I have a login page which authenticates users against an sql database. If successful login, it redirects users to a subfolder called secure.
I have the following in a web.config file in the root folder. My login.aspx is also located in the root folder
I also have another web.config file in the subfolder called secure.
My problem is, because the secured area has denied all users, after successful login, it redirects me back to login back and not to the secured area. What do i need to add in the web.config files to deny all anonymous users to the secured area, but allow successful logins from the login.aspx page
I have the following in a web.config file in the root folder. My login.aspx is also located in the root folder
Code:
<configuration>
<system.web>
<globalization
fileEncoding="utf-8"
requestEncoding="utf-8"
responseEncoding="utf-8"
culture="en-GB"
uiCulture="en-GB"
/>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms name=".LoginForm"
loginUrl="login.aspx"
defaultUrl="secure/default.aspx"
protection="All"
timeout="30"
path="/"
/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</configuration>I also have another web.config file in the subfolder called secure.
Code:
<configuration>
<system.web>
<globalization
fileEncoding="utf-8"
requestEncoding="utf-8"
responseEncoding="utf-8"
culture="en-GB"
uiCulture="en-GB"
/>
<customErrors mode="Off"/>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</configuration>My problem is, because the secured area has denied all users, after successful login, it redirects me back to login back and not to the secured area. What do i need to add in the web.config files to deny all anonymous users to the secured area, but allow successful logins from the login.aspx page