F
fredda054
Hi everybody !
I'm working on a asp.net app and have been doing fine until I now try
to secure it using Forms authentication. I'm still pretty new to .net
and very new to "forms authentication" but I understand it's a pretty
neat thing !
Here's my problem:
In my solution I have a main project Called "GUILayer". Here I have all
the "public" pages.
In this project I have a subfolder called "admin" which contains all
admin pages that I want to secure. In this folder I have the loginpage,
(login.aspx).
What I want to do is to have all the pages in this folder protected and
if someone tries to access any pages without login in, they should be
directed to login.aspx. Upon sucessfull login the user should be
redirected to index.aspx, in the admin-folder.
What happens now is, the pages in the admin folder are protected, that
part is working. I'm always redirected to the login-page when I try to
access some of the protected pages. But upon sucessfull login, I get
redirected to "default.aspx", which is the start-page of the root
folder, (ie. GUILayer/default.aspx).
I want to be redirected to GUILayer/admin/index.aspx instead.
I'm not really sure what happens 'backstage' here...
I'm sure I'm missing something obvious here, and normally I solve
problems just reading a few tutorials and get a better understanding of
the problem. The thing now is that I just don't have the time for it.
So I'm putting it side for a day or two, and hope you can give me some
advise ! I've always managed to solve my problems through this group
before and I'm sure I'll do it again !
The code is below...
Thanks alot everybody !
Fredrik Holm
here's the code for the login page:
---------------------------------------------
....
....
Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogin.Click
Dim objContactBL As New ContactBL
Dim objContact As New Contact
objContact.Username = txtUsername.Text
objContact.Password = txtPassword.Text
If objContactBL.verifyLogin(objContact) = True Then
Session("ContactID") = CStr(objContact.ContactID)
Session("FirstName") = CStr(objContact.ContactFName)
Session("UserName") = CStr(objContact.Username)
FormsAuthentication.RedirectFromLoginPage(Session("UserName"), False)
Else
lblMessage.Visible = True
lblMessage.Text = "Login failed ! Please try again"
txtUsername.Text = ""
txtPassword.Text = ""
End If
End Sub
-----------------------------------------------------------
and here's the web.config file. I think I must change something here
???
------------------------------------------------------------
......
......
<authentication mode="Forms">
<forms name="admin" loginUrl="admin/login.aspx" protection="All"
timeout="30" path="admin/" />
</authentication>
....
....
<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>
....
....
<location path="admin"> <!--path can be a direcory or a specificated
page such as "XXX.aspx"-->
<system.web>
<authorization>
<deny users="?" /> <!--?=anonymous: deny all users we don't know-->
</authorization>
</system.web>
</location>
I'm working on a asp.net app and have been doing fine until I now try
to secure it using Forms authentication. I'm still pretty new to .net
and very new to "forms authentication" but I understand it's a pretty
neat thing !
Here's my problem:
In my solution I have a main project Called "GUILayer". Here I have all
the "public" pages.
In this project I have a subfolder called "admin" which contains all
admin pages that I want to secure. In this folder I have the loginpage,
(login.aspx).
What I want to do is to have all the pages in this folder protected and
if someone tries to access any pages without login in, they should be
directed to login.aspx. Upon sucessfull login the user should be
redirected to index.aspx, in the admin-folder.
What happens now is, the pages in the admin folder are protected, that
part is working. I'm always redirected to the login-page when I try to
access some of the protected pages. But upon sucessfull login, I get
redirected to "default.aspx", which is the start-page of the root
folder, (ie. GUILayer/default.aspx).
I want to be redirected to GUILayer/admin/index.aspx instead.
I'm not really sure what happens 'backstage' here...
I'm sure I'm missing something obvious here, and normally I solve
problems just reading a few tutorials and get a better understanding of
the problem. The thing now is that I just don't have the time for it.
So I'm putting it side for a day or two, and hope you can give me some
advise ! I've always managed to solve my problems through this group
before and I'm sure I'll do it again !
The code is below...
Thanks alot everybody !
Fredrik Holm
here's the code for the login page:
---------------------------------------------
....
....
Private Sub btnLogin_Click(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles btnLogin.Click
Dim objContactBL As New ContactBL
Dim objContact As New Contact
objContact.Username = txtUsername.Text
objContact.Password = txtPassword.Text
If objContactBL.verifyLogin(objContact) = True Then
Session("ContactID") = CStr(objContact.ContactID)
Session("FirstName") = CStr(objContact.ContactFName)
Session("UserName") = CStr(objContact.Username)
FormsAuthentication.RedirectFromLoginPage(Session("UserName"), False)
Else
lblMessage.Visible = True
lblMessage.Text = "Login failed ! Please try again"
txtUsername.Text = ""
txtPassword.Text = ""
End If
End Sub
-----------------------------------------------------------
and here's the web.config file. I think I must change something here
???
------------------------------------------------------------
......
......
<authentication mode="Forms">
<forms name="admin" loginUrl="admin/login.aspx" protection="All"
timeout="30" path="admin/" />
</authentication>
....
....
<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>
....
....
<location path="admin"> <!--path can be a direcory or a specificated
page such as "XXX.aspx"-->
<system.web>
<authorization>
<deny users="?" /> <!--?=anonymous: deny all users we don't know-->
</authorization>
</system.web>
</location>