Hi All,
I seem to be stuck with this problem and despite my attempts at looking all kinds of solutions, I still find myself miserably and frustratingly unavailable to solve my problem. My problem is the following: I want to restrict access to a folder which contains the administrator pages to modify my database. For this I am using an MS Access Database as well and have 2 web.config files in each folder as follows:
In folder to be accessed openly (root folder)
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation defaultLanguage="c#" />
</system.web>
<location path = "admin/administrator.aspx" />
<system.web>
<authentication mode ="Forms">
<forms name="FormsEClient" loginUrl = "admin/login.aspx" protection = "All" />
</authentication>
<authorization>
<allow users = "*" />
</authorization>
</system.web>
</configuration>
In folder (root folder/admin) that is to be restricted:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authorization>
<deny users="*" />
</authorization>
</system.web>
</configuration>
This is the login.aspx page I am using as well:
<%@ Import Namespace = "System.Web.Security" %>
<%@ Import Namespace="System.Data.OleDb" %>
<%@ Import Namespace="System.Data" %>
<%@ Page Language="C#" ContentType="text/html" ResponseEncoding="iso-8859-1" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<script language="c#" runat="server">
protected void btnlogin_click(object obj, EventArgs e){
if(Page.IsValid){
//Users user = new Users();
bool auth;
auth = AuthenticateUser(txtUsername.Text, txtPassword.Text);
if(auth){
FormsAuthentication.RedirectFromLoginPage(txtUsername.Text, true);
Response.Write("Testing as well");
} else {
lblMessage.Text = "Account Information was incorrect! Please try again!";
}
}else {
lblMessage.Text = "Missing some fields. Please try again.";
}
}
public bool AuthenticateUser(string username, string password){
bool authenticated;
OleDbConnection oConn;
OleDbCommand oComm;
OleDbDataReader oReader;
string sSQL;
string sConn = "Provider=Microsoft.Jet.OleDb.4.0;";
sConn += @"Data Source="+MapPath("../AstroDatabase.mdb");
sSQL = "SELECT ID ";
sSQL += "FROM Users ";
sSQL += "WHERE user = '" + txtUsername.Text + "' ";
sSQL += "AND pass = '" + txtPassword.Text + "';";
oConn = new OleDbConnection(sConn);
oConn.Open();
oComm = new OleDbCommand(sSQL, oConn);
oReader = oComm.ExecuteReader();
if(oReader.Read()){
authenticated = true;
}else {
authenticated = false;
}
oReader.Close();
oConn.Close();
oConn.Dispose();
return authenticated;
}
</script>
<body><center>
<h2>Please Login:</h2>
<asp:Label ID="lblInvalid" runat="server" />
<form runat="server">
Username:<asp:TextBox ID="txtUsername" runat="server" /><br />
Password:<asp:TextBox ID="txtPassword" TextMode="Password" runat="server" /><br />
<asp:Button ID="btnlogin" runat="server" Text="Login" OnClick="btnlogin_click" />
<br /><br /><br /><br /><br />
<asp:Label ID="lblMessage" runat="server" Text=""/>
</form>
</center>
</body>
</html>
When I click on the pages within the admin folder, a page asking me for a login and a password shows up. Upon typing the correct username and password, the page seems to get refreshed and does not show the administrator.aspx page which ideally needs to be redirected to upon successful login. Also, in the status bar below, I see the message below:
login.aspx?ReturnUrl=%2fastro%2fadmin%2fadministrator.aspx.
Can anyone pls pls pls pls help me? I am going nuts here!