Professional Web Applications Themes

Bypassing authentication - ASP.NET Security

I'm running a web site and implementing both folder(web.config) and class level authorization. A new requirement came in to allow an external web site to access some secure web pages directly, without going through the logon page. The users are valid users, and I will build the principle object anyway, but I need to do this before they are being re-directed to the logon page. Would removing the folder\file reference from the web.config file help? Thanks Alex [email]alex_dinuadp.com[/email]...

  1. #1

    Default Bypassing authentication

    I'm running a web site and implementing both folder(web.config) and class
    level authorization. A new requirement came in to allow an external web site
    to access some secure web pages directly, without going through the logon
    page.

    The users are valid users, and I will build the principle object anyway, but
    I need to do this before they are being re-directed to the logon page.

    Would removing the folder\file reference from the web.config file help?

    Thanks
    Alex
    [email]alex_dinuadp.com[/email]


    Microsoft Guest

  2. #2

    Default Re: Bypassing authentication

    You could do something in the global Application_Authenticate event, whereas
    if the HTTP-REFERER field has this "other" website, that it would create a
    GenericPrinicipal like:
    if( HttpContext.Current.Request.ServerVariables["HTTP_REFERER"] == "external
    website" )
    Context.User = new GenericPrincipal("extWebsite", ...);

    else
    /* you other code */

    maybe try that... and this would be a good single place to see where the
    overrides are, instead of scattering them in separate pages, making
    manageability a little harder.

    HTH


    --
    Eric Newton
    [email]ericensoft-software.com[/email]
    C#/ASP.net Solutions developer


    "Microsoft" <alexdinu1hotmail.com> wrote in message
    news:e4SEtwQXDHA.2632TK2MSFTNGP09.phx.gbl...
    > I'm running a web site and implementing both folder(web.config) and class
    > level authorization. A new requirement came in to allow an external web
    site
    > to access some secure web pages directly, without going through the logon
    > page.
    >
    > The users are valid users, and I will build the principle object anyway,
    but
    > I need to do this before they are being re-directed to the logon page.
    >
    > Would removing the folder\file reference from the web.config file help?
    >
    > Thanks
    > Alex
    > [email]alex_dinuadp.com[/email]
    >
    >

    Eric Newton Guest

Similar Threads

  1. Bypassing a session ID?
    By mostro in forum ASP.NET Security
    Replies: 3
    Last Post: December 24th, 08:52 AM
  2. bypassing XP logon
    By Andrew in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 17th, 11:54 PM
  3. bypassing XP password
    By Jupiter Jones [MVP] in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 8th, 05:06 PM
  4. bypassing log on box
    By Glynnes in forum Windows XP/2000/ME
    Replies: 1
    Last Post: July 6th, 06:25 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139