I have converted a simple html WebSite to a Web Application.
And enabled forms authentication .aspx pages will require login now.
But the old .html pages can still be opened directly without login.
Must I convert all pages to .aspx or can I enforce login on .html pages as well?
Web.Config:
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<authentication mode="Forms">
<forms loginUrl="login.aspx" name=".aspxFormsAuthentication" cookieless="AutoDetect" protection="All" timeout="30" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="index.html">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<appSettings>
<add key="ValidationSettings:UnobtrusiveValidationMode" value="None" />
</appSettings>
</configuration>
The location element didn't help.
It seems this is not possible and I indeed need to convert the pages that need login to .aspx pages.
Related
When user login, I'm storing user_id in Session variable and on second page I'm checking on page load if user_id exists then fine, otherwise redirect to sign in page but when I login and and redirected to next page after few seconds it will redirect on login page. I have tried all solutions but all in vain
Important Note:
Another thing is that application working fine on development server and also on local IIS in LAN but on live server this issue is occurring.
Following web.config file code is
<system.web>
<customErrors mode="Off" />
<trust level="Full" />
<authentication mode="Forms">
<forms loginUrl="~/Security/Registration" timeout="30"
slidingExpiration="true" />
</authentication>
<sessionState timeout="30"></sessionState>
<compilation targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
Why don't you update sessionState with below line :
<sessionState mode="InProc" cookieless="false" timeout="30" />
You can set timeout in web.config
<system.web>
<sessionState mode="InProc" cookieless="false" timeout="30" />
....
Hi I am using the following code for internal users
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication />
<authorization>
<allow users="xyz\abc" />
<allow roles="Users" />
<deny users="*" />
</authorization>
<identity impersonate="true" />
</system.web>
Can anyone tell me how to direct it to Login.aspx for external users?
This MSDN article on mixing Forms and Windows security in ASP.NET might help.
<authorization>
<allow users="*" />
</authorization>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="30" />
</authentication>
When the user is not authenticated it will redirect to Login.aspx
I'm having a problem with Forms authentication in my website. At the moment when a user is not logged in they get redirected to a login page, which works fine. However, I want an unauthorised user to get redirected to a new page (welcome.aspx). Having changed the web.config I get the following HTTP Error 500.19 - Internal Server Error:
Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'redirect'
And here is the relevant part of my web.config:
<authentication mode="Forms">
<forms name=".CommunityServer" protection="All" timeout="60000" loginUrl="welcome.aspx" slidingExpiration="true" />
</authentication>
<location path="Default.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
If I set Visual Studio to use the Visual Studio Development Server instead of my Local IIS WebServer, it all works fine. Also if I rename welcome.aspx to login.aspx it works fine.
Any Help is appreciated.
Have you tried
<authentication mode="Forms">
<clear />
<forms name=".CommunityServer" protection="All" timeout="60000" loginUrl="welcome.aspx" slidingExpiration="true" />
</authentication>
Note this is is a slight variation on a previous question that I had..
I am using c# .NET Web Forms 4.0
I have a folder like the following that I need to password protect so anybody(any external users can also view site) wanting to view the page needs to first enter a userid, password (that we tell them) in order to view the page.
example:
www.abc.com/srlv/
so under srlv I have web pages that need to be password protected.
Note that we need to authenticate only if the user goes to a file under /srlv/
Note that these are .html files, not .aspx files.
www.abc.com/srlv/index.html, www.abc.com/srlv/about.html
but if the user goes to say www.abc.com it will allow them to view the website without any authentication
I was thinking of using the following:
<authenticaton mode="Forms">
<forms loginUrl="/srcs/login.aspx" timeout="30" defaultUrl="/srlv/index.aspx" cookieless="UseUri">
<credentials passwordFormat="Clear">
<user name="Usw" password="pass123"/>
</credentials>
</forms>
</authentication>
but how do I say authenticate only if you go to any files within
www.abc.com/srlv/
You can use the location element in web.config to configure permissions for sections of your website
<configuration>
<location path="srlv">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
This will deny access to anonymous users.
You need to create a web.config file in the target folder with the following contents.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<allow users="Usw"/>
<deny users ="*,?" />
</authorization>
</system.web>
</configuration>
It simply says, to allow user Usw but deny everyone else.
Location can help you..
http://support.microsoft.com/kb/316871
Simply get access to all unauthorized users and block only specific folder.
<configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >
</forms>
</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<authorization>
<deny users="?" />
</authorization>
</system.web>
<!-- This section gives the unauthenticated user access to the Default1.aspx page only. It is located in the same folder as this configuration file. -->
<location path="default1.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
<!-- This section gives the unauthenticated user access to all of the files that are stored in the Subdir1 folder. -->
<location path="subdir1">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
</configuration>
I am doing simple forms authentication for a small ASP.NET (3.5, C#) application and setting up my usernames and passwords in the web.config.
I would like to apply the default stylesheet and include the header graphic (included on every other page) but the graphic and stylesheet won't apply, presumably because the anonymous user doesn't have access to those two files. Is there some easy way for me to add them or some other way to make the image appear on the page?
Here is the relevent section of the web.config:
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH"
path="/"
loginUrl="login.aspx"
protection="All" timeout="30">
<credentials passwordFormat="SHA1">
<user
name="testuser"
password="hashgoeshere"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
The stylesheet is at:
/stylesheet.css
and the image is at:
/img/logoimage.png
Thanks. This site makes me happy because hopefully it will make Experts Exchange and their lame paywall DIE!
You can add exceptions in your Web.Config using location-specific rules (add these after the System.Web section):
<location path="stylesheet.css">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="img/">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>