Robert Treadwell
asked on
Using Login In on Default page Http/Https
My website Introduces users to site via a default pages (http://domainName/Default.aspx) contained on page is user Login Control. Upon user authentication user is transfer to a role driven admin page or a member page (https://domainName/siteName/RoleDrivenPage.aspx). My problem is everyone needs access to see Default page because there are links to non-secure areas. I cannot set 'requireSSL= true' because default page resides on 'http', and when I set 'requireSSL=false' user logs in and then require to login again using https://domainName/siteName/Default.aspx.
Is there a way to use this Default/Login functionality?
Is there a way to use this Default/Login functionality?
Web.config:
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Forms">
<forms protection="All" name=".ASPXFORMSAUTH" loginUrl="Default.aspx" slidingExpiration="false" timeout="10" requireSSL="true"
cookieless="UseCookies" />
</authentication>
<!-- This section denies access to all files in this application except for those that you have not explicitly specified by using another setting. -->
<authorization>
<deny users="?" />
</authorization>
<httpCookies requireSSL="true" />
<!--Memeber ship Class -->
<membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="15">
<providers>
<remove name="AspNetSqlProvider" />
<add name="SqlProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="rmeaspnetdbConnectionString" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed"/>
</providers>
</membership>
<!--Role Management goes here-->
<roleManager defaultProvider="SqlProvider" enabled="true" cacheRolesInCookie="true" cookieProtection="All">
<providers>
<add name="SqlProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="rmeaspnetdbConnectionString"
applicationName="/" />
</providers>
</roleManager>
</system.web> <!-- Closing System.web inorder to apply location tags -->
<!-- This section gives the unauthenticated user access to the Default1.aspx page only. It is located in the same folder as this configuration file. -->
<location path="Default.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
<!-- This section gives the authenticated user access to all of the files that are stored in the Member Content Pages folder. -->
<location path="MemberContentPages">
<system.web>
<authorization>
<deny users ="?" />
<allow users = "*" />
</authorization>
</system.web>
</location>
<!-- This section gives the authenticated user with Role Administrator, Site Admin and Assistant access to all of the files that are stored in the Entity Content Pages folder. -->
<location path="EntityContentPages">
<system.web>
<authorization>
<deny users ="?" />
<deny roles = "Member" />
<deny roles = "Client" />
</authorization>
</system.web>
</location>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I thought of that and will do it at last resort. However I was reading documentation on Login over HTTPS from HTTP, are you aware 'routinet' how to do this and do you happen to know where I may be able to find an example of this functionality.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The other option would be to create a separate login page.