Bypassing authentication

M

Microsoft

I'm running a web site and implementing both folder(web.config) and class
level authorization. A new requirement came in to allow an external web site
to access some secure web pages directly, without going through the logon
page.

The users are valid users, and I will build the principle object anyway, but
I need to do this before they are being re-directed to the logon page.

Would removing the folder\file reference from the web.config file help?

Thanks
Alex
(e-mail address removed)
 
E

Eric Newton

You could do something in the global Application_Authenticate event, whereas
if the HTTP-REFERER field has this "other" website, that it would create a
GenericPrinicipal like:
if( HttpContext.Current.Request.ServerVariables["HTTP_REFERER"] == "external
website" )
Context.User = new GenericPrincipal("extWebsite", ...);

else
/* you other code */

maybe try that... and this would be a good single place to see where the
overrides are, instead of scattering them in separate pages, making
manageability a little harder.

HTH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top