authorization / authentication policy help

Discussion in 'ASP .Net Security' started by yofnik@comcast.net, Oct 4, 2006.

  1. Guest

    Hello,

    Using policy (modifying web.config) and FormsAuthentication, is it
    possible to return an error message (or redirect to error page) instead
    of redirecting to the login page for specific users only?

    Here's an example:
    I have a section of my web app that is for admins only. The
    authorization section of my web.config looks like.

    <authentication mode="Forms">
    <forms loginUrl="login.aspx">
    <credentials passwordFormat="Clear">
    <user name="admin" password="password"/>
    <user name="guest" password="password" />
    </credentials>
    </forms>
    </authentication>

    <authorization>
    <deny users="?"/>
    </authorization>

    Now, for the admin section of the web app, I have a seperate location
    element:

    <location path="admin">
    <system.web>
    <authorization>
    <allow users="admin"/>
    <deny users="*"/>
    </authorization>
    </system.web>
    </location>

    This ALMOST solves what I want. The only thing I don't like is that if
    the user "guest" tries to access the admin section, they get redirected
    to the login.aspx page again. Instead, I would like to redirect them to
    an error page or just show an error message.

    Is this possible at all using policy only (ie - via web.config)?

    Thanks.
    , Oct 4, 2006
    #1
    1. Advertising

  2. Guest

    That is what I was afraid of. I am trying to avoid any code changes.

    Gaurav Vaish (www.EdujiniOnline.com) wrote:
    > > This ALMOST solves what I want. The only thing I don't like is that if
    > > the user "guest" tries to access the admin section, they get redirected
    > > to the login.aspx page again. Instead, I would like to redirect them to
    > > an error page or just show an error message.

    >
    > There's no way out to do it declaratively.
    >
    > In Login.aspx:
    > if(Request.QueryString["ReturnUrl"] != null
    > && Request.QueryString["ReturnUrl"].IndexOf("admin") >= 0
    > && (!Request.IsAuthenticated || !Context.User.IsInRole("admin"))
    > {
    > // User was sent here by a page in admin section
    > // But he is 'guest' (not authenticated) or a non-admin guy
    > Response.Redirect("ErrorPage.aspx");
    > }
    >
    >
    > --
    > Happy Hacking,
    > Gaurav Vaish | www.mastergaurav.com
    > www.edujinionline.com
    > http://articles.edujinionline.com/webservices
    > -----------------------------------------
    , Oct 5, 2006
    #2
    1. Advertising

  3. ReyN Guest

    you can set up your error pages using the customErrors element for
    system.web in the web config file

    for example, you can have a page for default redirect, or a page for
    each error code you want to catch

    <customErrors defaultRedirect="~/shared/genericerror.aspx"
    mode="Off">
    <error statusCode="404" redirect="~/shared/notfound.aspx" />
    </customErrors>

    you can also set up customErrors only in the web.config of a particular
    folder
    ReyN, Oct 17, 2006
    #3
  4. ReyN Guest

    you can set up your error pages using the customErrors element for
    system.web in the web config file

    for example, you can have a page for default redirect, or a page for
    each error code you want to catch

    <customErrors defaultRedirect="~/shared/genericerror.aspx"
    mode="Off">
    <error statusCode="404" redirect="~/shared/notfound.aspx" />
    </customErrors>

    you can also set up customErrors only in the web.config of a particular
    folder
    ReyN, Oct 17, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    2
    Views:
    395
    Mike Mueller
    Jun 22, 2005
  2. Replies:
    0
    Views:
    364
  3. authorization policy help

    , Oct 4, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    344
  4. SeanRW
    Replies:
    1
    Views:
    361
    Dominick Baier [DevelopMentor]
    May 25, 2006
  5. Allawy
    Replies:
    0
    Views:
    724
    Allawy
    Aug 18, 2008
Loading...

Share This Page