Any way to have a .Net application not let a .html document go through unless they have logged in?

Discussion in 'ASP .Net' started by Mufasa, Apr 13, 2007.

  1. Mufasa

    Mufasa Guest

    I have a web site with a page on it (index.html) that is used for our
    internal users but is on a public web site. Currently the entire directory
    is password protected through IIS. Problem is - everybody uses the same User
    ID/Password.

    So I was going to do the normal Forms Authentication that would force
    somebody to log in. Got all that to work. If they enter an invalid
    password - all works fine. They log in correctly and it takes them to
    index.html.

    Problem is, if they go directly to index.html it let's them in. Anyway to
    stop this from happening. I have <deny users="?" /> in my web.config.

    This is in .Net 2.0 btw.

    TIA - Jeff.
    Mufasa, Apr 13, 2007
    #1
    1. Advertising

  2. You can set up an HttpHandler for the HTML pages that forces the user
    through the same authentication process. I would do a search for HTTP
    Handler to find examples. This is, in essence, like an ISAPI filter.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA
    http://gregorybeamer.spaces.live.com

    *********************************************
    Think outside the box!
    *********************************************
    "Mufasa" <> wrote in message
    news:...
    >I have a web site with a page on it (index.html) that is used for our
    >internal users but is on a public web site. Currently the entire directory
    >is password protected through IIS. Problem is - everybody uses the same
    >User ID/Password.
    >
    > So I was going to do the normal Forms Authentication that would force
    > somebody to log in. Got all that to work. If they enter an invalid
    > password - all works fine. They log in correctly and it takes them to
    > index.html.
    >
    > Problem is, if they go directly to index.html it let's them in. Anyway to
    > stop this from happening. I have <deny users="?" /> in my web.config.
    >
    > This is in .Net 2.0 btw.
    >
    > TIA - Jeff.
    >
    >
    Cowboy \(Gregory A. Beamer\), Apr 13, 2007
    #2
    1. Advertising

  3. Mufasa

    Larry Bud Guest

    On Apr 13, 11:03 am, "Mufasa" <> wrote:
    > I have a web site with a page on it (index.html) that is used for our
    > internal users but is on a public web site. Currently the entire directory
    > is password protected through IIS. Problem is - everybody uses the same User
    > ID/Password.
    >
    > So I was going to do the normal Forms Authentication that would force
    > somebody to log in. Got all that to work. If they enter an invalid
    > password - all works fine. They log in correctly and it takes them to
    > index.html.
    >
    > Problem is, if they go directly to index.html it let's them in. Anyway to
    > stop this from happening. I have <deny users="?" /> in my web.config.


    Why don't you just make index.html a .NET page?
    Larry Bud, Apr 13, 2007
    #3
  4. Mufasa

    Mufasa Guest

    I don't have control over the html page. It's being done by a secretary
    through DreamWeaver.

    "Larry Bud" <> wrote in message
    news:...
    > On Apr 13, 11:03 am, "Mufasa" <> wrote:
    >> I have a web site with a page on it (index.html) that is used for our
    >> internal users but is on a public web site. Currently the entire
    >> directory
    >> is password protected through IIS. Problem is - everybody uses the same
    >> User
    >> ID/Password.
    >>
    >> So I was going to do the normal Forms Authentication that would force
    >> somebody to log in. Got all that to work. If they enter an invalid
    >> password - all works fine. They log in correctly and it takes them to
    >> index.html.
    >>
    >> Problem is, if they go directly to index.html it let's them in. Anyway to
    >> stop this from happening. I have <deny users="?" /> in my web.config.

    >
    > Why don't you just make index.html a .NET page?
    >
    >
    >
    Mufasa, Apr 13, 2007
    #4
  5. Mufasa

    Mufasa Guest

    Thanks. I'll look for that.

    "Cowboy (Gregory A. Beamer)" <> wrote in
    message news:...
    > You can set up an HttpHandler for the HTML pages that forces the user
    > through the same authentication process. I would do a search for HTTP
    > Handler to find examples. This is, in essence, like an ISAPI filter.
    >
    > --
    > Gregory A. Beamer
    > MVP; MCP: +I, SE, SD, DBA
    > http://gregorybeamer.spaces.live.com
    >
    > *********************************************
    > Think outside the box!
    > *********************************************
    > "Mufasa" <> wrote in message
    > news:...
    >>I have a web site with a page on it (index.html) that is used for our
    >>internal users but is on a public web site. Currently the entire directory
    >>is password protected through IIS. Problem is - everybody uses the same
    >>User ID/Password.
    >>
    >> So I was going to do the normal Forms Authentication that would force
    >> somebody to log in. Got all that to work. If they enter an invalid
    >> password - all works fine. They log in correctly and it takes them to
    >> index.html.
    >>
    >> Problem is, if they go directly to index.html it let's them in. Anyway to
    >> stop this from happening. I have <deny users="?" /> in my web.config.
    >>
    >> This is in .Net 2.0 btw.
    >>
    >> TIA - Jeff.
    >>
    >>

    >
    Mufasa, Apr 13, 2007
    #5
  6. On Fri, 13 Apr 2007 13:03:32 -0400, Mufasa wrote:

    > I don't have control over the html page. It's being done by a secretary
    > through DreamWeaver.
    >
    > "Larry Bud" <> wrote in message


    Still, she can just rename it to aspx. It would not be any different to her
    but it would make a difference on the server
    --
    Bits.Bytes
    http://bytes.thinkersroom.com
    Rad [Visual C# MVP], Apr 14, 2007
    #6
  7. Jeff,

    Make sure you add the protection="All" and path="/". This should solve your
    problem.

    <authentication mode="Forms">
    <forms name=".Name" loginUrl="~/Login.aspx" timeout="20"
    defaultUrl="~/index.html" protection="All" path="/"/>
    </authentication>

    "Mufasa" <> wrote in message
    news:...
    >I have a web site with a page on it (index.html) that is used for our
    >internal users but is on a public web site. Currently the entire directory
    >is password protected through IIS. Problem is - everybody uses the same
    >User ID/Password.
    >
    > So I was going to do the normal Forms Authentication that would force
    > somebody to log in. Got all that to work. If they enter an invalid
    > password - all works fine. They log in correctly and it takes them to
    > index.html.
    >
    > Problem is, if they go directly to index.html it let's them in. Anyway to
    > stop this from happening. I have <deny users="?" /> in my web.config.
    >
    > This is in .Net 2.0 btw.
    >
    > TIA - Jeff.
    >
    >
    Kris Lankford, Apr 14, 2007
    #7
  8. Mufasa

    Mufasa Guest

    This seems to work great. But now I get errors on certain controls -
    RequiredFieldValidator and TreeView don't work.

    Any thoughts?

    "Kris Lankford" <> wrote in message
    news:D...
    > Jeff,
    >
    > Make sure you add the protection="All" and path="/". This should solve
    > your problem.
    >
    > <authentication mode="Forms">
    > <forms name=".Name" loginUrl="~/Login.aspx" timeout="20"
    > defaultUrl="~/index.html" protection="All" path="/"/>
    > </authentication>
    >
    > "Mufasa" <> wrote in message
    > news:...
    >>I have a web site with a page on it (index.html) that is used for our
    >>internal users but is on a public web site. Currently the entire directory
    >>is password protected through IIS. Problem is - everybody uses the same
    >>User ID/Password.
    >>
    >> So I was going to do the normal Forms Authentication that would force
    >> somebody to log in. Got all that to work. If they enter an invalid
    >> password - all works fine. They log in correctly and it takes them to
    >> index.html.
    >>
    >> Problem is, if they go directly to index.html it let's them in. Anyway to
    >> stop this from happening. I have <deny users="?" /> in my web.config.
    >>
    >> This is in .Net 2.0 btw.
    >>
    >> TIA - Jeff.
    >>
    >>
    Mufasa, Jun 11, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. keithb
    Replies:
    0
    Views:
    632
    keithb
    Feb 16, 2006
  2. Luigi Donatello Asero

    Let or not let the text float

    Luigi Donatello Asero, Jan 15, 2004, in forum: HTML
    Replies:
    6
    Views:
    464
    Steve R.
    Jan 15, 2004
  3. Replies:
    1
    Views:
    947
    =?Utf-8?B?UGV0ZXIgQnJvbWJlcmcgW0MjIE1WUF0=?=
    Apr 12, 2007
  4. David A. Black
    Replies:
    2
    Views:
    223
    Tim Hunter
    Aug 19, 2004
  5. Gábor SEBESTYÉN

    Unless unless

    Gábor SEBESTYÉN, Jun 17, 2005, in forum: Ruby
    Replies:
    3
    Views:
    149
    Gábor SEBESTYÉN
    Jun 17, 2005
Loading...

Share This Page