locked
please give me answer RRS feed

  • Question

  • User-810066752 posted

    i wnna prevent the user to use my site except  after login  the problem whene i used the form auzuntication and  copy the home page link and paste it in the login url page it go through the home page i want to prevent him to do it how?please answer

    Sunday, June 1, 2014 1:20 AM

Answers

  • User-1415774685 posted

    <authentication mode="Forms" >
    <forms loginUrl="~/Login_Account/Login.aspx" name="MYWEBAPP.ASPXAUTH" protection="All" path="/" timeout="20" >
    </forms>
    </authentication>

    <authorization>
    <deny users="?"/>
    </authorization>

    Add the above code into your web config file. and set ur login page path to the loginUrl

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, June 1, 2014 1:34 AM
  • User223678428 posted

    <authorization>
    <deny users="?"/>
    </authorization>

    To clear it up some, <deny users="?"/> denies all users who are "anonymous".  If he's truly not logged in, he will be anonymous.  If you allow to store a cookie that is the "Remember me" cookie, then he can close the browser down and potentially go back to your site and still be logged in.

    If you want to take it a step further, you can add onto each page (or master page) User.Identity.IsAuthenticated and/or Session.IsNewSession.  If it's a new session, but he's still authenticated, it will kick him back out to the login screen.  If he's not authenticated, but it's the same session, it will kick him out to the login screen.

    Example below (VB.NET version)

    If User.Identity.IsAuthenticated = False Then
        FormsAuthentication.RedirectToLoginPage("e=auth")
        'response.end forces the stopping of execution for the rest of the page since all we want to do is move on and do nothing else
        Response.End()
    End If
    If Session.IsNewSession = True Then
        FormsAuthentication.RedirectToLoginPage("e=session")
        'response.end forces the stopping of execution for the rest of the page since all we want to do is move on and do nothing else
        Response.End()
    End If

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, June 1, 2014 8:34 AM

All replies

  • User-1415774685 posted

    <authentication mode="Forms" >
    <forms loginUrl="~/Login_Account/Login.aspx" name="MYWEBAPP.ASPXAUTH" protection="All" path="/" timeout="20" >
    </forms>
    </authentication>

    <authorization>
    <deny users="?"/>
    </authorization>

    Add the above code into your web config file. and set ur login page path to the loginUrl

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, June 1, 2014 1:34 AM
  • User-810066752 posted

    <configuration>
    <system.web>
    <authentication mode="Forms">
    <forms loginUrl="mixlog.aspx" name="MYWEBAPP.ASPXAUTH" protection="All" path="/" timeout="20" />
    </authentication>
    <authorization>
    <deny users="?"/>
    </authorization>
    <compilation debug="true" targetFramework="4.5">
    <assemblies>
    <add assembly="System.Web.WebPages.Administration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    </assemblies>
    </compilation>
    <httpRuntime targetFramework="4.5"/>
    <customErrors mode="Off"/>
    </system.web>
    </configuration> 

    it is my web.config ok 

    protected void btnlogin_Click(object sender, EventArgs e)
    {
    SqlDataReader dr = DataManager.ExecuteReader("u_login",CommandType.StoredProcedure, DataManager.CreateParameter("@username", SqlDbType.VarChar, txtusername.Value), DataManager.CreateParameter("@password", SqlDbType.VarChar, txtpassword.Value));
    if (dr.HasRows) { FormsAuthentication.SetAuthCookie(txtusername.Value, true);
    Response.Redirect("Home.aspx?username="+txtusername.Value);
    }
    else { lblmessage.InnerText = "invalid username or password"; lblmessage.Visible = true; txtusername.Value = "please try again"; txtusername.Focus(); }

    }

    it is login pgae code ok

    protected void Page_Load(object sender, EventArgs e)
    {


    if (!IsPostBack)
    {

    if (User.Identity.IsAuthenticated)
    {
    //Response.Write(Request.QueryString["username"]);
    // The user is logged in (you can access their username via User.Identity.Name)
    }

    }

    }

    it is home page ok

    now i dont need anyone go to home page except after loging in the site ,i mean there are some people 

    whom take the url of the home page and copy it then go through login page and paste it in it‘s url you undrstand what i mean?

    Sunday, June 1, 2014 6:05 AM
  • User-1415774685 posted

    U mean after logging in, they should not view your home page?

    Sunday, June 1, 2014 7:37 AM
  • User-810066752 posted

    no friend i mean if he have ausername and password and login ok he have all permision to see my page hom ok but if this man hwo try to go to my home after he save home page url no at this case no he shouldnt go to my home page and go to my login page ok friend u understand

    Sunday, June 1, 2014 7:43 AM
  • User223678428 posted

    <authorization>
    <deny users="?"/>
    </authorization>

    To clear it up some, <deny users="?"/> denies all users who are "anonymous".  If he's truly not logged in, he will be anonymous.  If you allow to store a cookie that is the "Remember me" cookie, then he can close the browser down and potentially go back to your site and still be logged in.

    If you want to take it a step further, you can add onto each page (or master page) User.Identity.IsAuthenticated and/or Session.IsNewSession.  If it's a new session, but he's still authenticated, it will kick him back out to the login screen.  If he's not authenticated, but it's the same session, it will kick him out to the login screen.

    Example below (VB.NET version)

    If User.Identity.IsAuthenticated = False Then
        FormsAuthentication.RedirectToLoginPage("e=auth")
        'response.end forces the stopping of execution for the rest of the page since all we want to do is move on and do nothing else
        Response.End()
    End If
    If Session.IsNewSession = True Then
        FormsAuthentication.RedirectToLoginPage("e=session")
        'response.end forces the stopping of execution for the rest of the page since all we want to do is move on and do nothing else
        Response.End()
    End If

     

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, June 1, 2014 8:34 AM
  • User-810066752 posted

    the problem solved thank you

    Sunday, June 1, 2014 7:56 PM