question about login and roles

[Ben]

Hi,


I defined roles in order to deny access for some pages to anonymous users.
I tested it by typing the url of a denied page to test the system
(http://denypage.aspx).

It works (access denied), and i'm automatically redirected to the login.aspx
file that is defined in the root of the application.

Now i wonder how asp.net knows where the file containing the login control
is. I tried this:
- changing the location of file login.aspx (putting it into a subdir)
- changing the name of login.aspx to login2.aspx

In both cases, when trying to access a denied file, i get the error:"The
resource cannot be found: /app_name/login.aspx .

May i conclude that file "login.aspx" always MUST be in the root of the
application and that its name MUST be 'login.aspx'?

Thanks

 

[Peter Bradley]

I take you you're using Forms Authentication. In which case, you will have
something like this in your Web.config file:

<authentication mode="Forms">
<forms loginUrl="Login.aspx" name="adAuthCookie" timeout="10" path="/">
</forms>
</authentication>

It is the name in the <forms> element LoginUrl attribute that determines
where the user is redirected (if I understand correctly).

HTH


Peter

 

[Dominick Baier]

yep "~/login.aspx" is the default value...

 

[Ben]

Hi, thanks for replying.
All i have about authentification in web.config is:

<authentication mode="Forms"/>
Maybe are in that case (when nothing is specified) the default values for
the location the root and for the name of the file 'login.aspx'?

 

[Ben]

thanks

yep "~/login.aspx" is the default value...


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)