C
Chris
Hi,
I have a site with an admin folder that is protected with forms
authentication. I just want 1 admin user to be able to access it but to
use my own user authentication for the rest of the site.
I did have it working using an asp.net 2.0 login control and the
credential specified in the web.config but after going back to working
on the admin parts, it has suddenly started refusing the login.
I set the admin user's password to the result of
FormsAuthentication.HashPasswordForStoringInConfigFile("password","sha1")
and this did work before.
I haven't done anything special with the login control.
I'm sure it's something simple but I can't see why the login fails or
what I did to break it.
Is there a 'proper' way to do this that just as simple? (Without going
into memberships etc.,)
Here's my web.config:
<configuration
xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings>
<add key="MainDomain" value="http://www.crackthelottery.com"/>
</appSettings>
<snip connection strings.../>
<system.web>
<snip assembly stuff.../>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="SHA1">
<user name="admin"
password="5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"/>
</credentials>
</forms>
</authentication>
<anonymousIdentification enabled="true"/>
<profile defaultProvider="SqlProvider">
<providers>
<clear/>
<add name="SqlProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="LocalSqlServer" applicationName="CrackTheLottery"
description="SqlProfileProvider for CrackTheLottery"/>
</providers>
<properties>
<add name="UserID" allowAnonymous="true" type="System.Int32"/>
</properties>
</profile>
<httpHandlers>
<add verb="*" path="*.zip" type="FileHandler"/>
<add verb="*" path="*.exe" type="FileHandler"/>
<add verb="*" path="*.xml" type="FileHandler"/>
<add verb="*" path="*.pdf" type="FileHandler"/>
</httpHandlers>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
I can't find anything that explains this simply and can't remember
where I originally looked all this up so thanks for the help.
I have a site with an admin folder that is protected with forms
authentication. I just want 1 admin user to be able to access it but to
use my own user authentication for the rest of the site.
I did have it working using an asp.net 2.0 login control and the
credential specified in the web.config but after going back to working
on the admin parts, it has suddenly started refusing the login.
I set the admin user's password to the result of
FormsAuthentication.HashPasswordForStoringInConfigFile("password","sha1")
and this did work before.
I haven't done anything special with the login control.
I'm sure it's something simple but I can't see why the login fails or
what I did to break it.
Is there a 'proper' way to do this that just as simple? (Without going
into memberships etc.,)
Here's my web.config:
<configuration
xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings>
<add key="MainDomain" value="http://www.crackthelottery.com"/>
</appSettings>
<snip connection strings.../>
<system.web>
<snip assembly stuff.../>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx" protection="All" timeout="30">
<credentials passwordFormat="SHA1">
<user name="admin"
password="5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8"/>
</credentials>
</forms>
</authentication>
<anonymousIdentification enabled="true"/>
<profile defaultProvider="SqlProvider">
<providers>
<clear/>
<add name="SqlProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="LocalSqlServer" applicationName="CrackTheLottery"
description="SqlProfileProvider for CrackTheLottery"/>
</providers>
<properties>
<add name="UserID" allowAnonymous="true" type="System.Int32"/>
</properties>
</profile>
<httpHandlers>
<add verb="*" path="*.zip" type="FileHandler"/>
<add verb="*" path="*.exe" type="FileHandler"/>
<add verb="*" path="*.xml" type="FileHandler"/>
<add verb="*" path="*.pdf" type="FileHandler"/>
</httpHandlers>
</system.web>
<location path="Admin">
<system.web>
<authorization>
<allow users="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
I can't find anything that explains this simply and can't remember
where I originally looked all this up so thanks for the help.