webdevelop
asked on
.NET Authentication - Access Denied Redirect
Hi,
I'm trying to get an authenticated web user, who does not have permission to access an area (but is an authenticated user), to receive a redirect to an "Access Denied" page. Currently they are just a redirected to the login page.
Please provide the complete code for the changes.
Thanks!
I'm trying to get an authenticated web user, who does not have permission to access an area (but is an authenticated user), to receive a redirect to an "Access Denied" page. Currently they are just a redirected to the login page.
Please provide the complete code for the changes.
Thanks!
<script language="VB" runat="server">
Sub ProcessLogin(objSender As Object, objArgs As EventArgs)
If FormsAuthentication.Authenticate(txtUser.Text, txtPassword.Text) Then
FormsAuthentication.RedirectFromLoginPage(txtUser.Text, chkPersistLogin.Checked)
Else
ErrorMessage.InnerHtml = "<b>Your ID or Password are incorrect.</b> Please try again."
End If
End Sub
</script>
how do you define who has access and who doesnt to the page? are you using ASP Membership?
ASKER
Credentials and location path authorization are set in the web.config. If I need to post parts of the web.config, let me know.
Thanks
Thanks
you can put the web page in a different folder and add another web.config file to that same folder with different rules.
ASKER
@urir10:
I'm confused. The web.config authentication settings are working, but the script rules are not.
The problem is *if* a user is authenticated, but doesn't have access to view a sub-folder. Currently, that type of authenticated user gets redirected back to the login screen. I want them to get redirected to a "Not Authorized" or "Access Denied" page.
Here is what happens:
2 basic users:
- 1 is admin (access to all sub-folders)
- 1 is just a viewer (access just to some sub-folders)
If "viewer" tries to access an admin page, they *currently* receive the login screen *again.* They should get redirected to a "Not Authorized" or "Access Denied" page.
How do I adjust the code snippet posted to make that happen? I'm guessing it would be something like:
==================
If user is authenticated but doesn't have access Then
redirect to /accessdenied.aspx
Else
.... Current code shown in first post....
End If
=================
Thanks!
I'm confused. The web.config authentication settings are working, but the script rules are not.
The problem is *if* a user is authenticated, but doesn't have access to view a sub-folder. Currently, that type of authenticated user gets redirected back to the login screen. I want them to get redirected to a "Not Authorized" or "Access Denied" page.
Here is what happens:
2 basic users:
- 1 is admin (access to all sub-folders)
- 1 is just a viewer (access just to some sub-folders)
If "viewer" tries to access an admin page, they *currently* receive the login screen *again.* They should get redirected to a "Not Authorized" or "Access Denied" page.
How do I adjust the code snippet posted to make that happen? I'm guessing it would be something like:
==================
If user is authenticated but doesn't have access Then
redirect to /accessdenied.aspx
Else
.... Current code shown in first post....
End If
=================
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.