Folder Structure:
Admin(Folder)
--Default.aspx
--Login.aspx
--Web.Config
User(Folder)
--Default.aspx
--Login.aspx
--Web.Config
Default.aspx
Login.aspx
Web.Config
The problem is as follows:
If a visitor try to access a page in Admin folder he must be redirected to login page located in Admin folder, here his username and password will be checked in SQL Server table, if authenticated then he will be redirected to Default page and he can access any page in Admin folder, but not the pages in User folder
Note: login page in Admin folder and login page in User folder are different.
Same scenario is for User folder
Solution:Here are the steps to follow:
1. Put following lines in /Admin/Web.config file<configuration>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
2. Put following lines in /User/Web.config file
<configuration>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
3. Put following lines in Web.config file (root). Here Login.aspx page is placed at the root path (Note: loginUrl here is the Login page located on the root path)
<authentication mode="Forms">
<forms name="login" timeout="120" slidingExpiration="false" loginUrl="Login.aspx"></forms>
</authentication>
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="User">
<system.web>
<authorization>
<allow roles="User"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
4. Put following code only in the Login.aspx page located on the root path
protected void Page_Load(object sender, EventArgs e)
{
if (Request.QueryString["ReturnUrl"] != null && Request.QueryString["ReturnUrl"].ToString().Length > 0)
{
string returnUrl = Request.QueryString["ReturnUrl"].ToString();
if (returnUrl.ToLower().Contains("/user/"))
{
Response.Redirect(string.Format("~/user/Login.aspx?ReturnUrl={0}", returnUrl));
}
if (returnUrl.ToLower().Contains("/admin/"))
{
Response.Redirect(string.Format("~/admin/Login.aspx?ReturnUrl={0}", returnUrl));
}
}
}
5. On the Login.aspx page under Admin & User folder do the authentication and put following line at the end of button click.HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(userName, createPersistentCookie));
6. And finally put following code for both signOut and redirect accordingly.
FormsAuthentication.SignOut();
Response.Redirect("~/admin/Login.aspx");
or
FormsAuthentication.SignOut();
Response.Redirect("~/user/Login.aspx");
Hoping that this might help!
Admin(Folder)
--Default.aspx
--Login.aspx
--Web.Config
User(Folder)
--Default.aspx
--Login.aspx
--Web.Config
Default.aspx
Login.aspx
Web.Config
The problem is as follows:
If a visitor try to access a page in Admin folder he must be redirected to login page located in Admin folder, here his username and password will be checked in SQL Server table, if authenticated then he will be redirected to Default page and he can access any page in Admin folder, but not the pages in User folder
Note: login page in Admin folder and login page in User folder are different.
Same scenario is for User folder
Solution:Here are the steps to follow:
1. Put following lines in /Admin/Web.config file<configuration>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
2. Put following lines in /User/Web.config file
<configuration>
<location path="Login.aspx">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
3. Put following lines in Web.config file (root). Here Login.aspx page is placed at the root path (Note: loginUrl here is the Login page located on the root path)
<authentication mode="Forms">
<forms name="login" timeout="120" slidingExpiration="false" loginUrl="Login.aspx"></forms>
</authentication>
<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="User">
<system.web>
<authorization>
<allow roles="User"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
4. Put following code only in the Login.aspx page located on the root path
protected void Page_Load(object sender, EventArgs e)
{
if (Request.QueryString["ReturnUrl"] != null && Request.QueryString["ReturnUrl"].ToString().Length > 0)
{
string returnUrl = Request.QueryString["ReturnUrl"].ToString();
if (returnUrl.ToLower().Contains("/user/"))
{
Response.Redirect(string.Format("~/user/Login.aspx?ReturnUrl={0}", returnUrl));
}
if (returnUrl.ToLower().Contains("/admin/"))
{
Response.Redirect(string.Format("~/admin/Login.aspx?ReturnUrl={0}", returnUrl));
}
}
}
5. On the Login.aspx page under Admin & User folder do the authentication and put following line at the end of button click.HttpContext.Current.Response.Redirect(FormsAuthentication.GetRedirectUrl(userName, createPersistentCookie));
6. And finally put following code for both signOut and redirect accordingly.
FormsAuthentication.SignOut();
Response.Redirect("~/admin/Login.aspx");
or
FormsAuthentication.SignOut();
Response.Redirect("~/user/Login.aspx");
Hoping that this might help!
No comments:
Post a Comment