How to restrict a folder in an application to check for user name and password

Hi Experts

Im looking forward to create a login log out page. My whole application is free to access except few links on which the page itself check the user name and password. Or when user clicks on that link ..it will open the login page. that login page takes the user name and password , authenticate it and send it to specific page. If authentication is not approved it will show the message for invalid user name n password.

The main purpose is to give specific users to access certain pages.

All these pages i need to keep it in separate folder. Like

My application is "CallApplication"
Specific folder is "SpecialUsers"

So what im trying to do is if user directly type in the url to access the page. The page wont let user go in without authorizing the user name and password.

Is there anyway i can do that. PLEASE HELP ME ... :)

Best Regards
Shaukat Waqar  
shwaqar82Asked:
Who is Participating?
 
ethothsConnect With a Mentor Commented:
There's no need for the

    if (User.Identity.Name == "")
    {
        Response.Redirect("Login.aspx",true);
    }

code.

Simply put your restricted pages into a sub folder (as you say) and put a web.config file in that folder with...

<authentication mode="Forms">
  <forms loginUrl="~/login.aspx">
    <credentials passwordFormat="Clear">
      <user name="Administrator" password="password" />
    </credentials>
  </forms>
 </authentication>
<authorization>
  <deny users="?" />
</authorization>

Make the sub folder an application in IIS and hey presto.

This will AUTOMATICALLY direct unauthenticated users to your login page and then AUTOMATICALLY refer then to the requested page after loggin in.

The only downside with this is that your users credentials are in the config file. You could use the authentication provider and have them stored in a sql express database and use the WAT tool to add new users...



0
 
Type25Commented:
Well if you're using Forms Authentication it does this for you.

For example, once they're logged in you create an authentication ticket and then on the restricted pages you would write something like:

if (User.Identity.Name == "")
{
    Response.Redirect("Login.aspx",true);
}
0
 
shwaqar82Author Commented:
I cant understand it. Can you clarify me...can you guide me step by step. Lets start it from the link. What you suggests me to do when user clicks on that link. It will show you the login logout page and registration page link......What i need to do in that page.....?
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
ethothsCommented:
Do nothing to that page or to any links. In ASP.Net it's all in the configuration.

This link will almost do it for you...

http://www.15seconds.com/Issue/020220.htm



0
 
shwaqar82Author Commented:
i dont get that ...i can make a sub folder in my application. i will put web.config and all the restricted pages in that sub folder. But how can i make this sub folder an application in IIS.........? Any suggestion???
0
 
ethothsCommented:
go to iis manager
START> RUN> inetmgr
browse to your web folder and click properties.

Click the "create" button alongside the application name.

Done.
0
 
shwaqar82Author Commented:
Is that i can do it through sub folder properties in IIS manager. In the directory tab...under application settings. Do i have to press Create button to make this sub folder an application......?
0
 
shwaqar82Author Commented:
oh sounds great thats wat i just did
0
 
shwaqar82Author Commented:
do i have to place the login page within the sub folder or outside it in the main application
0
 
shwaqar82Author Commented:
guys im confused now ....i have login page outside the sub folder which works fine... but when im entering the user name and password it does not accept any username and password
0
 
shwaqar82Author Commented:
When im using login page inside the sub folder. It gives me the below error:

Server Error in '/CallForm' Application.
--------------------------------------------------------------------------------

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS.

Source Error:

Line 15:      
Line 16:       </customErrors>
Line 17:       <authentication mode="Forms">
Line 18:         <forms loginUrl="~/Login.aspx">"
Line 19:           <credentials passwordFormat="Clear">

Source File: C:\Inetpub\wwwroot\CallForm\restrictedpages\web.config    Line: 17
0
 
ethothsCommented:
The problem is that you have something in your sub folders web.config that over-rides something in a higher level config file. All you should have in the web.config is the like the following...

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <system.web>
    <authentication mode="Forms">
      <forms loginUrl="~/login.aspx">
        <credentials passwordFormat="Clear">
          <user name="Administrator" password="password"/>
        </credentials>
      </forms>
    </authentication>
    <authorization>
      <deny users="?"/>
    </authorization>
  </system.net>
</configuration>
0
 
shwaqar82Author Commented:
Here is my subfolders web.config file:
<?xml version="1.0"?>
<configuration>
    <appSettings/>
    <connectionStrings/>
    <system.web>
      <authentication mode="Forms">
        <forms loginUrl="~/RestrictedPages/Login.aspx">
          <credentials passwordFormat="Clear">
            <user name="shaq" password="shaq123"/>
          </credentials>
        </forms>
      </authentication>
    </system.web>
</configuration>

And below is the main web.config file

<?xml version="1.0"?>
<configuration>
      <appSettings/>
      <connectionStrings/>
      <system.web>

    <customErrors mode="Off">
      <error statusCode="403" redirect="/Errors/Forbidden.aspx"/>
      <error statusCode="404" redirect="/Errors/NotFound.aspx"/>
      <error statusCode="500" redirect="/Errors/CustomErrorPage.aspx"/>
    </customErrors>
    <compilation debug="true" strict="false" explicit="true"/>
            <pages>
                  <namespaces>
                        <clear/>
                        <add namespace="System"/>
                        <add namespace="System.Collections"/>
                        <add namespace="System.Collections.Specialized"/>
                        <add namespace="System.Configuration"/>
                        <add namespace="System.Text"/>
                        <add namespace="System.Text.RegularExpressions"/>
                        <add namespace="System.Web"/>
                                                                <add namespace="System.Net"/>
                                                                <add namespace="System.Net.Mail"/>
                        <add namespace="System.Web.Caching"/>
                        <add namespace="System.Web.SessionState"/>
                        <add namespace="System.Web.Security"/>
                        <add namespace="System.Web.Profile"/>
                        <add namespace="System.Web.UI"/>
                        <add namespace="System.Web.UI.WebControls"/>
                        <add namespace="System.Web.UI.WebControls.WebParts"/>
                        <add namespace="System.Web.UI.HtmlControls"/>
                  </namespaces>
            </pages>
   
            <authentication mode="Forms"/>

      </system.web>
  <system.net>
    <mailSettings>
      <smtp from ="wshaukat@hotmail.com" deliveryMethod="Network" >
        <network host ="smtp.com" port="25" defaultCredentials="true"/>
      </smtp>
    </mailSettings>
  </system.net>
</configuration>

0
 
shwaqar82Author Commented:
I change my main we. config file authentication tag from :

<authentication mode="Windows"/>

to
<authentication mode="Forms"/>

I also tried without authentication tag. None of them is working. Any suggestion..........?
0
 
YZlatCommented:
you'll need to add a <location> tag to your web.config file and specify the directories that have to be pasword protected. This way access to the application itself will be free but certain directories will ask for password when accessed
0
 
ethothsCommented:
The <location> tag  as suggested by YZlat is only necessary if you don't have a web.config in the sub folder. It's just a way of keeping all your config in one place (the root). It does the same as I suggest it's just that mine is easier to set up initially.
0
 
YZlatCommented:
add something like that to configuration file:


   <location path="yourpage.aspx">
      <system.web>
         <authorization>
            <deny users="?"/>
         </authorization>
      </system.web>
   </location>
0
 
ethothsCommented:
I doubt if <forms loginUrl="~/RestrictedPages/Login.aspx"> will work.

Try <forms loginUrl="~/Login.aspx"> since you need to access the login page prior to authentication.
0
 
shwaqar82Author Commented:
ethoths

it gives me the same error. Well i think ur way is the easiest way to set up thats why im still struggling with you guys to set it up. Please suggest me the other way if there is or try to solve it. I REALLY APPRECIATE IT.

YZLAT

in which web.config you want me to put location tag. the main one or the restricted one
0
 
YZlatCommented:
does each one has its own config file? is restricted directory configured as an application?

if so, do not add location tags, just open config file in restricted directory and set authentication to Forms
0
 
shwaqar82Author Commented:
yae i did that before and i did that again .....and i already configured restrictedpages pages to an application
0
 
YZlatCommented:
another thing you can try is add the <location> tags to the config file in CallForm directory and put there authentication infor for restricted folder. Then delete config file from the restricted directory
0
 
shwaqar82Author Commented:
okie let me try this <location>. To which page it will leads to . Is that the login page........?

<location path="yourpage.aspx">

yourpage.aspx ...is that the login page you are talking about
0
 
YZlatCommented:
<location path="restrictedfolder">
0
 
shwaqar82Author Commented:
Now i have
<location path="~/CallForm/RestrictedPages">
in my web.config(CallForm)

it gives you no runtime error
But when i typed in http://localhost:1505/CallForm/restrictedpages/default.aspx in address bar it allows me to view this page
0
 
YZlatCommented:
you'll need to add somewhere between

<configuration>

</configuration>

something like that:

<location path="RestrictedPages">
    <system.web>
      <authentication mode="Forms">
        <forms loginUrl="Login.aspx">
          <credentials passwordFormat="Clear">
            <user name="shaq" password="shaq123"/>
          </credentials>
        </forms>
       

    </system.web>
  </location>
0
 
shwaqar82Author Commented:
I have that

<location path="RestrictedPages">
    <system.web>
      <authentication mode="Forms">
        <forms loginUrl="Login.aspx">
          <credentials passwordFormat="Clear">
            <user name="shaq" password="shaq123"/>
          </credentials>
        </forms>
      </authentication >

It still gives me the same error allowDefination
0
 
shwaqar82Author Commented:
did not recieve any satisfactory answer yet
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.