24 May, 2012
0 Comments
1 category
If you’ve got a website and this website contains a Login.aspx and a Default.aspx page in the root.
The simplest way to deny all unauthenticated user access to the website is adding the following to you’re Web.config:
<system.web> <authentication mode="Forms"> <forms loginUrl="Login.aspx" protection="All" timeout="30" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="Default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false" /> </authentication> <authorization> <deny users="?" /> </authorization> <membership> <providers> <clear /> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" /> </providers> </membership> </system.web>
This ensures that unauthenticated user can only access the Login.aspx and no other resources, accept the resources needed by the Login.aspx. So if the Login.aspx uses a /Images/Logo.png this images will show on the Login.aspx. Accessing the image directly by an unauthenticated user will redirect this user back to the Login.aspx page.
Tags: ASP .NET
Category: Uncategorized