Login to admin system through login screen only

Discussion in 'ASP .Net Security' started by Colin Graham, Apr 10, 2005.

  1. Colin Graham

    Colin Graham Guest

    Hi there,

    I have an issue relating to login to my asp.net application. Basically
    i have built the standard login page which compares against the
    database and lets me into the next screen if username and password
    match a record in the database.

    Now that ive done this i realise that somone could go round this
    screen by typing a direct path to the next screen. I think i could
    avoid this by setting a cookie in the login screen and only allowing
    the next screen to open if the cookie exists with a certain value - or
    something like that.

    Can anyone please advise me to the best way of doing this as im new to
    asp.net. any examples greatly appreciated. what about session state is
    ait better to use this. Basically i want to force users to login
    through my login screen.

    CG
     
    Colin Graham, Apr 10, 2005
    #1
    1. Advertising

  2. Colin Graham

    Joseph MCAD Guest

    April 8, 2005

    Since you are using Form Authentication you can Easily force users by
    adding a line to your web.config file. Just add the <forms> element to the
    authentication element. Then specify the loginUrl="Login.aspx" attribute to
    the forms element....

    <authentication mode="Forms">
    <forms loginUrl="YourLoginPage.aspx"/>
    </authentication>

    Then deny all unauthenticated users... (This will force authentication if
    they are not authenticated already.)

    <authorization>
    <deny users="?"/> ' ? stands for unauthenticated users
    </authorization>

    Then you will have to put your login page in a subfolder and put a web
    config file in that folder specifying that unauthenticated users can access
    that folder. This will allow unauthenticated users to access your login
    page...

    ' Subfolder Register
    <authorization>
    <allow users="*"/>
    </authorization>

    You cannot specify the authenticated element in a folder, so delete it from
    the subfolder. This is all you have to do!

    Joseph MCAD



    "Colin Graham" <> wrote in message
    news:...
    > Hi there,
    >
    > I have an issue relating to login to my asp.net application. Basically
    > i have built the standard login page which compares against the
    > database and lets me into the next screen if username and password
    > match a record in the database.
    >
    > Now that ive done this i realise that somone could go round this
    > screen by typing a direct path to the next screen. I think i could
    > avoid this by setting a cookie in the login screen and only allowing
    > the next screen to open if the cookie exists with a certain value - or
    > something like that.
    >
    > Can anyone please advise me to the best way of doing this as im new to
    > asp.net. any examples greatly appreciated. what about session state is
    > ait better to use this. Basically i want to force users to login
    > through my login screen.
    >
    > CG
     
    Joseph MCAD, Apr 11, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Bevilaqua
    Replies:
    0
    Views:
    714
    John Bevilaqua
    Aug 19, 2003
  2. Replies:
    0
    Views:
    281
  3. sarah Fernandes
    Replies:
    0
    Views:
    514
    sarah Fernandes
    Nov 1, 2010
  4. Navin Mishra
    Replies:
    4
    Views:
    177
    Navin Mishra
    Aug 18, 2006
  5. Phlip
    Replies:
    1
    Views:
    291
    Eero Saynatkari
    Sep 15, 2006
Loading...

Share This Page