Forms Authentication Access Rules

Discussion in 'ASP .Net' started by =?Utf-8?B?QnJhbmRvbiBTdGFsdGU=?=, Jun 23, 2006.

  1. I've implemented forms authentication for my application. I would like to use
    access rules by creating individual web.config files in folders to
    allow/disallow access to directories. My problem is when I create an access
    rule for a directory to disallow a role or user, when that user in the role
    attempts to access the directory they are kicked out of the application which
    is fine, but the login page has the redirect url pointing back to the page
    they don't have access to (i.e.
    http://localhost/App1/Login.aspx?ReturnUrl=/App1/Folder1//AddLoading.aspx).
    Because the login page contains the non accessible redirected url, the user
    justs loops back to the login page over and over again. Is there any way to
    stop this without writing code page by page to check that a user is in a
    certain role?
    =?Utf-8?B?QnJhbmRvbiBTdGFsdGU=?=, Jun 23, 2006
    #1
    1. Advertising

  2. Is there an event I could capture to say whenever an access rule attempts to
    kick someone out of the application, redirect them to a NoPermissions.aspx
    page and have this event system wide not just per page?

    "Brandon Stalte" wrote:

    > I've implemented forms authentication for my application. I would like to use
    > access rules by creating individual web.config files in folders to
    > allow/disallow access to directories. My problem is when I create an access
    > rule for a directory to disallow a role or user, when that user in the role
    > attempts to access the directory they are kicked out of the application which
    > is fine, but the login page has the redirect url pointing back to the page
    > they don't have access to (i.e.
    > http://localhost/App1/Login.aspx?ReturnUrl=/App1/Folder1//AddLoading.aspx).
    > Because the login page contains the non accessible redirected url, the user
    > justs loops back to the login page over and over again. Is there any way to
    > stop this without writing code page by page to check that a user is in a
    > certain role?
    =?Utf-8?B?QnJhbmRvbiBTdGFsdGU=?=, Jun 23, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,405
    Tommy
    Feb 13, 2004
  2. JEFF
    Replies:
    1
    Views:
    1,007
    =?Utf-8?B?YnJpYW5zW01DU0Rd?=
    Nov 12, 2007
  3. Torben Laursen

    Block access to zip files using access rules

    Torben Laursen, May 12, 2008, in forum: ASP .Net
    Replies:
    1
    Views:
    423
    bruce barker
    May 12, 2008
  4. Keltex
    Replies:
    1
    Views:
    388
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
  5. Eric
    Replies:
    2
    Views:
    467
Loading...

Share This Page