Forms Auth/Membership & Roles Providers/Secured Directory

Discussion in 'ASP .Net Security' started by Drew, May 5, 2009.

  1. Drew

    Drew Guest

    When using Forms Auth in conjunction with Membership and Roles provider, we
    have limited a directory to only users with the role Administrators using the
    following web.config:
    <location path="administration">
    <system.web>
    <authorization>
    <deny users="?"/>
    <allow roles="Administrator"/>
    <deny users="*" />
    </authorization>
    </system.web>
    </location
    When a standard already authenticated user tries navigate into that
    directory, they are redirected to the login page. Can they be sent to a main
    page instead? We have specified the defaultUrl in the forms auth tag with:
    defaultUrl="~/Home.aspx" but the users are not being sent there. Am i doing
    something wrong?
     
    Drew, May 5, 2009
    #1
    1. Advertisements

  2. It seems that you don't need to add <deny users="?"/> when only
    Administrator role is allowed. Did you try to add in the system.web
    section (below location element)

    <authentication mode="Forms">
    <forms name="adminform" defaultUrl="default.aspx" loginUrl="/
    home.aspx" path="/"/>
    </authentication>

    http://msdn.microsoft.com/en-us/library/aa302435.aspx#c19618429_011
     
    Alexey Smirnov, May 6, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.