Security (Urgent!!!)

[Vinod]

Hi,

I am developing a aspx login screen based on the roles (Admin,User). If
the role is Admin he needs to acess a
particular folder in the system.

If the role is User he needs to access another folder in the system.

How can i accomplish it.
Currently i am using this code but its not working fine

<location path="alfa/admin">
<system.web>
<authorization>
<allow roles ="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>

<location path="engine">
<system.web>
<authorization>
<allow roles ="Users"/>
<deny users="*" />
</authorization>
</system.web>
</location>

In the login screen if i enter a valid login also it is not redirecting
it to a page in the admin folder . It attaches the redirection url and
stays in the same page.

Any Help will be very grateful


Regards
Vinod

 

[Dominick Baier [DevelopMentor]]

Hello Vinod,

what do you use to redirect back?

 

[Vinod]

I user response.redirect and it doesnot redirect to the location instead it
adds the path as a query string to the url

regards
vinod

 

[Dominick Baier [DevelopMentor]]

Hello Vinod,

like this :

Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false));

??

i have a full working example on my blog - maybe this clarifies things
http://www.leastprivilege.com/content/binary/FormsAuthBestPractice.zip

 

[Vinod]

I am just using Reponse.Redirect.

My code is working fine locally , but when i upload to the server it doesnot
work

regards
vinod

 

[Dominick Baier [DevelopMentor]]

Hello Vinod,

try using

Response.Redirect("~/default.aspx");

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

I am just using Reponse.Redirect.

My code is working fine locally , but when i upload to the server it
doesnot work

regards
vinod
"Dominick Baier [DevelopMentor]"

Hello Vinod,

like this :

Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text
,
false));

??

i have a full working example on my blog - maybe this clarifies
things
http://www.leastprivilege.com/content/binary/FormsAuthBestPractice.zi
p

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

I user response.redirect and it doesnot redirect to the location
instead it adds the path as a query string to the url

regards
vinod
"Dominick Baier [DevelopMentor]"
Hello Vinod,

what do you use to redirect back?

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
Hi,

I am developing a aspx login screen based on the roles
(Admin,User). If
the role is Admin he needs to acess a
particular folder in the system.
If the role is User he needs to access another folder in the
system.
How can i accomplish it.
Currently i am using this code but its not working fine
<location path="alfa/admin">
<system.web>
<authorization>
<allow roles ="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="engine">
<system.web>
<authorization>
<allow roles ="Users"/>
<deny users="*" />
</authorization>
</system.web>
</location>
In the login screen if i enter a valid login also it is not
redirecting it to a page in the admin folder . It attaches the
redirection url and stays in the same page.
Any Help will be very grateful
Regards
Vinod