Forms Authorization

Discussion in 'ASP .Net Security' started by Alex Dinu, Oct 3, 2003.

  1. Alex Dinu

    Alex Dinu Guest

    I'm setting up my authorization in web.config to reject
    everybody and allow users with a specific role to a folder.

    When a user that does not have the role somehow ends up
    requesting a page in the restricted folder, I get the
    login page, which is what I expect.

    When they log in again, it actually redirects the user to
    view the page which the user was just rejected from
    viewing?

    Assuming that it's not a caching issue, my thinking is
    that the role is still not given to the user the second
    time they log on, so they should be re-directed to the
    login page again.

    I'm keeping the principal data in a cookie which is
    written to the ticket in the logon and in
    Application_AuthenticationRequest method in Global.asax to
    make sure the cookie timeout is refreshed on all
    navigations.

    Alex
     
    Alex Dinu, Oct 3, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Amil
    Replies:
    4
    Views:
    518
  2. gilly3
    Replies:
    1
    Views:
    843
    Erik Funkenbusch
    Mar 26, 2006
  3. Alper Özgür
    Replies:
    0
    Views:
    476
    Alper Özgür
    May 15, 2006
  4. Eric
    Replies:
    2
    Views:
    579
  5. SeanRW
    Replies:
    1
    Views:
    371
    Dominick Baier [DevelopMentor]
    May 25, 2006
Loading...

Share This Page