Member Avatar for sonia sardana

WEB.CONFIG FIlE

<?xml version="1.0"?>
<configuration>
    <appSettings/>
    <connectionStrings/>
    <system.web>
      <authentication mode ="Forms">
        <forms loginUrl="FrmLogin.aspx" protection="All" >
          <credentials passwordFormat="Clear">
            <user name="sonia" password="citm123"/>
            <user name="soni"  password="citm123" />
            <user name="muru" password="citm1234"/>
          </credentials>
        </forms>
      </authentication>
      <authorization>
       <allow users="sonia"/>
        <allow users ="soni"/>
        <deny users="muru"/>
         </authorization>
      <compilation debug="true"/>
         </system.web>
</configuration>

FRMLOGIN.aspx

protected void btnLogin_Click(object sender, EventArgs e)
    {
        if (FormsAuthentication .Authenticate(txtUserName .Text ,txtPassword .Text ))
        {
         FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true);

          Response.Redirect("FrmWelcome.aspx?username=" + txtUserName.Text  );
        }

    }

FRMWELCOME.aspx

protected void Page_Load(object sender, EventArgs e)
    {
       
            lblUserName.Text = Request.QueryString["username"].ToString();  

               
    }

Suppose i enter sonia in username & citm123 in password. I will be redirected to FrmWelcome. Suppose now the user copies the URL of FrmWelcome & open in other window,i want that the user is navigated to FrmLogin. How to do it.Using Cookies??? Can somebody help me out!

  • 2 Contributors
  • 1 Reply
  • 111 Views
  • 19 Hours Discussion Span
  • Latest Post Latest Post by Ramesh S
Member Avatar for Ramesh S

You are only denying access to the user 'muru'. It means that users other than 'muru' can access the application anonymously.

If you want to prevent the users to access the FrmWelcom or other pages without login to the system, your web.config should be as below

<authorization>
     <allow users="sonia"/>
     <allow users="soni"/>
     <deny users="muru"/>
     <deny users="?"/>
</authorization>

The '?' in deny element prevents anonymous access to the resources.

Also the set the second argument in the statement FormsAuthentication.RedirectFromLoginPage to false.

FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);

Setting true will create a durable cookie (one that is saved across browser sessions). Therefore you need to set it as false.

Edited by Ramesh S because: n/a
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.