Saturday, March 24, 2012

newbie: What am I missing here?

Hey

asp.net 2.0

I'm trying to learn asp.net 2.0 authentication so I created a simple website
project. My problem is that I want the SecTest.aspx (SecTest = Security
Test) to be impossible to view for unauthenticated users. As my settings are
now, if the user is unauthenticated and clicks on the menu item "Test", then
the user is direted to SecTest.aspx.
web.sitemap:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="Default.aspx" title="Home" description="">
<siteMapNode url="~/SecTest.aspx" title="Test" description="" >
</siteMapNode>
... more sitemap nodes

web.config:
<authentication mode="Forms">
<forms cookieless="AutoDetect"
loginUrl="~/AccessDenied.aspx"
name="TBHFORMAUTH" />
</authentication>

I thought that by using the "LoginUrl", it would be impossible to access the
SecTest.aspx page for unauthenticated users, the user should be redirected
to the AccessDenied.aspx webpage instead

Any idea what I'm missing here?Hi,
you are missing the below section
<authorization>
<deny users="?"/>
</authorization>

Regards,
Mohamed Mosalem
"Jeff" wrote:

Quote:

Originally Posted by

Hey
>
asp.net 2.0
>
I'm trying to learn asp.net 2.0 authentication so I created a simple website
project. My problem is that I want the SecTest.aspx (SecTest = Security
Test) to be impossible to view for unauthenticated users. As my settings are
now, if the user is unauthenticated and clicks on the menu item "Test", then
the user is direted to SecTest.aspx.
web.sitemap:
<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="Default.aspx" title="Home" description="">
<siteMapNode url="~/SecTest.aspx" title="Test" description="" >
</siteMapNode>
... more sitemap nodes
>
web.config:
<authentication mode="Forms">
<forms cookieless="AutoDetect"
loginUrl="~/AccessDenied.aspx"
name="TBHFORMAUTH" />
</authentication>
>
I thought that by using the "LoginUrl", it would be impossible to access the
SecTest.aspx page for unauthenticated users, the user should be redirected
to the AccessDenied.aspx webpage instead
>
Any idea what I'm missing here?
>
>
>

Posted by prospectdfgv at 2:23 PM
Labels: , , , , , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)