Hi I was wondering what is the best way to force the user to login when arriving at a website, in .net. I have set up the Membership features and I was wondering what is the best way to ensure that no matter what address the user arrives at, they must first get authenticated before proceding to the page they requested. Any resources will be great, thanks.
+12
A:
Alter Web.config in application root to read:
<authentication mode="forms">
<forms loginUrl="Login.aspx" defaultUrl="/" />
</authentication>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
Side note: Obviously, ASP.NET can only protect the requests that are handed down to ASP.NET engine. By default, it cannot enforce the security on static resources in IIS classic mode. In that case, to control access to static resources, they should be explicitly mapped to the ASP.NET ISAPI DLL in the IIS configuration.
More info about Authorization here: ASP.NET Authorization.
Mehrdad Afshari
2009-02-26 20:48:05
+3
A:
Forms Authentication explained
Here's a sample from a web.config
<forms loginUrl="Login.aspx"
protection="All"
timeout="30"
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true"
defaultUrl="default.aspx"
cookieless="UseDeviceProfile"
enableCrossAppRedirects="false" />
matt eisenberg
2009-02-26 20:50:09