trend Posted July 11, 2005 Posted July 11, 2005 Hello, I need to redirect all unauthenticated users (All authenticated users will have a session cookie of sorts or possibly something else) to https://mywebsite.com/login.aspx Also.. all users going to: http://mywebsite.com/login.aspx needs to be redirected to: https://mywebsite.com/login.aspx I have read you do this through web.config.. but I cannot get this working:( <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.web> <!-- DYNAMIC DEBUG COMPILATION Set compilation debug="true" to insert debugging symbols (.pdb information) into the compiled page. Because this creates a larger file that executes more slowly, you should set this value to true only when debugging and to false at all other times. For more information, refer to the documentation about debugging ASP.NET files. --> <compilation defaultLanguage="vb" debug="true" /> <!-- CUSTOM ERROR MESSAGES Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. Add <error> tags for each of the errors you want to handle. --> <customErrors mode="RemoteOnly" /> <!-- AUTHENTICATION This section sets the authentication policies of the application. Possible modes are "Windows", "Forms", "Passport" and "None" --> <authentication mode="Forms" > <!-- AUTHORIZATION This section sets the authorization policies of the application. You can allow or deny access to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous (unauthenticated) users. --> <forms loginUrl="login.aspx" protection="All" requireSSL="true" timeout="30" name="FormsAuthCookie" path="/" /> </authentication> <authorization> <deny users="?" /> <!-- Allow all users --> <!-- <allow users="[comma separated list of users]" roles="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]"/> --> </authorization> <!-- APPLICATION-LEVEL TRACE LOGGING Application-level tracing enables trace log output for every page within an application. Set trace enabled="true" to enable application trace logging. If pageOutput="true", the trace information will be displayed at the bottom of each page. Otherwise, you can view the application trace log by browsing the "trace.axd" page from your web application root. --> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <!-- SESSION STATE SETTINGS By default ASP.NET uses cookies to identify which requests belong to a particular session. If cookies are not available, a session can be tracked by adding a session identifier to the URL. To disable cookies, set sessionState cookieless="true". --> <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password=" cookieless="true" timeout="20" /> <!-- GLOBALIZATION This section sets the globalization settings of the application. --> <globalization requestEncoding="utf-8" responseEncoding="utf-8" /> </system.web> </configuration> any ideas? Quote
patrick24601 Posted July 13, 2005 Posted July 13, 2005 Could you do this in global.asax.vb in the BeginRequest block to check every incoming URL request and redirect them appropriately. Quote
hrabia Posted July 19, 2005 Posted July 19, 2005 http://weblogs.asp.net/pwilson/archive/2004/12/23/331455.aspx Adam Quote A man and a dog have an average of three legs. Beaware of Statistics.
Joe Mamma Posted July 19, 2005 Posted July 19, 2005 I may be wrong, but dont you want this in the authentication section- <forms loginUrl="[url="https://./login.aspx"]https://./login.aspx[/url]" protection="All" requireSSL="true" timeout="30" name="FormsAuthCookie" path="/" /> and no one should go directly to login.aspx, ie, it shouldnt be your start page. Quote Joe Mamma Amendment 4: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Amendment 9: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
trend Posted July 19, 2005 Author Posted July 19, 2005 I may be wrong, but dont you want this in the authentication section- <forms loginUrl="[url="https://./login.aspx"]https://./login.aspx[/url]" protection="All" requireSSL="true" timeout="30" name="FormsAuthCookie" path="/" /> and no one should go directly to login.aspx, ie, it shouldnt be your start page. That is what I have.. but it will not redirect users that are trying to access pdf files, jpg... basically it will not rediect any file except aspx. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.