Security

Re: set multiple loginurl for nested folders?

mayankagarwal — Tue, 19 Feb 2008 23:17:10 GMT

Tell me if I am right in thinking...

Wouldnt this need to be done on every page in the secure folder?

And this method assumes that ther is only one login page that directs the request. but i waas thinking to kave individual login pages inside the secure folders?

so if anyone tried to navigate directly to say MasterAdmin\aaa.aspx they will see a login page within the MasterAdmin folder and so and so forth.

in your previous example you are using appsetting with Key 'FolderName' i wonder what is that used for?

Thanks for you help...

Re: set multiple loginurl for nested folders?

izeman — Tue, 19 Feb 2008 19:19:51 GMT

You can also do this directly in CB in your login page

//REDIRECTION AFTER LOGIN BASED ON USER ROLE
    protected void mainLogin_LoggedIn(object sender, EventArgs e)
    {
        if(Roles.IsUserInRole(mainLogin.UserName, "MasterAdmin"))
        {
           Response.Redirect("~/MasterAdmin/Default.aspx");
        }
        else if(Roles.IsUserInRole(mainLogin.UserName, "CustomerAdmin"))
        {
            Response.Redirect("~/CustomerAdmin/Default.aspx");
        }
        else if (Roles.IsUserInRole(mainLogin.UserName, "User"))
        {
            Response.Redirect("~/User/Default.aspx");
        }
        else
        {
            Response.Redirect("~/Default.aspx");
        }
    }

Re: set multiple loginurl for nested folders?

mayankagarwal — Tue, 19 Feb 2008 06:57:51 GMT

Hi this seems to be a very good idea. i tried it on one folder and it working in essence. Are you able to provide a bit more elaborate example on how i can achieve this on 3 difference folders please

Re: set multiple loginurl for nested folders?

XiaoYong Dai – MSFT — Mon, 28 Jan 2008 11:22:18 GMT

I suggest you don't restrict page in web.config using authorization section. Instead, you can handle the authorization in page_load event, then redirect to whatever page you want. If you don't like the hard coded way, what about store the rule in <appSettings>

e.g:

</appSettings>

--------------read in code behind------------

if (! User.IsInRole("ClauseAdmin")) {

string FoerName= ConfigurationSettings.AppSettings["LoginUrl"];
Response.Redirect(FoerName);

}

Re: set multiple loginurl for nested folders?

Rippo — Sun, 27 Jan 2008 19:11:32 GMT

Has anyone successfully done this? Is this impossible
I suppose I will have to think of a work around.

Thanks Rippo

set multiple loginurl for nested folders?

Rippo — Fri, 25 Jan 2008 14:25:24 GMT

Is it possible to specify in the web.config file in each folder that requires forms authentication which page the user should be redirected to if they do not have the correct permissions.

e.g

Admin folder (redirect to ~/logout.aspx)

Report Admin (redirect to ~/permission.aspx)
Stats Admin (redirect to ~/permission.aspx")
etc

in my root web.config I have...

<authentication mode="Forms">
      <forms loginUrl="~/logout.aspx" ...></forms>
</authentication>

in each web.config in each sub folder I have

<configuration>
  <system.web>
    <authorization>
      <allow roles="ClauseAdmin" />
      <deny users="*"/>
    </authorization>
  </system.web>
</configuration>

and I am hoping to specify the loginurl. How can I do this?