K
KT
I am using the login control and need to know how to setup the pages within
the site to only be accessible after logging in.
I'm have the settings below in my web.config and it works and only allows
users in Admin roles. The problem is if I type in the address
http:/localhost/test/main.aspx it still allows me to view the page without
logging in. How do I force users to login and if they navigate to a page
without logging in it sends them to the login page?
<authorization>
<allow roles="Admin" />
<!--<allow users="?" />-->
</authorization>
<roleManager enabled="true" />
<authentication mode="Forms">
<forms loginUrl="/login.aspx" />
</authentication>
<location path="login.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="main.aspx">
<system.web>
<authorization>
<allow users="Admin" />
<deny users="?" />
<deny users="*" />
</authorization>
</system.web>
</location>
Thanks in advance.
KT
the site to only be accessible after logging in.
I'm have the settings below in my web.config and it works and only allows
users in Admin roles. The problem is if I type in the address
http:/localhost/test/main.aspx it still allows me to view the page without
logging in. How do I force users to login and if they navigate to a page
without logging in it sends them to the login page?
<authorization>
<allow roles="Admin" />
<!--<allow users="?" />-->
</authorization>
<roleManager enabled="true" />
<authentication mode="Forms">
<forms loginUrl="/login.aspx" />
</authentication>
<location path="login.aspx">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="main.aspx">
<system.web>
<authorization>
<allow users="Admin" />
<deny users="?" />
<deny users="*" />
</authorization>
</system.web>
</location>
Thanks in advance.
KT