I have a directory and I want to allow users which are only logged into. Also there is a web page in root directory which has several data and all visitors can see them. Web.config file:
<system.web>
<compilation debug="true"/>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms name=".Artucltd" loginUrl="loginpage.aspx"
protection="All" path="the_path" timeout="30"
cookieless="UseDeviceProfile" />
</authentication>
<authorization>
<deny users ="?" />
<allow users="*"/>
</authorization>
</system.web>
This is custom login which controls username and password from MSSQL 2008 database. Everything works fine but I have a problem which is:
When I want to open default web page (http://localhost/test), system is automatically redirect to loginpage.aspx (not to Default.aspx). But I want to see Default.aspx and navigate to other pages. Loginpage.aspx is in root folder which is not protected and I want to do it same. In protected folder, there is another Default.aspx page and other protected pages. How can I get rid of this redirection? Should I specify this protected folder as application and put another Web.config file?
Processes that I tried up-to-now:
Changed name of Default.aspx page in protected folder
in IIS, default page is Default.aspx
in Visual Studio 2010, I set default page as Default.aspx in root folder.
But no luck!
Well, I found solution: http://support.microsoft.com/kb/316871
Related
I'm having a problem where my style sheets and images are not loading after I deploy my site to IIS. It works fine in visual studio and local IIS.
I think it is trying to authenticate the static content because the css sources are showing up as LogOn?ReturnUrl=%2fContent%2fstyle.css in Chrome inspector. If I inspect the source code of the css it is just my logon page.
I've ensured that the server is set to serve static files and the IIS user has access to all of the files.
I've also tried adding the following code to my web.config:
<authorization>
<allow users="*" />
</authorization>
I found this in a similar stack overflow question but it did not work.
I figured it out. I had to set Anonymous Authentication to use the app_pool identity.
I have a page that needs to be secured. I add [Authorize] attribute to that action method. if you are not logged in, you will be redirect to the login page everytime you visit that secure page.
it works except I rename logon action to login , but applicaiton still redirects user to logon action. its no long there, I rename it, how do I fix it?
In your Web.config file change the forms loginUrl.
<authentication mode="Forms">
<forms loginUrl="~/Controller/Action" />
</authentication>
You need to set the loginUrl in the <forms /> element in Web.config.
I have been attempting to follow this blog to get Areas working:
http://mstechkb.blogspot.com/2010/10/areas-in-aspnet-mvc-20.html
In the blog post, it identifies the ability to have authentication set per Area, e.g.:
<location path="Area1">
<system.web>
<authentication mode="Windows" />
<authorization>
<allow roles="role1,role2"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
However, when I try to create this in a new project in Visual Studio 2010 I get the following error when I run:
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
From what I can see this is because you cannot specify an authentication element unless it is in the top level web.config.
So it is possible to do what the blog post says? Can you have Areas with Authentication elements inside Location elements in the web.config?
What I have learnt about ASP.NET MVC, it's always better to set the authorization rules with [Authorization] attribute applied to individual controllers, because it is safer and more adequate considering the way routing system works.
I have an ASP.Net 4.0 website hosted at winhost.com.
The default document is index.html. In the browser address bar, if I enter
http://www.mysite.com/index.html
it works fine - I get the index.html page as desired.
If, however, I simply enter http://www.mysite.com
the site behaves as if I have requested a page allowed only to authenticated users, that is, I am automatically redirected to the Login.aspx page.
Obviously this is a major panic! It means that the normal, public facing portion of the site is no longer visible unless visitors are instructed to include "index.html".
In IIS, I have verified that the "Default Document" is index.html, and it is first in the list.
In the web.config, I tried adding
<location path="index.html">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
But that did not help.
This all happened when I converted the site from 2.0 to 4.0. I was so busy fixing all the other problems (ajax security, wrong versions of dlls, etc.) that I never noticed this problem. Seems like it should be simple to fix, but I am stumped. Thanks for any help!
Check the NTFS permissions for the folder, where your website is located. And compare it with "index.htm" file permissions. Some user account must be missing.
I've set up Forms Authentication on my ASP.NET MVC website, including setting up appropriate entries in the web.config.
Now every request to my site redirects to the Login page to authenticate the user.
Problem is, this happens even when my pages try to access the master stylesheet (in the Content folder), so they end up rendering without styles.
How can I override Forms Authentication so that my style sheet will render?
You need to exclude stylesheets from security in your web.config:
<location path="App_Themes">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
if you are dealing with just one css file then you can add an exception on your web.config simiarly to what Chris KL wrote, but with the css file name instead:
<location path="yourstyle.css">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>