asp.net forms authentication override based on individual pages.

[Nalaka]

Hi,
I have a asp.net application with forms authentication enabled.
Users create private (database driven) messages (pages; like a message
board) that is only viewed by logged in users.

Now I need to give the users the ability to publish these messages to the
public (if they decide the content is public safe).

Question is... is there a method to override forms authentication?
For an example; some thing like a method... where I look at the URL and
retrun true or false... so forms authentication is ignored based on this
method return value....


Basically to programatically ignore forms authentication for that request
only.

Any direction is deply appreciated
Thanks
Nalaka

 

[Cowboy \(Gregory A. Beamer\)]

There are two ways to solve this problem.

1. Have a second page for public access to messages that filters for
messages where IsPublic=true.
2. Write your own authentication bits for the "display message" page that
alters the query based on whether the user is logged in or not.

 

[Nalaka]

Hi,
The feature I like in "forms authentication" is that, it first sent to login
page, and be auto forwarded to the requested page after login.

And I noticed that this is acoomplished through a URL modification when
calling login page.
like ....
http://www.my.com/login.aspx?ReturnUrl=/protectedPages%2protectedPage.aspx

I will try to simulate this URL thing... and to a manual redirect to the
login page with the requested URL.
Hope this calling login page manually will auto redirect after login to the
"original requested URL".

Question is... if this works... are there any issues that I have to worry
about?

Thanks
Nalaka

 

[Walter Wang [MSFT]]

Hi Nalaka,

Do you mean to use FormsAuthentication.RedirectFromLoginPage to redirect to
the page if the user is anonymous but the page is a public one? Please note
this method is used to redirect an authenticated user back to the
originally requested URL. I don't think it's a good idea to redirect for
anonymous user.

Personally I think Gregory's first suggestion is better and simpler to
implement.


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Nalaka]

Hi Walter,
I have a page that should be authenticated under certain request parameters.
So, in the load method of this page, I check to see if the page needs
authentication or annonumous.

In the load method, if authentication is needed, and not a already
authenticated, I redirect the user to the login page.
(In the redirect URL I also pass in parameters like
"ReturnUrl=%2fNotProtectedFolder%2fDefault.aspx")

Then after legitimated login using loginPage.... asp.net sends the user back
to the originally requested URL (that was in the parameters).
Seem to work fine... when I tested.


This is not a protected folder... all I want is to go through loginPage...
only if (based on request parameters) the user needs to be
authenticated.....

Nalaka

 

[Walter Wang [MSFT]]

Hi Nalaka,

Thanks for the detailed explanation. If the folder where the page is
located not protected, then I think this approach should work.

Thank you again for sharing your experience here.


Regards,
Walter Wang ([email protected], remove 'online.')
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.