PDA

Click to See Complete Forum and Search --> : Login Authentication in asp.net

akrashdi
04-24-2004, 06:23 PM
Hi,

Situation is : My application is connected to same SQL Server DB but I have three folders with three type of logins. Following is the description of each folder.

www.mydomain.com/customer
www.mydomain.com/mainApp
www.mydomain.com/affiliate

How can implement different login authentication for all these. For example if someone trys to have access .aspx page in customer it should go to :
www.mydomain.com/customer/login.aspx
The same for other folders.

I tried to implement it by putting the 'web.config' in rout directory with following configuration, (but nothing happens, because it allows to access all the .aspx pages without sending to directory's login page.)


<Location path="customer/">

<system.web>

<authentication mode="Forms">

<forms name="AuthCookie" loginUrl="customer/customer_login.aspx" />

</authentication>

<authorization>

<deny users="?" />

</authorization>



<customErrors mode="Off"/>

</system.web>

</Location>



<Location path="mainApp/">

<system.web>

<authentication mode="Forms">

<forms name="AuthCookie" loginUrl="mainApp/login.aspx" />

</authentication>

<authorization>

<deny users="?" />

</authorization>



<customErrors mode="Off"/>

</system.web>

</Location>



<Location path="affiliate/">

<system.web>

<authentication mode="Forms">

<forms name="AuthCookie" loginUrl="affiliate/affiliate_login.aspx" />

</authentication>

<authorization>

<deny users="?" />

</authorization>



<customErrors mode="Off"/>

</system.web>

</Location>



Kindly solve this problem, I'll be grateful to you if I could have a complete tutorial or a complete example for that..

Regards,
PeOfEo
04-25-2004, 09:36 PM
well, are the sub directories physical or virtual directories? You might try getting all of that stuff out of your root directory and nesting those three folders inside of the same virtual directory. You can check to see if the user has logged in on the page if your forms authentication is failing you, this is not geared to be an air tight system is it? I have an article on login systems for asp.net at webreference
http://www.webreference.com/programming/asp/quasi/
which does not use forms authentication. How I am checking for the login on each page the user has to be logged in to get to is by using an
if len(session("id")) = 0 then
response.redirect("login.aspx")
end if
because if that session("id") is equal to zero then the user has no logged in because all user ids will have a length greater to 0 and the default value for a session variable is null which will have a length of 0. But doing login systems like this is not said to be 100% air tight like forms authentication so I would not put this code behind an https:// in my address bar. Also, yes I put session in my code because I am using the session state for my logins in this article (just a bit simpler when using this method and am not dealing w/ forms and encryption), But I could have easily used a cookie the same way with request.cookie
Here is a good forms auth article on 4gyusfromrolla.com http://www.4guysfromrolla.com/webtech/110701-1.3.shtml