Restricting cookie transmission with Forms Authentication to particular pages
From: Todd Meynink (todd@ntf.com.au)
Date: 11/27/02
- Next message: Alex Muntean: "WebControls error in an application running under an impersonate identity"
- Previous message: Larry Hastings: "Re: Want to access to a network drive, but not easy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: todd@ntf.com.au (Todd Meynink) Date: 26 Nov 2002 15:30:39 -0800
Hi,
I'm reading Jeff Prosise's "Programming Microsoft.NET". I've
implemented his Forms Authentication example as per the ASP.NET
security chapter - this chapter is identical to the article posted on
MSDN:
http://msdn.microsoft.com/msdnmag/issues/02/05/ASPSec2/default.aspx
I've setup SSL on the web server and have required SSL for pages in a
"Secret" subdirectory of the virtual root.
Once a user is authenticated, I only want the cookie transmitted when
the user is viewing pages in the "Secret" directory. The default
behaviour is to transmit the cookie with all requests once a user is
authenticated. Jeff suggests that adding
<forms ... path="/Secret" />
to web.config is the solution. However, once I do that, if I log in
correctly, rather than be redirected to my original request for
ProtectedPage.aspx, I am sent to the log-in page again. Removing the
above line causes things to work again, but I'm back to transmitting
the cookie all the time, including over unsecured channels.
Any ideas?
Cheers,
Todd.
- Next message: Alex Muntean: "WebControls error in an application running under an impersonate identity"
- Previous message: Larry Hastings: "Re: Want to access to a network drive, but not easy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
