a pretty simple question...
I have a web site, http://domain/ which is a public site, part of which
(http://domain/a/) is protected by forms authentication.
I would like to configure it so that anyone not logged in, trying to
access the protected part will not be redirected to the login page, but
will be sent to the main site's home page. The reason is because I have
a page in the protected part where the site owner prints out order
details to send to the customer. As most browsers put the URL at the
bottom of a printed web page, the customer will see
http://domain/a/orders.aspx?orderid=23 and will then try to load that
page. If they are redirected to a login page, it encourages hackers to
try and break in. If they are redirected to the main home page, or given
a 404, they will not know of the existence of the protected part.
So, any ideas how I do this? I tried setting the loginUrl (in
web.config) to the home page, but this stops anyone from logging in,
even if they enter the URL to the login page.
Currently, the main site does not have a web.config, and the protected
part (which is a separate application) has the following...
<configuration>
<system.web>
<compilation defaultLanguage="c#" />
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
This works, except it shows the login page to everyone. Any idea how I
can prevent this? TIA
Sorry this is a bit wordy, but it's a pretty simple question...
I have a web site, http://domain/ which is a public site, part of which
(http://domain/a/) is protected by forms authentication.
I would like to configure it so that anyone not logged in, trying to
access the protected part will not be redirected to the login page, but
will be sent to the main site's home page. The reason is because I have
a page in the protected part where the site owner prints out order
details to send to the customer. As most browsers put the URL at the
bottom of a printed web page, the customer will see
http://domain/a/orders.aspx?orderid=23 and will then try to load that
page. If they are redirected to a login page, it encourages hackers to
try and break in. If they are redirected to the main home page, or given
a 404, they will not know of the existence of the protected part.
So, any ideas how I do this? I tried setting the loginUrl (in
web.config) to the home page, but this stops anyone from logging in,
even if they enter the URL to the login page.
Currently, the main site does not have a web.config, and the protected
part (which is a separate application) has the following...
<configuration>
<system.web>
<compilation defaultLanguage="c#" />
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" />
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
This works, except it shows the login page to everyone. Any idea how I
can prevent this? TIA