tags:

views:

120

answers:

1
Q: 

How to use the deny all with membership provider and MVC

I'm writing my first MVC app that uses the membership provider and I noticed that after I login and it is successful - it won't transfer me to the default url (and i can't view any url other than the logon view) so it appears i'm not actually authenticated for some odd reason.

Here is part of the web.config - anything I might be doing wrong here? (using the default MVC account controller - fyi)

   <authentication mode="Forms">
      <forms loginUrl="~/Account.aspx/LogOn" defaultUrl="~/Home.aspx/Index"></forms>
     </authentication>
    <authorization>
      <deny users="*"/>
    </authorization>
+3  A: 

Shouldn't you be denying access to unauthenticated users?

That would look like this

<deny users="?"/>

Also your URL's look interesting. Is ~/Account.aspx/LogOn what you intended?

MikeD  2009-07-17 12:32:26
this worked! Huh, I thought the ? would allow anyone for some odd reason. So the * setting I had just blocked everyone regardless? And the ? allows (like you said) only users who are valid through the membership provider? it worked!
Toran Billups  2009-07-17 12:35:30
yes, the url works (as I'm using IIS6 and my server admins won't let me do any clean url filtering, i need to add .aspx after the controller)
Toran Billups  2009-07-17 12:36:52
Glad that worked. I hear your pain about using MVC with IIS6. Funny how few companies I've worked with have made the move to Windows Server 2008. Maybe they'll move across when the next version comes out ;)
MikeD  2009-07-17 12:40:31

related questions

What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
Entity diagrams in ASP.NET MVC
How do I get rid of Home in ASP.Net MVC?
Can I generate ASP.NET MVC routes from a Sitemap?
ASP.NET Model-view-controller (MVC) - where do I start from?
user controls and asp.net mvc
ASP.Net MVC route mapping
RSS Feeds in ASP.NET MVC
Open Source Licensing Options for ASP.NET MVC Application?
Does the OutputCacheFilter in the Microsoft MVC Preview 4 actually save on action invocations?
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
Best mock framework that can do both WebForms and MVC?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
ASP.NET MVC Without Visual Studio
ASP.NET MVC "CRUD" Database Sample
How to RedirectToAction in ASP.NET MVC without losing request data