Ask a Question related to ASP.NET Security, Design and Development.
-
Colin Graham #1
Login to admin system through login screen only
Hi there,
I have an issue relating to login to my asp.net application. Basically
i have built the standard login page which compares against the
database and lets me into the next screen if username and password
match a record in the database.
Now that ive done this i realise that somone could go round this
screen by typing a direct path to the next screen. I think i could
avoid this by setting a cookie in the login screen and only allowing
the next screen to open if the cookie exists with a certain value - or
something like that.
Can anyone please advise me to the best way of doing this as im new to
asp.net. any examples greatly appreciated. what about session state is
ait better to use this. Basically i want to force users to login
through my login screen.
CG
Colin Graham Guest
-
Can't Login to Admin Page
I have recently re-installed CF to work with WAMP 5 and its Apache server. but now i can't login to the Configuration and Settings Migration Wizard.... -
Development Halted: CF Admin: Login and PW
hello. i realize that this is going to sound like a guy trying to snoop into something where he doesn't belong, but i assure you that is not the... -
cant login to admin
I'm just a newbie coldfusion 5 so go easy on me, Have installed on a single machine on a network, hoping to install Dreamweaver next tested... -
user and admin login on same login page
Hello, I have a user login page which also doubles as my administrator login. Currently, my method of logging in doesnt seem to be working... -
session problem - login screen continually reloads after pressing the login button
I am trying to get sessions to work on a log in screen to give certain users access to certain pages/directories. The problem is that when the... -
Joseph MCAD #2 Re: Login to admin system through login screen only
April 8, 2005
Since you are using Form Authentication you can Easily force users by
adding a line to your web.config file. Just add the <forms> element to the
authentication element. Then specify the loginUrl="Login.aspx" attribute to
the forms element....
<authentication mode="Forms">
<forms loginUrl="YourLoginPage.aspx"/>
</authentication>
Then deny all unauthenticated users... (This will force authentication if
they are not authenticated already.)
<authorization>
<deny users="?"/> ' ? stands for unauthenticated users
</authorization>
Then you will have to put your login page in a subfolder and put a web
config file in that folder specifying that unauthenticated users can access
that folder. This will allow unauthenticated users to access your login
page...
' Subfolder Register
<authorization>
<allow users="*"/>
</authorization>
You cannot specify the authenticated element in a folder, so delete it from
the subfolder. This is all you have to do!
Joseph MCAD
"Colin Graham" <csgraham74@hotmail.com> wrote in message
news:ee261922.0504101251.2e6824b3@posting.google.c om...> Hi there,
>
> I have an issue relating to login to my asp.net application. Basically
> i have built the standard login page which compares against the
> database and lets me into the next screen if username and password
> match a record in the database.
>
> Now that ive done this i realise that somone could go round this
> screen by typing a direct path to the next screen. I think i could
> avoid this by setting a cookie in the login screen and only allowing
> the next screen to open if the cookie exists with a certain value - or
> something like that.
>
> Can anyone please advise me to the best way of doing this as im new to
> asp.net. any examples greatly appreciated. what about session state is
> ait better to use this. Basically i want to force users to login
> through my login screen.
>
> CG
Joseph MCAD Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
