Login to admin system through login screen only

[Colin Graham]

Hi there,

I have an issue relating to login to my asp.net application. Basically
i have built the standard login page which compares against the
database and lets me into the next screen if username and password
match a record in the database.

Now that ive done this i realise that somone could go round this
screen by typing a direct path to the next screen. I think i could
avoid this by setting a cookie in the login screen and only allowing
the next screen to open if the cookie exists with a certain value - or
something like that.

Can anyone please advise me to the best way of doing this as im new to
asp.net. any examples greatly appreciated. what about session state is
ait better to use this. Basically i want to force users to login
through my login screen.

CG

 

[Joseph MCAD]

April 8, 2005

Since you are using Form Authentication you can Easily force users by
adding a line to your web.config file. Just add the <forms> element to the
authentication element. Then specify the loginUrl="Login.aspx" attribute to
the forms element....

<authentication mode="Forms">
<forms loginUrl="YourLoginPage.aspx"/>
</authentication>

Then deny all unauthenticated users... (This will force authentication if
they are not authenticated already.)

<authorization>
<deny users="?"/> ' ? stands for unauthenticated users
</authorization>

Then you will have to put your login page in a subfolder and put a web
config file in that folder specifying that unauthenticated users can access
that folder. This will allow unauthenticated users to access your login
page...

' Subfolder Register
<authorization>
<allow users="*"/>
</authorization>

You cannot specify the authenticated element in a folder, so delete it from
the subfolder. This is all you have to do!

Joseph MCAD