Forms Authentication for only selected webforms? How to do this

Discussion in 'ASP .Net Security' started by Rich, Mar 16, 2005.

  1. Rich

    Rich Guest

    Hi,

    I might have missed this perhaps, but here's my query:

    I am presently designing a site that is for public use in general. However,
    several forms (pages) I need authentication from members.

    For example: default.aspx is allowed for everyone, but members.aspx isn't
    (and so are various pages)

    So when public users try to access the members.aspx site, they will need to
    log in. (typically on login.aspx)

    If I use Forms-authentication, normally ALL requested pages will be
    re-directed to the generic login.aspx page, on which the user credentials are
    checked. This scenario will not work for me.

    My main question is therefore, while using forms-authentication, can I setup
    my default.aspx in such a way that it will NOT redirect to login.aspx when a
    public user requests it? Would there be a property or such that I can set,
    for example, so that requests to default.aspx will sort of bypass the
    form-authentication mechanism.

    Alternatively, I could check user credentials in every page.load-event in a
    some kind of custom-security way, and deal with redirection to login.aspx
    from there, but i guess I need to be sure whether nothing already exists that
    deals with this while using forms-authentication.

    Appreciate any feedback, tips, and comments etc...
    Rich, Mar 16, 2005
    #1
    1. Advertising

  2. Rich

    Brock Allen Guest

    If you want to selectively configure authorization use the <location> element
    in web.config. It allows you to change settings for a specific path:

    <configuration>
    <system.web>.....</system.web>

    <location path="default.aspx">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>

    <location path="admin.aspx">
    <system.web>
    <authorization>
    <allow roles="Admin" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>

    </configuration>

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen



    > Hi,
    >
    > I might have missed this perhaps, but here's my query:
    >
    > I am presently designing a site that is for public use in general.
    > However, several forms (pages) I need authentication from members.
    >
    > For example: default.aspx is allowed for everyone, but members.aspx
    > isn't (and so are various pages)
    >
    > So when public users try to access the members.aspx site, they will
    > need to log in. (typically on login.aspx)
    >
    > If I use Forms-authentication, normally ALL requested pages will be
    > re-directed to the generic login.aspx page, on which the user
    > credentials are checked. This scenario will not work for me.
    >
    > My main question is therefore, while using forms-authentication, can I
    > setup my default.aspx in such a way that it will NOT redirect to
    > login.aspx when a public user requests it? Would there be a property
    > or such that I can set, for example, so that requests to default.aspx
    > will sort of bypass the form-authentication mechanism.
    >
    > Alternatively, I could check user credentials in every page.load-event
    > in a some kind of custom-security way, and deal with redirection to
    > login.aspx from there, but i guess I need to be sure whether nothing
    > already exists that deals with this while using forms-authentication.
    >
    > Appreciate any feedback, tips, and comments etc...
    >
    Brock Allen, Mar 16, 2005
    #2
    1. Advertising

  3. Rich

    Rich Guest

    Re: Forms Authentication for only selected webforms? How to do thi

    Thanks! This is great help. I'm going to try that out, and am sure it will
    solve my little problem.

    Cheers!
    Richard

    "Brock Allen" wrote:

    > If you want to selectively configure authorization use the <location> element
    > in web.config. It allows you to change settings for a specific path:
    >
    > <configuration>
    > <system.web>.....</system.web>
    >
    > <location path="default.aspx">
    > <system.web>
    > <authorization>
    > <allow users="*" />
    > </authorization>
    > </system.web>
    > </location>
    >
    > <location path="admin.aspx">
    > <system.web>
    > <authorization>
    > <allow roles="Admin" />
    > <deny users="*" />
    > </authorization>
    > </system.web>
    > </location>
    >
    > </configuration>
    >
    > -Brock
    > DevelopMentor
    > http://staff.develop.com/ballen
    >
    >
    >
    > > Hi,
    > >
    > > I might have missed this perhaps, but here's my query:
    > >
    > > I am presently designing a site that is for public use in general.
    > > However, several forms (pages) I need authentication from members.
    > >
    > > For example: default.aspx is allowed for everyone, but members.aspx
    > > isn't (and so are various pages)
    > >
    > > So when public users try to access the members.aspx site, they will
    > > need to log in. (typically on login.aspx)
    > >
    > > If I use Forms-authentication, normally ALL requested pages will be
    > > re-directed to the generic login.aspx page, on which the user
    > > credentials are checked. This scenario will not work for me.
    > >
    > > My main question is therefore, while using forms-authentication, can I
    > > setup my default.aspx in such a way that it will NOT redirect to
    > > login.aspx when a public user requests it? Would there be a property
    > > or such that I can set, for example, so that requests to default.aspx
    > > will sort of bypass the form-authentication mechanism.
    > >
    > > Alternatively, I could check user credentials in every page.load-event
    > > in a some kind of custom-security way, and deal with redirection to
    > > login.aspx from there, but i guess I need to be sure whether nothing
    > > already exists that deals with this while using forms-authentication.
    > >
    > > Appreciate any feedback, tips, and comments etc...
    > >

    >
    >
    >
    >
    Rich, Mar 16, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,388
    Tommy
    Feb 13, 2004
  2. =?Utf-8?B?UmV6YQ==?=
    Replies:
    1
    Views:
    301
    Raterus
    Feb 19, 2004
  3. Gustavo

    Windows forms controls in WebForms

    Gustavo, Jan 16, 2007, in forum: ASP .Net
    Replies:
    1
    Views:
    427
    Alvin Bruney [MVP]
    Jan 17, 2007
  4. Eric
    Replies:
    2
    Views:
    462
  5. Fabiano

    HTML Forms 2 WebForms

    Fabiano, Apr 27, 2004, in forum: ASP .Net Web Controls
    Replies:
    1
    Views:
    90
    Victor Garcia Aprea [MVP]
    Apr 28, 2004
Loading...

Share This Page