Professional Web Applications Themes

Login to admin system through login screen only - ASP.NET Security

Hi there, I have an issue relating to login to my asp.net application. Basically i have built the standard login page which compares against the database and lets me into the next screen if username and password match a record in the database. Now that ive done this i realise that somone could go round this screen by typing a direct path to the next screen. I think i could avoid this by setting a cookie in the login screen and only allowing the next screen to open if the cookie exists with a certain value - or something like ...

  1. #1

    Default Login to admin system through login screen only

    Hi there,

    I have an issue relating to login to my asp.net application. Basically
    i have built the standard login page which compares against the
    database and lets me into the next screen if username and password
    match a record in the database.

    Now that ive done this i realise that somone could go round this
    screen by typing a direct path to the next screen. I think i could
    avoid this by setting a cookie in the login screen and only allowing
    the next screen to open if the cookie exists with a certain value - or
    something like that.

    Can anyone please advise me to the best way of doing this as im new to
    asp.net. any examples greatly appreciated. what about session state is
    ait better to use this. Basically i want to force users to login
    through my login screen.

    CG
    Colin Graham Guest

  2. #2

    Default Re: Login to admin system through login screen only

    April 8, 2005

    Since you are using Form Authentication you can Easily force users by
    adding a line to your web.config file. Just add the <forms> element to the
    authentication element. Then specify the loginUrl="Login.aspx" attribute to
    the forms element....

    <authentication mode="Forms">
    <forms loginUrl="YourLoginPage.aspx"/>
    </authentication>

    Then deny all unauthenticated users... (This will force authentication if
    they are not authenticated already.)

    <authorization>
    <deny users="?"/> ' ? stands for unauthenticated users
    </authorization>

    Then you will have to put your login page in a subfolder and put a web
    config file in that folder specifying that unauthenticated users can access
    that folder. This will allow unauthenticated users to access your login
    page...

    ' Subfolder Register
    <authorization>
    <allow users="*"/>
    </authorization>

    You cannot specify the authenticated element in a folder, so delete it from
    the subfolder. This is all you have to do!

    Joseph MCAD



    "Colin Graham" <csgraham74hotmail.com> wrote in message
    news:ee261922.0504101251.2e6824b3posting.google.c om...
    > Hi there,
    >
    > I have an issue relating to login to my asp.net application. Basically
    > i have built the standard login page which compares against the
    > database and lets me into the next screen if username and password
    > match a record in the database.
    >
    > Now that ive done this i realise that somone could go round this
    > screen by typing a direct path to the next screen. I think i could
    > avoid this by setting a cookie in the login screen and only allowing
    > the next screen to open if the cookie exists with a certain value - or
    > something like that.
    >
    > Can anyone please advise me to the best way of doing this as im new to
    > asp.net. any examples greatly appreciated. what about session state is
    > ait better to use this. Basically i want to force users to login
    > through my login screen.
    >
    > CG

    Joseph MCAD Guest

Similar Threads

  1. Can't Login to Admin Page
    By Leotoothpick in forum Coldfusion Server Administration
    Replies: 6
    Last Post: January 18th, 01:44 AM
  2. cant login to admin
    By Debbs_R in forum Coldfusion - Getting Started
    Replies: 1
    Last Post: September 11th, 07:40 PM
  3. user and admin login on same login page
    By davellaman in forum Coldfusion - Advanced Techniques
    Replies: 1
    Last Post: May 16th, 07:47 PM
  4. Replies: 1
    Last Post: November 24th, 08:24 PM
  5. Admin login lost user name pw HELP!!
    By Bill in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 11th, 01:11 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139