TunaAdmiral
MIS
Hi!
I'm new to ASP.NET. So far, I haven't had much difficulty grasping the concepts.
I have found several tutorials on the web (and in some reference books) about authenticating users to restrict access to directories beneath the root directory of a web application. Basically, the authentication parameters are coded into a web.config file in the root directory of a web application. Specific permissions for a sub-directory are coded in either a <local> element of the root directory's web.config file, or in a separate web.config file located in the sub-directory. Seems simple enough. The black and blue marks on my forehead tell a different tale.
In my web application, I can't get this to work. I setup authentication in the root directory's web.config file as follows:
<authentication mode="Forms">
<forms name="formsauth" loginUrl="../login.aspx"
protection="Validation" timeout="60">
<credentials>
<user name="guest" password="7073A1F684ADD4174F90B3516348D0D2CADF2600"/>
</credentials>
</forms>
</authentication>
Login.aspx is the login page. I'm confident that the authentication is working, because I don't receive an error on the login page when I enter the correct user name and password. When I enter an incorrect user name or password, I am rewarded with a message telling me so. Sounds right, yes?
Now, in the subdirectory's web.config file, I have entered the following authorization parameters:
<authorization>
<allow users="guest" />
<deny users="?" />
</authorization>
This is working, but it's working far too well. the "<deny users="?" />" parameter is supposed to prevent any users that are not authenticated from entering the subdirectory. Great. Unfortunately, I cannot enter this subdirectory even after I have authenticated as user "guest". I keep getting kicked back to the login page. For s***s and giggles, I tried entering the authorization information in a <location> element in the root web.config file. This worked exactly the same way.
Per most of the tutorials, I used the following vb.net code for the login page (login.aspx.vb):
Sub cbOK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cbOK.Click
If (FormsAuthentication.Authenticate(tbUserName.Text, tbPassword.Text)) Then
FormsAuthentication.RedirectFromLoginPage(tbUserName.Text, True)
Else
lbIncorrect.Visible = True
End If
End Sub
What am I missing here? I am authenticating successfully. The authorization parameters appear to be working. It's as though the proof of authentication isn't making it to the subdirectory level. What am I doing wrong?
Any help would be appreciated.
Thanks!
- Mikeymac
I'm new to ASP.NET. So far, I haven't had much difficulty grasping the concepts.
I have found several tutorials on the web (and in some reference books) about authenticating users to restrict access to directories beneath the root directory of a web application. Basically, the authentication parameters are coded into a web.config file in the root directory of a web application. Specific permissions for a sub-directory are coded in either a <local> element of the root directory's web.config file, or in a separate web.config file located in the sub-directory. Seems simple enough. The black and blue marks on my forehead tell a different tale.
In my web application, I can't get this to work. I setup authentication in the root directory's web.config file as follows:
<authentication mode="Forms">
<forms name="formsauth" loginUrl="../login.aspx"
protection="Validation" timeout="60">
<credentials>
<user name="guest" password="7073A1F684ADD4174F90B3516348D0D2CADF2600"/>
</credentials>
</forms>
</authentication>
Login.aspx is the login page. I'm confident that the authentication is working, because I don't receive an error on the login page when I enter the correct user name and password. When I enter an incorrect user name or password, I am rewarded with a message telling me so. Sounds right, yes?
Now, in the subdirectory's web.config file, I have entered the following authorization parameters:
<authorization>
<allow users="guest" />
<deny users="?" />
</authorization>
This is working, but it's working far too well. the "<deny users="?" />" parameter is supposed to prevent any users that are not authenticated from entering the subdirectory. Great. Unfortunately, I cannot enter this subdirectory even after I have authenticated as user "guest". I keep getting kicked back to the login page. For s***s and giggles, I tried entering the authorization information in a <location> element in the root web.config file. This worked exactly the same way.
Per most of the tutorials, I used the following vb.net code for the login page (login.aspx.vb):
Sub cbOK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cbOK.Click
If (FormsAuthentication.Authenticate(tbUserName.Text, tbPassword.Text)) Then
FormsAuthentication.RedirectFromLoginPage(tbUserName.Text, True)
Else
lbIncorrect.Visible = True
End If
End Sub
What am I missing here? I am authenticating successfully. The authorization parameters appear to be working. It's as though the proof of authentication isn't making it to the subdirectory level. What am I doing wrong?
Any help would be appreciated.
Thanks!
- Mikeymac
