Restrict access to Classic ASP pages in web.config

[Christiano]

Hi...

I have an hybrid ASP/ASP.NET site... And it will be like this for a
while...

I need to authenticated these ASP pages with password too. How can I
redirect it to login.aspx?

I'm using this simple authentication/authorization rule...



<system.web>

<authentication mode="Forms">

<forms name="Sinoreg_Login" loginUrl="login.aspx" timeout="20" />

</authentication >


<authorization>

<deny users="?" />

</authorization>

</system.web>

 

[bruce barker]

it will be a little tricky but not hard.

your login.aspx page should store your own ticket and use an encryption that
the asp code can decrypt and store the user name in it. in every asp page,
check for the ticket, if there decode and get the username. if the ticket is
not there redirect to the login page, passing the asp page name as the
redirect url.


-- bruce (sqlwork.com)

 

[Christiano]

bruce...

it worked...

tks a lot..
christiano

it will be a little tricky but not hard.

your login.aspx page should store your own ticket and use an encryption
that
the asp code can decrypt and store the user name in it. in every asp page,
check for the ticket, if there decode and get the username. if the ticket
is
not there redirect to the login page, passing the asp page name as the
redirect url.


-- bruce (sqlwork.com)