application security

M

MW

Hi,

I'm trying to secure my application.

I'm using forms authentication and I check passwords
against a database.

I have a login.aspx page in the root of my application,
pages that I want to restrict access to are in a folder
below the root called 'secure'.

I have a web.config in the 'secure' folder with only
(I've tried having <allow users="*"/> after the deny, but
it didn't help)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

The web.config in my root has an authentication section
as such:
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

When I login, it goes to my default page, but when I try
to click a link to another page, I get redirected to the
login page.

Obviously, I'm missing something somewhere.

Any help is appreciated. Thanks.
 
M

MW

Well I guess I'll try to re-iterate this a bit.

so at http://localhost/myApplication
I have a login page and a web.config.
I use forms authentication and test usernames and
passwords against a database.
The authentication and authorization sections of the
web.config are (there could be something missing in it):

<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>

<authorization>
<deny users="?" />
</authorization>

Within http://localhost/myApplication I have a folder for
the pages I want secured:
http://localhost/myApplication/Security/UserInformation.as
px

'Security' being a folder within the project i.e.:
c:\inetpub\wwwroot\myApplication\Security

In that security folder I have another web.config file
that contains <u>only</u>:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

(I may be missing something in there).

So the problem I am having with this setup is: when I
login, it goes to my default page, but when I try to
click a link to another page, I get redirected to the
login page.

I hope that clears up my issue so that someone can help
me.

Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

security... 0
Form based security using frames 1
What am I doing wrong with authentication? 3
ASP.NET forms security and web.config 1
Clarification on a Security Issue 0
location element in web.config 1
page vs directory security 6
subfolders/security 2

Members online

No members online now.
Total: 33 (members: 0, guests: 33)
Robots: 394

Forum statistics

Threads
473,770
Messages
2,569,584
Members
45,075
Latest member
MakersCBDBloodSupport

Latest Threads

Top