Solved

How to restrict a folder in an application to check for user name and password

Posted on 2006-11-02
29
259 Views
Last Modified: 2008-01-09
Hi Experts

Im looking forward to create a login log out page. My whole application is free to access except few links on which the page itself check the user name and password. Or when user clicks on that link ..it will open the login page. that login page takes the user name and password , authenticate it and send it to specific page. If authentication is not approved it will show the message for invalid user name n password.

The main purpose is to give specific users to access certain pages.

All these pages i need to keep it in separate folder. Like

My application is "CallApplication"
Specific folder is "SpecialUsers"

So what im trying to do is if user directly type in the url to access the page. The page wont let user go in without authorizing the user name and password.

Is there anyway i can do that. PLEASE HELP ME ... :)

Best Regards
Shaukat Waqar  
0
Comment
Question by:shwaqar82
  • 15
  • 7
  • 6
  • +1
29 Comments
 
LVL 9

Expert Comment

by:Type25
ID: 17858805
Well if you're using Forms Authentication it does this for you.

For example, once they're logged in you create an authentication ticket and then on the restricted pages you would write something like:

if (User.Identity.Name == "")
{
    Response.Redirect("Login.aspx",true);
}
0
 
LVL 11

Accepted Solution

by:
ethoths earned 500 total points
ID: 17858972
There's no need for the

    if (User.Identity.Name == "")
    {
        Response.Redirect("Login.aspx",true);
    }

code.

Simply put your restricted pages into a sub folder (as you say) and put a web.config file in that folder with...

<authentication mode="Forms">
  <forms loginUrl="~/login.aspx">
    <credentials passwordFormat="Clear">
      <user name="Administrator" password="password" />
    </credentials>
  </forms>
 </authentication>
<authorization>
  <deny users="?" />
</authorization>

Make the sub folder an application in IIS and hey presto.

This will AUTOMATICALLY direct unauthenticated users to your login page and then AUTOMATICALLY refer then to the requested page after loggin in.

The only downside with this is that your users credentials are in the config file. You could use the authentication provider and have them stored in a sql express database and use the WAT tool to add new users...



0
 

Author Comment

by:shwaqar82
ID: 17859033
I cant understand it. Can you clarify me...can you guide me step by step. Lets start it from the link. What you suggests me to do when user clicks on that link. It will show you the login logout page and registration page link......What i need to do in that page.....?
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17859071
Do nothing to that page or to any links. In ASP.Net it's all in the configuration.

This link will almost do it for you...

http://www.15seconds.com/Issue/020220.htm



0
 

Author Comment

by:shwaqar82
ID: 17859551
i dont get that ...i can make a sub folder in my application. i will put web.config and all the restricted pages in that sub folder. But how can i make this sub folder an application in IIS.........? Any suggestion???
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17859575
go to iis manager
START> RUN> inetmgr
browse to your web folder and click properties.

Click the "create" button alongside the application name.

Done.
0
 

Author Comment

by:shwaqar82
ID: 17859613
Is that i can do it through sub folder properties in IIS manager. In the directory tab...under application settings. Do i have to press Create button to make this sub folder an application......?
0
 

Author Comment

by:shwaqar82
ID: 17859622
oh sounds great thats wat i just did
0
 

Author Comment

by:shwaqar82
ID: 17859709
do i have to place the login page within the sub folder or outside it in the main application
0
 

Author Comment

by:shwaqar82
ID: 17860023
guys im confused now ....i have login page outside the sub folder which works fine... but when im entering the user name and password it does not accept any username and password
0
 

Author Comment

by:shwaqar82
ID: 17860078
When im using login page inside the sub folder. It gives me the below error:

Server Error in '/CallForm' Application.
--------------------------------------------------------------------------------

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS.

Source Error:

Line 15:      
Line 16:       </customErrors>
Line 17:       <authentication mode="Forms">
Line 18:         <forms loginUrl="~/Login.aspx">"
Line 19:           <credentials passwordFormat="Clear">

Source File: C:\Inetpub\wwwroot\CallForm\restrictedpages\web.config    Line: 17
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17860540
The problem is that you have something in your sub folders web.config that over-rides something in a higher level config file. All you should have in the web.config is the like the following...

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/login.aspx">
        <credentials passwordFormat="Clear">
          <user name="Administrator" password="password"/>
        </credentials>
      </forms>
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.net>
</configuration>
0
 

Author Comment

by:shwaqar82
ID: 17861900
Here is my subfolders web.config file:
<?xml version="1.0"?>
<configuration>
    <appSettings/>
    <connectionStrings/>
    <system.web>
      <authentication mode="Forms">
        <forms loginUrl="~/RestrictedPages/Login.aspx">
          <credentials passwordFormat="Clear">
            <user name="shaq" password="shaq123"/>
          </credentials>
        </forms>
      </authentication>
    </system.web>
</configuration>

And below is the main web.config file

<?xml version="1.0"?>
<configuration>
      <appSettings/>
      <connectionStrings/>
      <system.web>

    <customErrors mode="Off">
      <error statusCode="403" redirect="/Errors/Forbidden.aspx"/>
      <error statusCode="404" redirect="/Errors/NotFound.aspx"/>
      <error statusCode="500" redirect="/Errors/CustomErrorPage.aspx"/>
    </customErrors>
    <compilation debug="true" strict="false" explicit="true"/>
            <pages>
                  <namespaces>
                        <clear/>
                        <add namespace="System"/>
                        <add namespace="System.Collections"/>
                        <add namespace="System.Collections.Specialized"/>
                        <add namespace="System.Configuration"/>
                        <add namespace="System.Text"/>
                        <add namespace="System.Text.RegularExpressions"/>
                        <add namespace="System.Web"/>
                                                                <add namespace="System.Net"/>
                                                                <add namespace="System.Net.Mail"/>
                        <add namespace="System.Web.Caching"/>
                        <add namespace="System.Web.SessionState"/>
                        <add namespace="System.Web.Security"/>
                        <add namespace="System.Web.Profile"/>
                        <add namespace="System.Web.UI"/>
                        <add namespace="System.Web.UI.WebControls"/>
                        <add namespace="System.Web.UI.WebControls.WebParts"/>
                        <add namespace="System.Web.UI.HtmlControls"/>
                  </namespaces>
            </pages>
   
            <authentication mode="Forms"/>

      </system.web>
  <system.net>
    <mailSettings>
      <smtp from ="wshaukat@hotmail.com" deliveryMethod="Network" >
        <network host ="smtp.com" port="25" defaultCredentials="true"/>
      </smtp>
    </mailSettings>
  </system.net>
</configuration>

0
 

Author Comment

by:shwaqar82
ID: 17861959
I change my main we. config file authentication tag from :

<authentication mode="Windows"/>

to
<authentication mode="Forms"/>

I also tried without authentication tag. None of them is working. Any suggestion..........?
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 35

Expert Comment

by:YZlat
ID: 17868417
you'll need to add a <location> tag to your web.config file and specify the directories that have to be pasword protected. This way access to the application itself will be free but certain directories will ask for password when accessed
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17868449
The <location> tag  as suggested by YZlat is only necessary if you don't have a web.config in the sub folder. It's just a way of keeping all your config in one place (the root). It does the same as I suggest it's just that mine is easier to set up initially.
0
 
LVL 35

Expert Comment

by:YZlat
ID: 17868450
add something like that to configuration file:


   <location path="yourpage.aspx">
      <system.web>
         <authorization>
            <deny users="?"/>
         </authorization>
      </system.web>
   </location>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17868470
I doubt if <forms loginUrl="~/RestrictedPages/Login.aspx"> will work.

Try <forms loginUrl="~/Login.aspx"> since you need to access the login page prior to authentication.
0
 

Author Comment

by:shwaqar82
ID: 17868911
ethoths

it gives me the same error. Well i think ur way is the easiest way to set up thats why im still struggling with you guys to set it up. Please suggest me the other way if there is or try to solve it. I REALLY APPRECIATE IT.

YZLAT

in which web.config you want me to put location tag. the main one or the restricted one
0
 
LVL 35

Expert Comment

by:YZlat
ID: 17869179
does each one has its own config file? is restricted directory configured as an application?

if so, do not add location tags, just open config file in restricted directory and set authentication to Forms
0
 

Author Comment

by:shwaqar82
ID: 17869463
yae i did that before and i did that again .....and i already configured restrictedpages pages to an application
0
 
LVL 35

Expert Comment

by:YZlat
ID: 17869542
another thing you can try is add the <location> tags to the config file in CallForm directory and put there authentication infor for restricted folder. Then delete config file from the restricted directory
0
 

Author Comment

by:shwaqar82
ID: 17869989
okie let me try this <location>. To which page it will leads to . Is that the login page........?

<location path="yourpage.aspx">

yourpage.aspx ...is that the login page you are talking about
0
 
LVL 35

Expert Comment

by:YZlat
ID: 17870009
<location path="restrictedfolder">
0
 
LVL 35

Expert Comment

by:YZlat
ID: 17870024
0
 

Author Comment

by:shwaqar82
ID: 17870103
Now i have
<location path="~/CallForm/RestrictedPages">
in my web.config(CallForm)

it gives you no runtime error
But when i typed in http://localhost:1505/CallForm/restrictedpages/default.aspx in address bar it allows me to view this page
0
 
LVL 35

Expert Comment

by:YZlat
ID: 17870159
you'll need to add somewhere between

<configuration>

</configuration>

something like that:

<location path="RestrictedPages">
    <system.web>
      <authentication mode="Forms">
        <forms loginUrl="Login.aspx">
          <credentials passwordFormat="Clear">
            <user name="shaq" password="shaq123"/>
          </credentials>
        </forms>
       

    </system.web>
  </location>
0
 

Author Comment

by:shwaqar82
ID: 17870227
I have that

<location path="RestrictedPages">
    <system.web>
      <authentication mode="Forms">
        <forms loginUrl="Login.aspx">
          <credentials passwordFormat="Clear">
            <user name="shaq" password="shaq123"/>
          </credentials>
        </forms>
      </authentication >

It still gives me the same error allowDefination
0
 

Author Comment

by:shwaqar82
ID: 17880930
did not recieve any satisfactory answer yet
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now