Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help me subdue rogue, autonomous security 1

Status
Not open for further replies.
Socrates877

Socrates877

Programmer
Jul 17, 2003
34
0
0
US
I think my computer is typing code without me knowing it...Something is alive, and it isn't the usual gnomes/goblins/gremlins.

I set up forms security. In addition, my host computer setup windows security, without me even asking. Here is my file structure:

/web.config
/dblabor/default.aspx
/dblabor/user/web.config
/dblabor/user/timecard.aspx

I am restricting access to timecard.aspx. default.aspx is my login form. Here is the first web.config:
<configuration>
<system.web>
<authentication>
<forms name=&quot;DBLabor&quot; path=&quot;/dblabor/user&quot; loginUrl=&quot;/dblabor/default.aspx&quot; protection=&quot;All&quot; />
</authentication>
<customErrors mode=&quot;Off&quot; />
</system.web>
</configuration>

Here is the second web.config file:
<configuration>
<system.web>
<authorization>
<deny users=&quot;?&quot; />
</authorization>
</system.web>
</configuration>

The way I want this to work is that when a user tries to go to timecard.aspx, he gets redirected to default.aspx to login.

What actually happens is that a standard windows login dialog pops up! The only username/password that works for this windows login is my ftp username/password.

How is this possible? Moreover, how can I get this to work the way I want it to?

Thanks
 
Sort by date Sort by votes
Here we go...

In the main web.config (Root of you application) you would put

<configuration>
<system.web>
<authentication mode=&quot;Forms&quot;>
<forms name=&quot;DBLabor&quot; path=&quot;/dblabor/user&quot; loginUrl=&quot;/dblabor/default.aspx&quot; protection=&quot;All&quot; />
</authentication>
<customErrors mode=&quot;Off&quot; />
</system.web>
</configuration>


Then you would add a new web.config file in the directory of the files you want to secure.

<configuration>
<system.web>
<authentication>
<location path=&quot;SecuredPage.aspx&quot;>
<system.web>
<authorization>
<deny users=&quot;?&quot; />
</authorization>
</system.web>
</location>
</authentication>
</system.web>
</configuration>


NOTE: The ? represents anonymous users, so they will be directed to the login page as stated in the root web.config file.

Let me know if this has helped.





AGIMA.net
 
Upvote 0 Downvote
You're exactly right. As it happens, I figured out the answer after a couple days. Too bad you didn't show up sooner! You still earn A StAr!!!!

Thanks

I'm a little hyper.
 
Upvote 0 Downvote
Thank your very much. Im glad to help even though you had already figured it out.


AGIMA where professional web hosting is our business.

AGIMA Computing
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

G12Consult
  • Locked
  • Question
Help with Json
Replies
2
Views
154
gmmastros
gmmastros
southbeach
  • Locked
  • Question
.NET to PHP snippet - Translate this for me please!
Replies
3
Views
68
MakeItSo
MakeItSo
peac3
  • Locked
  • Question
Generate console exe apps in web bin folder... help
Replies
1
Views
63
jbenson001
jbenson001
AzizKamal
  • Locked
  • Question
center-align menu item text
Replies
2
Views
95
AzizKamal
AzizKamal
Everton1Blue
  • Locked
  • Question
Welcome message error
Replies
1
Views
46
Everton1Blue
Everton1Blue

Part and Inventory Search

Sponsor

Back
Top