R
rodrigo
Who handles the authentication?
I configured IIS to handle security for .doc files as an application.
When I try to access a file through HTTP, I am able to successfully
get the login page.
When I try to access a file first time:
Web.config redirects to the following URL:
http://localhost/DOCS/Login.aspx?ReturnUrl=file1.doc
After I fill in the password and get authenticated I am redirected to
a opendoc.aspx page which process the binary doc file and a file
download screen asks to save as.
Now here comes the problem.
After I am authenticated whenever I browse other doc files, no screen
to save as shows up. It just opens them up right away in the browser.
Example:
http://www.mypage.com/file1.doc
http://www.mypage.com/file2.doc
http://www.mypage.com/file3.doc
<configuration>
<location>
<system.web>
<compilation debug="true"/>
<authentication mode="Forms">
<forms name=".AUTH1" loginUrl="Login.aspx" protection="All"
timeout="1"></forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
<%@ Page Language="c#" %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SqlClient" %>
<%@ import Namespace="System.Web.Security " %>
<script runat="server">
private void Page_Load(Object sender, EventArgs e )
{
cmdLogin_ServerClick();
}
private bool ValidateUser(string uid, string passwd)
{
SqlConnection conn;
SqlCommand cmd;
SqlDataReader dr;
conn = new SqlConnection("my conn string");
cmd = new SqlCommand("Select * from Sn_RegisteredUsers where
FirstName='" + uid + "'",conn);
conn.Open();
dr = cmd.ExecuteReader();
while (dr.Read())
{
if (string.Compare(dr["Pwd"].ToString(),passwd,false)==0)
{
conn.Close();
return true;
}
}
conn.Close();
return false;
}
private void cmdLogin_ServerClick()
{
if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
{
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;
tkt = new FormsAuthenticationTicket(1, txtUserName.Value,
DateTime.Now, DateTime.Now.AddMinutes(1), chkPersistCookie.Checked,
"your custom data");
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
if (chkPersistCookie.Checked)
ck.Expires=tkt.Expiration;
Response.Cookies.Add(ck);
string strRedirect;
strRedirect = "opendoc.aspx?ReturnUrl="+Request["ReturnUrl"];
if (strRedirect==null)
strRedirect = "securitymessage.aspx";
Response.Redirect(strRedirect, true);
}
else
//Response.Write(Request["ReturnUrl"]);
// In this condition, when the I am authenticated, the web.config is
handling it but it seems to be letting it go without calling
login.aspx during the cookie session duration. I need a way to check
authentication here but I don't have control since asp.NET is handling
it.
}
thanks
Rod
I configured IIS to handle security for .doc files as an application.
When I try to access a file through HTTP, I am able to successfully
get the login page.
When I try to access a file first time:
Web.config redirects to the following URL:
http://localhost/DOCS/Login.aspx?ReturnUrl=file1.doc
After I fill in the password and get authenticated I am redirected to
a opendoc.aspx page which process the binary doc file and a file
download screen asks to save as.
Now here comes the problem.
After I am authenticated whenever I browse other doc files, no screen
to save as shows up. It just opens them up right away in the browser.
Example:
http://www.mypage.com/file1.doc
http://www.mypage.com/file2.doc
http://www.mypage.com/file3.doc
<configuration>
<location>
<system.web>
<compilation debug="true"/>
<authentication mode="Forms">
<forms name=".AUTH1" loginUrl="Login.aspx" protection="All"
timeout="1"></forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
<%@ Page Language="c#" %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SqlClient" %>
<%@ import Namespace="System.Web.Security " %>
<script runat="server">
private void Page_Load(Object sender, EventArgs e )
{
cmdLogin_ServerClick();
}
private bool ValidateUser(string uid, string passwd)
{
SqlConnection conn;
SqlCommand cmd;
SqlDataReader dr;
conn = new SqlConnection("my conn string");
cmd = new SqlCommand("Select * from Sn_RegisteredUsers where
FirstName='" + uid + "'",conn);
conn.Open();
dr = cmd.ExecuteReader();
while (dr.Read())
{
if (string.Compare(dr["Pwd"].ToString(),passwd,false)==0)
{
conn.Close();
return true;
}
}
conn.Close();
return false;
}
private void cmdLogin_ServerClick()
{
if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
{
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;
tkt = new FormsAuthenticationTicket(1, txtUserName.Value,
DateTime.Now, DateTime.Now.AddMinutes(1), chkPersistCookie.Checked,
"your custom data");
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
if (chkPersistCookie.Checked)
ck.Expires=tkt.Expiration;
Response.Cookies.Add(ck);
string strRedirect;
strRedirect = "opendoc.aspx?ReturnUrl="+Request["ReturnUrl"];
if (strRedirect==null)
strRedirect = "securitymessage.aspx";
Response.Redirect(strRedirect, true);
}
else
//Response.Write(Request["ReturnUrl"]);
// In this condition, when the I am authenticated, the web.config is
handling it but it seems to be letting it go without calling
login.aspx during the cookie session duration. I need a way to check
authentication here but I don't have control since asp.NET is handling
it.
}
thanks
Rod