0

I have a site where I have a admin.aspx page.

Once the user has logged into the Admin.aspx page successfully, they will then be redirected to the Report.aspx page. Note that the Report.aspx page cannot be accessed without first successfully logging into Admin.aspx page.

Keep in mind that there are other pages like index.aspx, etc which any user can view without logging in. I just need the authentication for JUST the Report.aspx page.

I have the following code but does not seem to work as it says problem with virtual directory. Am I doing something fundamentally wrong?

  <location path="Report.aspx">
    <system.web>
        <authentication mode="Forms">
            <forms loginUrl="Login.aspx" >
                <credentials passwordFormat="Clear">
                    <user name="John" password="pass@432"/>
                </credentials>
            </forms>
        </authentication>
        <authorization>
            <deny users="*" />
        </authorization>
    </system.web>
</location>
Nate Pet
  • 44,246
  • 124
  • 269
  • 414
  • defaultUrl not dafaultUrl :D http://weblogs.asp.net/farazshahkhan/archive/2009/04/22/authentication-using-web-config-credentials.aspx – Stavros Zotalis Apr 08 '13 at 15:15

3 Answers3

1

To redirect the user after a successful login, use the DestinationPageUrl property.

<%@ Page Language="C#" autoEventWireup="false" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
        void PageLoad(Object sender, EventArgs e)
        {
            Login1.DestinationPageUrl = 
                String.Format("terms.aspx?{0}", Request.QueryString.ToString());
        }
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
        <form id="form1" runat="server">
            <asp:Login id="Login1" runat="server" 
                DestinationPageUrl="terms.aspx">
            </asp:Login>
        </form>
    </body>
</html>
Tarzan
  • 4,270
  • 8
  • 50
  • 70
  • Thanks but does my webconfig file need to be modified. I need it to authenticate only if going to Admin.aspx page – Nate Pet Apr 08 '13 at 15:10
  • Try changing the defaultUrl="Report.aspx" in the webconfig. – Tarzan Apr 08 '13 at 15:23
  • Thanks but I need to specify the Location or else it would do it for all the .aspx pages – Nate Pet Apr 08 '13 at 15:38
  • Then do not do it via the webconfig. You can use the code sample I posted initially that uses the DestinationPageUrl. – Tarzan Apr 08 '13 at 15:48
  • Another option is to put this code in the Admin page's code behind: private void Page_Load(object sender, EventArgs e) { if (!Request.IsAuthenticated) { Response.Redirect("Login.aspx"); } } – Tarzan Apr 08 '13 at 15:53
1

In web.config file:

<location path="Default.aspx">
    <system.web>
        <authorization>
            <allow roles="Administrator, User, AdditionalUser" />
        </authorization>
    </system.web>
</location>

ASP.NET Forms Auth Allowing access to specific file in subdirectory when all others should be denied

http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx

Community
  • 1
  • 1
adt
  • 4,320
  • 5
  • 35
  • 54
1

First it seems you are not allowing your user John. You also might want to try pulling the authentication section of out of the locaiton specific parts of the config file:

<configuration>
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="Login.aspx" defaultUrl="Report.aspx">
        <credentials passwordFormat="Clear">
          <user name="John" password="pass@432"/>
        </credentials>
      </forms>
    </authentication>
  </system.web>

  <location path="Report.aspx">
    <system.web>
      <authorization>
        <allow users="John"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>
Chris Curtis
  • 1,478
  • 1
  • 10
  • 21
  • Hi Chris, thanks for your response. When I login to Login.aspx with the username, pwd, it does direct me to Report.aspx but I get the following error An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL. – Nate Pet Apr 09 '13 at 19:11
  • Sorry Nate, forgot the `mode="Forms"` bit on the authentication. I have updated the post – Chris Curtis Apr 09 '13 at 19:43
  • Also, since you are not registering a MembershipProvider (and thus the default SqlMemberhipProvider would be assumed), you'll want to use the obsolete `FormsAuthentication.Authenticate(username,password)` method on your login page. – Chris Curtis Apr 09 '13 at 19:53