CODEWITHSUNDEEP
asp.netforms-authenticationwebforms
VJAI
VJAI

Reputation: 32768

Troubles with Forms Authentication

I'm working on an ASP.NET Web Forms application and where I've a folder called Account at the root. Which contain mainly three ASPX pages: Login.aspx, ChangePassword.aspx, ForgotPassword.aspx.

I've configured forms authentication with custom membership provider.

web.config

<authentication mode="Forms">
    <forms loginUrl="~/Account/Login.aspx" slidingExpiration="true" timeout="2880" path="/" protection="All" />
</authentication>

<membership defaultProvider="CustomMembershipProvider">
  <providers>
    <clear/>

    <add name="CustomMembershipProvider" 
         type="App_Code.CustomMembershipProvider, Portal.Web" 
         connectionStringName="PortalConnectionString"
         applicationName="/" />
  </providers>
</membership>

If I try to access the pages in Account folder other than Login.aspx I've been redirecting to Login.aspx and I currently I'm avoiding forms authentication for the other two pages like below,

  <location path="Account/ChangePassword.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

  <location path="Account/ForgotPassword.aspx">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>

Instead of specifying individual pages like above can I combine them? I tried of specifying the folder name Account in the path attribute but that's not working.

The next thing is I've another page called Dashboard.aspx in the root and whenever I directly access it I thought I would be redirected to the Account/Login.aspx page but it's not happening, why?

Upvotes: 0

Views: 273

Answers (1)

Richard
Richard

Reputation: 30628

You definitely can specify a folder as the path attribute - try removing the trailing / if you'd left it on, e.g.

 <location path="account">
    <system.web>
      <authorization>
        <deny users="?" />
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

However, because you want to protect the other pages inside account folder, you will need to override for the pages specifically available for anonymous users, such as Login.aspx and ResetPassword.aspx. You cannot combine multiple file entries.

As for why Dashboard.aspx is redirecting, there must be something else in the config you've not posted here which is causing that.

Upvotes: 1

Related Questions