FormAuthentication on ascx files

J

Joey Lee

Hi,

I have a default.aspx page which has PlaceHolder where it will call
different *.acx file based on the request url.
eg http://localhost/default.aspx?module=home
will put a home.ascx in the place holder
and
eg http://localhost/default.aspx?module=admin
will put a admin.ascx in the place holder

both the home and admin have its own folder respectively, where home.ascx is
in /home folder and admin.ascx is in /admin folder.

So I would like to implement form authentication, that if the user is not
authenticated, when the default page is called with the parameter of
module=admin, the user will be rejected.

As normal i will create another web.config file in the folder and restrict
all user which is not authenticated. However this did not work in my case
where the page which is invoked is the default.aspx page regardless of all
the .ascx files that are called.

From the look of it only if i create an aspx file in the admin folder and
call it like
http://localhost/admin/admin.aspx then the authentication will work where
the user is rejected.

Is there any way to use form authentication for this?, or would I have to do
a different set of coding in the default page which will check if the ascx
page being called is retricted or not?

Or, would it be my design is totally wrong where i shouldn't have only a
single aspx file calling different "module" which are totally coded as ascx
files?

Thanks in advance.

Joey
 
R

ranganh

Dear Joey,

Your idea is good. But it doenst work as with normal when it comes to ascx
files. Basically ascx files are not pages but parts of a page and they are
rendered before the page is rendered.

One way to restrict users would be is to put the following code in the
codebehind of the usercontrol's page_load event as

If(! Page.User.Identity.IsAuthenticated)
{
Response.Redirect("LoginPage.aspx");
}

This should help you in filtering anonymous calls to admin sections.

Does that help.
 
J

Joey Lee

Thanks. That helps.

However i am wondering what does it mean by "form authentication protects
ascx files as well as all other a* files " which i read on the internet.

Joey
 
R

ranganh

It refers to that forms authentication protects by default, the files
handled by asp.net (aspnet_isapil.dll) such as aspx, ascx so that you dont
have to exclusively map the extensions to be handled by asp.net

Ok, say you want to protect a doc from being downloaded then along with
forms authentication, you also need to specify the handler in the IIS to make
asp.net handle the request for the doc type file. Else, it will be ignored
and will be downloaded regardless of whether the user is logged in or not.

Hope it clarifies.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Converting several Markdown files into DOCX with pandoc 4
I need help in understanding these files on my phone, Could someone help me understand these files? Urgent help needed. Please help. 1
Programming with VSC 2
aspx, ascx, and events 0
URGENT 1
Search nested folders with specific names in python 0
Storing Role And User Id in UserData of FormAuthentication 4
New coder with a focus on animating web banners 0

Members online

Total: 27 (members: 1, guests: 26)
Robots: 225

Forum statistics

Threads
473,764
Messages
2,569,565
Members
45,041
Latest member
RomeoFarnh

Latest Threads

Top