0

I have a site where I have a admin.aspx page.

Once the user has logged into the Admin.aspx page successfully, they will then be redirected to the Report.aspx page. Note that the Report.aspx page cannot be accessed without first successfully logging into Admin.aspx page.

Keep in mind that there are other pages like index.aspx, etc which any user can view without logging in. I just need the authentication for JUST the Report.aspx page.

I have the following code but does not seem to work as it says problem with virtual directory. Am I doing something fundamentally wrong?

  <location path="Report.aspx">
    <system.web>
        <authentication mode="Forms">
            <forms loginUrl="Login.aspx" >
                <credentials passwordFormat="Clear">
                    <user name="John" password="pass@432"/>
                </credentials>
            </forms>
        </authentication>
        <authorization>
            <deny users="*" />
        </authorization>
    </system.web>
</location>
Improve this question
1

3 Answers 3

Reset to default
1

First it seems you are not allowing your user John. You also might want to try pulling the authentication section of out of the locaiton specific parts of the config file:

<configuration>
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="Login.aspx" defaultUrl="Report.aspx">
        <credentials passwordFormat="Clear">
          <user name="John" password="pass@432"/>
        </credentials>
      </forms>
    </authentication>
  </system.web>

  <location path="Report.aspx">
    <system.web>
      <authorization>
        <allow users="John"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Hi Chris, thanks for your response. When I login to Login.aspx with the username, pwd, it does direct me to Report.aspx but I get the following error An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Sorry Nate, forgot the mode="Forms" bit on the authentication. I have updated the post
Also, since you are not registering a MembershipProvider (and thus the default SqlMemberhipProvider would be assumed), you'll want to use the obsolete FormsAuthentication.Authenticate(username,password) method on your login page.
1

To redirect the user after a successful login, use the DestinationPageUrl property.

<%@ Page Language="C#" autoEventWireup="false" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<script runat="server">
        void PageLoad(Object sender, EventArgs e)
        {
            Login1.DestinationPageUrl = 
                String.Format("terms.aspx?{0}", Request.QueryString.ToString());
        }
</script>

<html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
    <title>ASP.NET Example</title>
</head>
<body>
        <form id="form1" runat="server">
            <asp:Login id="Login1" runat="server" 
                DestinationPageUrl="terms.aspx">
            </asp:Login>
        </form>
    </body>
</html>
Improve this answer

5 Comments

Thanks but does my webconfig file need to be modified. I need it to authenticate only if going to Admin.aspx page
Try changing the defaultUrl="Report.aspx" in the webconfig.
Thanks but I need to specify the Location or else it would do it for all the .aspx pages
Then do not do it via the webconfig. You can use the code sample I posted initially that uses the DestinationPageUrl.
Another option is to put this code in the Admin page's code behind: private void Page_Load(object sender, EventArgs e) { if (!Request.IsAuthenticated) { Response.Redirect("Login.aspx"); } }
1

In web.config file:

<location path="Default.aspx">
    <system.web>
        <authorization>
            <allow roles="Administrator, User, AdditionalUser" />
        </authorization>
    </system.web>
</location>

ASP.NET Forms Auth Allowing access to specific file in subdirectory when all others should be denied

http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.