ASP.NET RSS ASP.NET RSS

Forms Authentication

Please support our ASP.NET advertiser: Intel Parallel Studio Home
Reply

Join Date: Mar 2008
Posts: 324
Reputation: sonia sardana has a little shameless behaviour in the past 
Solved Threads: 7
sonia sardana sonia sardana is offline Offline
Posting Whiz

Forms Authentication

 
0
  #1
Sep 29th, 2009
WEB.CONFIG FIlE
ASP.NET Syntax (Toggle Plain Text) 
  1. <?xml version="1.0"?>
  2. <configuration>
  3.     <appSettings/>
  4.     <connectionStrings/>
  5.     <system.web>
  6.       <authentication mode ="Forms">
  7.         <forms loginUrl="FrmLogin.aspx" protection="All" >
  8.           <credentials passwordFormat="Clear">
  9.             <user name="sonia" password="citm123"/>
  10.             <user name="soni"  password="citm123" />
  11.             <user name="muru" password="citm1234"/>
  12.           </credentials>
  13.         </forms>
  14.       </authentication>
  15.       <authorization>
  16.        <allow users="sonia"/>
  17.         <allow users ="soni"/>
  18.         <deny users="muru"/>
  19.          </authorization>
  20.       <compilation debug="true"/>
  21.          </system.web>
  22. </configuration>


FRMLOGIN.aspx
ASP.NET Syntax (Toggle Plain Text) 
  1.  protected void btnLogin_Click(object sender, EventArgs e)
  2.     {
  3.         if (FormsAuthentication .Authenticate(txtUserName .Text ,txtPassword .Text ))
  4.         {
  5.          FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true);
  6.  
  7.           Response.Redirect("FrmWelcome.aspx?username=" + txtUserName.Text  );
  8.         }
  9.  
  10.     }

FRMWELCOME.aspx
ASP.NET Syntax (Toggle Plain Text) 
  1.  protected void Page_Load(object sender, EventArgs e)
  2.     {
  3.  
  4.             lblUserName.Text = Request.QueryString["username"].ToString();  
  5.  
  6.  
  7.     }


Suppose i enter sonia in username & citm123 in password. I will be redirected to FrmWelcome. Suppose now the user copies the URL of FrmWelcome & open in other window,i want that the user is navigated to FrmLogin. How to do it.Using Cookies??? Can somebody help me out!
Reply With Quote Quick reply to this message  
Join Date: Jun 2009
Posts: 443
Reputation: Ramesh S will become famous soon enough Ramesh S will become famous soon enough 
Solved Threads: 82
Ramesh S Ramesh S is offline Offline
Posting Pro in Training

Re: Forms Authentication

 
0
  #2
Sep 30th, 2009
You are only denying access to the user 'muru'. It means that users other than 'muru' can access the application anonymously.

If you want to prevent the users to access the FrmWelcom or other pages without login to the system, your web.config should be as below
ASP.NET Syntax (Toggle Plain Text) 
  1. <authorization>
  2.      <allow users="sonia"/>
  3.      <allow users="soni"/>
  4.      <deny users="muru"/>
  5.      <deny users="?"/>
  6. </authorization>

The '?' in deny element prevents anonymous access to the resources.

Also the set the second argument in the statement FormsAuthentication.RedirectFromLoginPage to false.

ASP.NET Syntax (Toggle Plain Text) 
  1.  FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);
Setting true will create a durable cookie (one that is saved across browser sessions). Therefore you need to set it as false.
Last edited by Ramesh S; Sep 30th, 2009 at 2:17 am.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
Message:



Similar Threads
Other Threads in the ASP.NET Forum
Thread Tools Search this Thread



.net 2.0 activexcontrol advice ajax alltypeofvideos appliances application asp asp.net bc30451 beginner bottomasp.net box browser button c# cac checkbox click commonfunctions css dataaccesslayer database datagridview datagridviewcheckbox datalist development dgv dialog dropdownlist dynamically edit expose feedback fileuploader fill flash form formatdecimal formview grid gridview gudi iframe iis image javascript listbox login microsoft mono mouse mssql multistepregistration news numerical objects opera panelmasterpagebuttoncontrols parent radio redirect registration relationaldatabases reportemail rotatepage save schoolproject search security select sessionvariables silverlight smartcard smoobjects software sql-server sqlserver2005 suse textbox tracking treeview unauthorized validatedate validation vb.net video videos view virtualdirectory vista visualstudio web webapplications webdevelopemnt webprogramming webservice xsl youareanotmemberofthedebuggerusers
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC