web.config and authentication problem.

Discussion in 'ASP .Net Security' started by Shailesh, Jun 10, 2004.

  1. Shailesh

    Shailesh Guest

    Hello there!

    I have developed a .net web application. In this I am having some .aspx files and one web.config file. All the files are in same folder. In my web.config file I set authentication mode as 'Forms'. I also have login.aspx fine in my app. Now when I try to access any page directely (without enter UID/PWD) I am not redirected to login.aspx. Below is my web.config code

    <authentication mode="Forms">
    <forms name="testApp" path="/" loginUrl="login.aspx" protection="All" timeout="30">
    <credentials passwordFormat="Clear">
    <user name="user1" password="pwd1" />
    <user name="user2" password="pwd2" />
    <user name="user3" password="pwd3 />
    </credentials>
    </forms>
    </authentication>

    <authorization>
    <allow users="user1,user2" />
    <deny users="user2" />
    </authorization>

    Withour entering my UID/PWD in my login.aspx file I can access any pages, I am not getting how is it happening? Can any body help me.

    Thanking you.
    Shail
     
    Shailesh, Jun 10, 2004
    #1
    1. Advertising

  2. Shailesh

    ranganh Guest

    Dear Shailesh,

    you have to give the attribute

    <deny users="?" />

    currently you have denied only user2. that means, you are denying only him.

    deny users="?" will deny all unauthenticated users.

    hope it helps.




    "Shailesh" wrote:

    > Hello there!
    >
    > I have developed a .net web application. In this I am having some .aspx files and one web.config file. All the files are in same folder. In my web.config file I set authentication mode as 'Forms'. I also have login.aspx fine in my app. Now when I try to access any page directely (without enter UID/PWD) I am not redirected to login.aspx. Below is my web.config code
    >
    > <authentication mode="Forms">
    > <forms name="testApp" path="/" loginUrl="login.aspx" protection="All" timeout="30">
    > <credentials passwordFormat="Clear">
    > <user name="user1" password="pwd1" />
    > <user name="user2" password="pwd2" />
    > <user name="user3" password="pwd3 />
    > </credentials>
    > </forms>
    > </authentication>
    >
    > <authorization>
    > <allow users="user1,user2" />
    > <deny users="user2" />
    > </authorization>
    >
    > Withour entering my UID/PWD in my login.aspx file I can access any pages, I am not getting how is it happening? Can any body help me.
    >
    > Thanking you.
    > Shail
     
    ranganh, Jun 11, 2004
    #2
    1. Advertising

  3. Shailesh

    Shailesh Guest

    Hi, Ranganh,

    Its works absolutely fine now.

    Thanx for your reply.
    Shail.

    "ranganh" wrote:

    > Dear Shailesh,
    >
    > you have to give the attribute
    >
    > <deny users="?" />
    >
    > currently you have denied only user2. that means, you are denying only him.
    >
    > deny users="?" will deny all unauthenticated users.
    >
    > hope it helps.
    >
    >
    >
    >
    > "Shailesh" wrote:
    >
    > > Hello there!
    > >
    > > I have developed a .net web application. In this I am having some .aspx files and one web.config file. All the files are in same folder. In my web.config file I set authentication mode as 'Forms'. I also have login.aspx fine in my app. Now when I try to access any page directely (without enter UID/PWD) I am not redirected to login.aspx. Below is my web.config code
    > >
    > > <authentication mode="Forms">
    > > <forms name="testApp" path="/" loginUrl="login.aspx" protection="All" timeout="30">
    > > <credentials passwordFormat="Clear">
    > > <user name="user1" password="pwd1" />
    > > <user name="user2" password="pwd2" />
    > > <user name="user3" password="pwd3 />
    > > </credentials>
    > > </forms>
    > > </authentication>
    > >
    > > <authorization>
    > > <allow users="user1,user2" />
    > > <deny users="user2" />
    > > </authorization>
    > >
    > > Withour entering my UID/PWD in my login.aspx file I can access any pages, I am not getting how is it happening? Can any body help me.
    > >
    > > Thanking you.
    > > Shail
     
    Shailesh, Jun 11, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Benny Ng
    Replies:
    9
    Views:
    10,244
    Benny Ng
    Oct 13, 2005
  2. ABC
    Replies:
    1
    Views:
    820
    Richard Dudley
    Oct 24, 2005
  3. CSharpner
    Replies:
    0
    Views:
    1,141
    CSharpner
    Apr 9, 2007
  4. Shailesh

    web.config and authentication problem.

    Shailesh, Jun 10, 2004, in forum: ASP .Net Security
    Replies:
    0
    Views:
    121
    Shailesh
    Jun 10, 2004
  5. ABC
    Replies:
    1
    Views:
    387
    Patrick.O.Ige
    Oct 31, 2005
Loading...

Share This Page