Bypassing authentication

Discussion in 'ASP .Net Security' started by Microsoft, Aug 7, 2003.

  1. Microsoft

    Microsoft Guest

    I'm running a web site and implementing both folder(web.config) and class
    level authorization. A new requirement came in to allow an external web site
    to access some secure web pages directly, without going through the logon
    page.

    The users are valid users, and I will build the principle object anyway, but
    I need to do this before they are being re-directed to the logon page.

    Would removing the folder\file reference from the web.config file help?

    Thanks
    Alex
    Microsoft, Aug 7, 2003
    #1
    1. Advertising

  2. Microsoft

    Eric Newton Guest

    You could do something in the global Application_Authenticate event, whereas
    if the HTTP-REFERER field has this "other" website, that it would create a
    GenericPrinicipal like:
    if( HttpContext.Current.Request.ServerVariables["HTTP_REFERER"] == "external
    website" )
    Context.User = new GenericPrincipal("extWebsite", ...);

    else
    /* you other code */

    maybe try that... and this would be a good single place to see where the
    overrides are, instead of scattering them in separate pages, making
    manageability a little harder.

    HTH


    --
    Eric Newton

    C#/ASP.net Solutions developer


    "Microsoft" <> wrote in message
    news:...
    > I'm running a web site and implementing both folder(web.config) and class
    > level authorization. A new requirement came in to allow an external web

    site
    > to access some secure web pages directly, without going through the logon
    > page.
    >
    > The users are valid users, and I will build the principle object anyway,

    but
    > I need to do this before they are being re-directed to the logon page.
    >
    > Would removing the folder\file reference from the web.config file help?
    >
    > Thanks
    > Alex
    >
    >
    >
    Eric Newton, Aug 15, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. MB
    Replies:
    3
    Views:
    8,719
    =?Utf-8?B?c3Jpbmk=?=
    May 13, 2004
  2. Russ

    bypassing a validation

    Russ, Jul 3, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    344
    M. Zeeshan Mustafa
    Jul 3, 2004
  3. David Hearn
    Replies:
    2
    Views:
    437
    David Hearn
    Jul 16, 2004
  4. tim almond

    Question regarding bypassing security

    tim almond, Apr 9, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    319
    Robbe Morris [C# MVP]
    Apr 11, 2005
  5. John

    Bypassing authentication

    John, Apr 17, 2006, in forum: ASP .Net
    Replies:
    5
    Views:
    1,821
    Teemu Keiski
    Apr 18, 2006
Loading...

Share This Page