All geek questions in one place

Redirecting the user to the login page if not authenticated

I use a simple authentication thing ...

Using this in a configuration file ....

<authentication mode="Forms"> <forms name=".COOKIE" loginUrl="login.aspx" protection="All" path="/" timeout="480"/> </authentication> <authorization> <deny users="?"/> <allow users="*"/> </authorization>

A user who is not registered must be sent back to login.aspx. BUT this is not happening at the moment. The user can go to any page. Although it works well in my local, it does not work on the server. What am I missing ...

We are looking for an answer ...

+4
source share
4 answers

A few things to try:

  • remove <allow users="*"/>
  • close the browser, open it, clear all cookies, close the browser, open and go to the site.
  • check the code on the login page to make sure that it does not automatically authenticate the user.
  • try changing the name of the cookie ... maybe he shared it somehow?
+3
source

Everything seems to be in order. You can check whether the machine.config or IIS ASP.NET parameters you are using override the Web.config you are using.

0
source

Make sure the FormsAuthentication module is added to the httpMdules collection. You can try adding it to your web.config if it has been removed from machine.config . This module is what handles the redirect to what you specified in authentication/forms

0
source

I would prevent non-authenticated users from only making exceptions for the login page and other resources by default.

Example:

  <authorization> <deny users="?"/> </authorization>

...

 <location path="Login.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location>
0
source

Source: https://habr.com/ru/post/1332504/

More articles:


All Articles