url rewriting and authentication

Discussion in 'ASP .Net Security' started by Ashish, Apr 14, 2008.

  1. Ashish

    Ashish Guest

    Hello All,



    We have an application in which we are planning to have a virtual url
    system which is completely driven by configuration files. to accomplish
    this we need to receive all urls at the same directory path, and then
    according to url rules write them out to different pages which might be
    in different folders.



    The problem is that some of these folders might be restricted by forms
    authentication, so we need to somehow need to fire formsauthentication
    after the real url is known, and then redirect to login url with the
    virtual url.

    The current url rewriting is done by an httpmodule by trapping the
    ResolveRequestCache event ( we were using the authorize event, but we
    realized that caching was not working with it)



    in this scenario is it possible to use the forms authentication module
    ?, or is there any other valid workaround.

    any help or opinion would be appreciated.
    Ashish, Apr 14, 2008
    #1
    1. Advertising

  2. You can manually call

    UrlAuthorizationModule.CheckUrlAccessForPrincipal

    and do a redirect to your login pages based on the outcome.

    -----
    Dominick Baier (http://www.leastprivilege.com)

    Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

    > Hello All,
    >
    > We have an application in which we are planning to have a virtual url
    > system which is completely driven by configuration files. to
    > accomplish this we need to receive all urls at the same directory
    > path, and then according to url rules write them out to different
    > pages which might be in different folders.
    >
    > The problem is that some of these folders might be restricted by forms
    > authentication, so we need to somehow need to fire formsauthentication
    > after the real url is known, and then redirect to login url with the
    > virtual url.
    >
    > The current url rewriting is done by an httpmodule by trapping the
    > ResolveRequestCache event ( we were using the authorize event, but we
    > realized that caching was not working with it)
    >
    > in this scenario is it possible to use the forms authentication module
    > ?, or is there any other valid workaround.
    >
    > any help or opinion would be appreciated.
    >
    Dominick Baier, Apr 18, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thedotnetteer
    Replies:
    2
    Views:
    780
    Thedotnetteer
    Nov 27, 2003
  2. Lee
    Replies:
    0
    Views:
    3,697
  3. Gaurav  Agarwal
    Replies:
    2
    Views:
    717
    Gaurav Agarwal
    Jan 31, 2005
  4. =?Utf-8?B?cmFwaWRkYXRh?=

    url rewriting with no extension in url

    =?Utf-8?B?cmFwaWRkYXRh?=, Nov 1, 2006, in forum: ASP .Net
    Replies:
    8
    Views:
    400
    Flinky Wisty Pomm
    Nov 2, 2006
  5. Ashish

    url rewriting and authentication

    Ashish, Apr 14, 2008, in forum: ASP .Net
    Replies:
    0
    Views:
    370
    Ashish
    Apr 14, 2008
Loading...

Share This Page