Redirecting user to login page if not authenticate

2019-06-24 02:06发布

站内问答 / C#
734 4 5

I am using the simple authentication thing.,,..

Using this in config file....

<authentication mode="Forms">
   <forms name=".COOKIE" loginUrl="login.aspx" protection="All" path="/" timeout="480"/>
  </authentication>
  <authorization>
   <deny users="?"/>
   <allow users="*"/>
  </authorization>

The user who is not logged in should be sent back to login.aspx. BUT currently it is not happening. User is able to go to any page. While it is working well in my local but not working on server. What is the thing which I am missing...

Still seeking for the answer......

4条回答
我只想做你的唯一
2楼-- · 2019-06-24 02:10

I would deny unauthenticated users by default, only make exceptions for the login page and other resources needed.

Example:

    <authorization>
        <deny users="?"/>
    </authorization>

...

<location path="Login.aspx">
    <system.web>
        <authorization>
            <allow users="*"/>
        </authorization>
    </system.web>
</location>
查看更多
0人赞 添加讨论(0) 举报
疯言疯语
3楼-- · 2019-06-24 02:14

Seems like the config is all right. You might check if the machine.config or the IIS ASP.NET settings are overriding the Web.config you're using.

查看更多
0人赞 添加讨论(0) 举报
女痞
4楼-- · 2019-06-24 02:15

Make sure the FormsAuthentication module is added to the httpMdules collection. You might try to add it your self in your web.config, in case it has been removed from machine.config. This module is what handles the redirect to what you have specified under authentication/forms

查看更多
0人赞 添加讨论(0) 举报
冷血范
5楼-- · 2019-06-24 02:33

Couple of things to try:

  • remove <allow users="*"/>
  • close the browser, reopen it, clear all cookies, close the browser, reopen and go to site
  • check code in the login page to make sure it's not automatically authenticating the user
  • try changing the cookie name...maybe it's being shared somehow?
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)