?
Solved

.NET Authentication - Access Denied Redirect

Posted on 2009-12-16
6
Medium Priority
?
337 Views
Last Modified: 2013-11-07
Hi,

I'm trying to get an authenticated web user, who does not have permission to access an area (but is an authenticated user), to receive a redirect to an "Access Denied" page.  Currently they are just a redirected to the login page.

Please provide the complete code for the changes.

Thanks!
<script language="VB" runat="server">
Sub ProcessLogin(objSender As Object, objArgs As EventArgs)
  If FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text) Then
     FormsAuthentication.RedirectFromLoginPage(txtUser.Text, chkPersistLogin.Checked)
  Else
     ErrorMessage.InnerHtml = "<b>Your ID or Password are incorrect.</b> Please try again."
  End If
End Sub
</script>

Open in new window

0
Comment
Question by:webdevelop
  • 3
  • 2
6 Comments
 
LVL 7

Expert Comment

by:urir10
ID: 26066497
how do you define who has access and who doesnt to the page? are you using ASP Membership?
0
 

Author Comment

by:webdevelop
ID: 26066542
Credentials and location path authorization are set in the web.config.  If I need to post parts of the web.config, let me know.

Thanks
0
 
LVL 7

Expert Comment

by:urir10
ID: 26066549
you can put the web page in a different folder and add another web.config file to that same folder with different rules.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:webdevelop
ID: 26066695
@urir10:

I'm confused.  The web.config authentication settings are working, but the script rules are not.

The problem is *if* a user is authenticated, but doesn't have access to view a sub-folder.  Currently, that type of authenticated user gets redirected back to the login screen.  I want them to get redirected to a "Not Authorized" or "Access Denied" page.

Here is what happens:
2 basic users:
- 1 is admin (access to all sub-folders)
- 1 is just a viewer (access just to some sub-folders)

If "viewer" tries to access an admin page, they *currently* receive the login screen *again.*  They should get redirected to a "Not Authorized" or "Access Denied" page.

How do I adjust the code snippet posted to make that happen?  I'm guessing it would be something like:
==================
If user is authenticated but doesn't have access Then
    redirect to /accessdenied.aspx
Else
    .... Current code shown in first post....
End If
=================

Thanks!
0
 
LVL 7

Accepted Solution

by:
urir10 earned 1000 total points
ID: 26066747
you need to somehow diffrentiate the two users. If you store their login info in a database than you can create a fields that stores their role and base your logic of off that.
if you just base it on their name or id than u can check that also:


If UserName = "NameHere" Then
    Response.Redirect("~/AccessDenied.aspx")
End If
0
 
LVL 3

Assisted Solution

by:Rupesh P
Rupesh P earned 1000 total points
ID: 26070511
What kind of authentication you are using? how do you knows whther the user has access to the folder?

if you automatically gets a 404 error,
Set custom error in the web.config file

option 1
---------
 <customErrors mode="RemoteOnly" defaultRedirect="ErrorPage.aspx">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>

Create a FileNotFound.htm page , so,  he will be automatically redicted to there.


0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question