Bypassing authentication

[Microsoft]

I'm running a web site and implementing both folder(web.config) and class
level authorization. A new requirement came in to allow an external web site
to access some secure web pages directly, without going through the logon
page.

The users are valid users, and I will build the principle object anyway, but
I need to do this before they are being re-directed to the logon page.

Would removing the folder\file reference from the web.config file help?

Thanks
Alex
[email]alex_dinu@adp.com[/email]

[Eric Newton]

You could do something in the global Application_Authenticate event, whereas
if the HTTP-REFERER field has this "other" website, that it would create a
GenericPrinicipal like:
if( HttpContext.Current.Request.ServerVariables["HTTP_REFERER"] == "external
website" )
Context.User = new GenericPrincipal("extWebsite", ...);

else
/* you other code */

maybe try that... and this would be a good single place to see where the
overrides are, instead of scattering them in separate pages, making
manageability a little harder.

HTH


--
Eric Newton
[email]eric@ensoft-software.com[/email]
C#/ASP.net Solutions developer


"Microsoft" <alexdinu1@hotmail.com> wrote in message
news:e4SEtwQXDHA.2632@TK2MSFTNGP09.phx.gbl...

> I'm running a web site and implementing both folder(web.config) and class
> level authorization. A new requirement came in to allow an external web

site

> to access some secure web pages directly, without going through the logon
> page.
>
> The users are valid users, and I will build the principle object anyway,

but

> I need to do this before they are being re-directed to the logon page.
>
> Would removing the folder\file reference from the web.config file help?
>
> Thanks
> Alex
> [email]alex_dinu@adp.com[/email]
>
>