M
MW
Hi,
I'm trying to secure my application.
I'm using forms authentication and I check passwords
against a database.
I have a login.aspx page in the root of my application,
pages that I want to restrict access to are in a folder
below the root called 'secure'.
I have a web.config in the 'secure' folder with only
(I've tried having <allow users="*"/> after the deny, but
it didn't help)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
The web.config in my root has an authentication section
as such:
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
When I login, it goes to my default page, but when I try
to click a link to another page, I get redirected to the
login page.
Obviously, I'm missing something somewhere.
Any help is appreciated. Thanks.
I'm trying to secure my application.
I'm using forms authentication and I check passwords
against a database.
I have a login.aspx page in the root of my application,
pages that I want to restrict access to are in a folder
below the root called 'secure'.
I have a web.config in the 'secure' folder with only
(I've tried having <allow users="*"/> after the deny, but
it didn't help)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
The web.config in my root has an authentication section
as such:
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
When I login, it goes to my default page, but when I try
to click a link to another page, I get redirected to the
login page.
Obviously, I'm missing something somewhere.
Any help is appreciated. Thanks.