Forms Auth/Membership & Roles Providers/Secured Directory

Discussion in 'ASP .Net Security' started by Drew, May 5, 2009.

  1. Drew

    Drew Guest

    When using Forms Auth in conjunction with Membership and Roles provider, we
    have limited a directory to only users with the role Administrators using the
    following web.config:
    <location path="administration">
    <system.web>
    <authorization>
    <deny users="?"/>
    <allow roles="Administrator"/>
    <deny users="*" />
    </authorization>
    </system.web>
    </location
    When a standard already authenticated user tries navigate into that
    directory, they are redirected to the login page. Can they be sent to a main
    page instead? We have specified the defaultUrl in the forms auth tag with:
    defaultUrl="~/Home.aspx" but the users are not being sent there. Am i doing
    something wrong?
     
    Drew, May 5, 2009
    #1
    1. Advertising

  2. On May 5, 10:25 pm, Drew <> wrote:
    > When using Forms Auth in conjunction with Membership and Roles provider, we
    > have limited a directory to only users with the role Administrators usingthe
    > following web.config:
    >     <location path="administration">
    >         <system.web>
    >             <authorization>
    >                 <deny users="?"/>
    >                 <allow roles="Administrator"/>
    >                 <deny users="*" />
    >             </authorization>
    >         </system.web>
    >     </location
    > When a standard already authenticated user tries navigate into that
    > directory, they are redirected to the login page.  Can they be sent to a main
    > page instead?  We have specified the defaultUrl in the forms auth tag with:
    > defaultUrl="~/Home.aspx" but the users are not being sent there.  Am i doing
    > something wrong?


    It seems that you don't need to add <deny users="?"/> when only
    Administrator role is allowed. Did you try to add in the system.web
    section (below location element)

    <authentication mode="Forms">
    <forms name="adminform" defaultUrl="default.aspx" loginUrl="/
    home.aspx" path="/"/>
    </authentication>

    http://msdn.microsoft.com/en-us/library/aa302435.aspx#c19618429_011
     
    Alexey Smirnov, May 6, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Q2hyaXMgTW9oYW4=?=

    Configuring Windows Auth & Forms Auth in Asp.Net

    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=, Apr 28, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    706
    =?Utf-8?B?Q2hyaXMgTW9oYW4=?=
    Apr 28, 2004
  2. =?Utf-8?B?ZGhucml2ZXJzaWRl?=

    Windows Auth, but Forms Auth for one page?

    =?Utf-8?B?ZGhucml2ZXJzaWRl?=, Jan 8, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    569
    Elton Wang
    Jan 8, 2005
  3. =?Utf-8?B?bWdvbnphbGVzMw==?=

    Membership Roles and Windows Auth - CSLA.net ?

    =?Utf-8?B?bWdvbnphbGVzMw==?=, Apr 20, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    540
    =?Utf-8?B?bWdvbnphbGVzMw==?=
    Apr 20, 2006
  4. Replies:
    1
    Views:
    472
    Nicole Calinoiu
    May 15, 2006
  5. Daniel Frechette
    Replies:
    2
    Views:
    185
    Thomas 'PointedEars' Lahn
    Apr 10, 2006
Loading...

Share This Page