Advanced Forms Authentication

Discussion in 'ASP .Net Security' started by news.microsoft.com, Aug 14, 2006.

  1. I've got a web site with URLs like the following:

    http://www.mysite.com/nnnn/webpage.aspx

    where nnnn is a number which represents an ID, e.g.
    http://www.mysite.com/1234/webpage.aspx.

    I can easily decode the URL and retrieve the ID (which represents a specific
    customer) and then rewrite the URL, removing the ID so that the page served
    for the above example would be http://www.mysite.com/webpage.aspx. This
    scheme makes it look like each customer has their own "directory" on the web
    site, where it's actually one directory but parameterised by their ID.

    The problem is that Forms Authentication seems to require a hard-coded login
    page in the web.config file. But I need to be able to specify the login page
    at runtime. So, for the above example, if the user isn't authenticated,
    Forms Authentication should redirect to
    http://www.mysite.com/1234/login.aspx, but if the ID were 9999 it should be
    http://www.mysite.com/9999/login.aspx.

    What's the easiest way to achieve this?

    TIA

    MikeS.
     
    news.microsoft.com, Aug 14, 2006
    #1
    1. Advertising

  2. Hi,

    you could write an http module (or application event handler) that checks
    for a 401 and does the redirect to the right login page manually. EndRequest
    would be a good place for that.

    ---
    Dominick Baier, DevelopMentor
    http://www.leastprivilege.com

    > I've got a web site with URLs like the following:
    >
    > http://www.mysite.com/nnnn/webpage.aspx
    >
    > where nnnn is a number which represents an ID, e.g.
    > http://www.mysite.com/1234/webpage.aspx.
    >
    > I can easily decode the URL and retrieve the ID (which represents a
    > specific customer) and then rewrite the URL, removing the ID so that
    > the page served for the above example would be
    > http://www.mysite.com/webpage.aspx. This scheme makes it look like
    > each customer has their own "directory" on the web site, where it's
    > actually one directory but parameterised by their ID.
    >
    > The problem is that Forms Authentication seems to require a hard-coded
    > login page in the web.config file. But I need to be able to specify
    > the login page at runtime. So, for the above example, if the user
    > isn't authenticated, Forms Authentication should redirect to
    > http://www.mysite.com/1234/login.aspx, but if the ID were 9999 it
    > should be http://www.mysite.com/9999/login.aspx.
    >
    > What's the easiest way to achieve this?
    >
    > TIA
    >
    > MikeS.
    >
     
    Dominick Baier, Aug 20, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,497
    Tommy
    Feb 13, 2004
  2. JEFF
    Replies:
    1
    Views:
    1,028
    =?Utf-8?B?YnJpYW5zW01DU0Rd?=
    Nov 12, 2007
  3. Michele Simionato
    Replies:
    1
    Views:
    607
    Lacrima
    Mar 27, 2010
  4. Keltex
    Replies:
    1
    Views:
    404
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
  5. Eric
    Replies:
    2
    Views:
    558
Loading...

Share This Page