0

WEB.CONFIG FIlE

<?xml version="1.0"?>
<configuration>
    <appSettings/>
    <connectionStrings/>
    <system.web>
      <authentication mode ="Forms">
        <forms loginUrl="FrmLogin.aspx" protection="All" >
          <credentials passwordFormat="Clear">
            <user name="sonia" password="citm123"/>
            <user name="soni"  password="citm123" />
            <user name="muru" password="citm1234"/>
          </credentials>
        </forms>
      </authentication>
      <authorization>
       <allow users="sonia"/>
        <allow users ="soni"/>
        <deny users="muru"/>
         </authorization>
      <compilation debug="true"/>
         </system.web>
</configuration>

FRMLOGIN.aspx

protected void btnLogin_Click(object sender, EventArgs e)
    {
        if (FormsAuthentication .Authenticate(txtUserName .Text ,txtPassword .Text ))
        {
         FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true);

          Response.Redirect("FrmWelcome.aspx?username=" + txtUserName.Text  );
        }

    }

FRMWELCOME.aspx

protected void Page_Load(object sender, EventArgs e)
    {
       
            lblUserName.Text = Request.QueryString["username"].ToString();  

               
    }

Suppose i enter sonia in username & citm123 in password. I will be redirected to FrmWelcome. Suppose now the user copies the URL of FrmWelcome & open in other window,i want that the user is navigated to FrmLogin. How to do it.Using Cookies??? Can somebody help me out!

2
Contributors
1
Reply
3
Views
7 Years
Discussion Span
Last Post by Ramesh S
0

You are only denying access to the user 'muru'. It means that users other than 'muru' can access the application anonymously.

If you want to prevent the users to access the FrmWelcom or other pages without login to the system, your web.config should be as below

<authorization>
     <allow users="sonia"/>
     <allow users="soni"/>
     <deny users="muru"/>
     <deny users="?"/>
</authorization>

The '?' in deny element prevents anonymous access to the resources.

Also the set the second argument in the statement FormsAuthentication.RedirectFromLoginPage to false.

FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);

Setting true will create a durable cookie (one that is saved across browser sessions). Therefore you need to set it as false.

Edited by Ramesh S: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.