www.webdeveloper.com
Results 1 to 2 of 2

Thread: Login Authentication in asp.net

  1. #1
    Join Date
    Aug 2003
    Posts
    74

    Login Authentication in asp.net

    Hi,

    Situation is : My application is connected to same SQL Server DB but I have three folders with three type of logins. Following is the description of each folder.

    www.mydomain.com/customer
    www.mydomain.com/mainApp
    www.mydomain.com/affiliate

    How can implement different login authentication for all these. For example if someone trys to have access .aspx page in customer it should go to :
    www.mydomain.com/customer/login.aspx
    The same for other folders.

    I tried to implement it by putting the 'web.config' in rout directory with following configuration, (but nothing happens, because it allows to access all the .aspx pages without sending to directory's login page.)


    <Location path="customer/">

    <system.web>

    <authentication mode="Forms">

    <forms name="AuthCookie" loginUrl="customer/customer_login.aspx" />

    </authentication>

    <authorization>

    <deny users="?" />

    </authorization>



    <customErrors mode="Off"/>

    </system.web>

    </Location>



    <Location path="mainApp/">

    <system.web>

    <authentication mode="Forms">

    <forms name="AuthCookie" loginUrl="mainApp/login.aspx" />

    </authentication>

    <authorization>

    <deny users="?" />

    </authorization>



    <customErrors mode="Off"/>

    </system.web>

    </Location>



    <Location path="affiliate/">

    <system.web>

    <authentication mode="Forms">

    <forms name="AuthCookie" loginUrl="affiliate/affiliate_login.aspx" />

    </authentication>

    <authorization>

    <deny users="?" />

    </authorization>



    <customErrors mode="Off"/>

    </system.web>

    </Location>



    Kindly solve this problem, I'll be grateful to you if I could have a complete tutorial or a complete example for that..

    Regards,

  2. #2
    Join Date
    Nov 2002
    Location
    Auburn, AL
    Posts
    9,222
    well, are the sub directories physical or virtual directories? You might try getting all of that stuff out of your root directory and nesting those three folders inside of the same virtual directory. You can check to see if the user has logged in on the page if your forms authentication is failing you, this is not geared to be an air tight system is it? I have an article on login systems for asp.net at webreference
    http://www.webreference.com/programming/asp/quasi/
    which does not use forms authentication. How I am checking for the login on each page the user has to be logged in to get to is by using an
    if len(session("id")) = 0 then
    response.redirect("login.aspx")
    end if
    because if that session("id") is equal to zero then the user has no logged in because all user ids will have a length greater to 0 and the default value for a session variable is null which will have a length of 0. But doing login systems like this is not said to be 100% air tight like forms authentication so I would not put this code behind an https:// in my address bar. Also, yes I put session in my code because I am using the session state for my logins in this article (just a bit simpler when using this method and am not dealing w/ forms and encryption), But I could have easily used a cookie the same way with request.cookie
    Here is a good forms auth article on 4gyusfromrolla.com http://www.4guysfromrolla.com/webtech/110701-1.3.shtml
    Last edited by PeOfEo; 04-25-2004 at 08:45 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles