Re: Bypassing authentication

From: Eric Newton (ericnewton76_at_hotmail.com)
Date: 08/15/03

  • Next message: Eric Newton: "Maybe Database connection pools should be managed by Admins instead of Developers using Code?"
    Date: Fri, 15 Aug 2003 15:15:45 -0400
    
    

    You could do something in the global Application_Authenticate event, whereas
    if the HTTP-REFERER field has this "other" website, that it would create a
    GenericPrinicipal like:
    if( HttpContext.Current.Request.ServerVariables["HTTP_REFERER"] == "external
    website" )
        Context.User = new GenericPrincipal("extWebsite", ...);

    else
        /* you other code */

    maybe try that... and this would be a good single place to see where the
    overrides are, instead of scattering them in separate pages, making
    manageability a little harder.

    HTH

    -- 
    Eric Newton
    eric@ensoft-software.com
    C#/ASP.net Solutions developer
    "Microsoft" <alexdinu1@hotmail.com> wrote in message
    news:e4SEtwQXDHA.2632@TK2MSFTNGP09.phx.gbl...
    > I'm running a web site and implementing both folder(web.config) and class
    > level authorization. A new requirement came in to allow an external web
    site
    > to access some secure web pages directly, without going through the logon
    > page.
    >
    > The users are valid users, and I will build the principle object anyway,
    but
    > I need to do this before they are being re-directed to the logon page.
    >
    > Would removing the folder\file reference from the web.config file help?
    >
    > Thanks
    > Alex
    > alex_dinu@adp.com
    >
    >
    

  • Next message: Eric Newton: "Maybe Database connection pools should be managed by Admins instead of Developers using Code?"

    Relevant Pages

    • Re: Inherriting a Website
      ... The answer to your question depends upon whether or not the existing web site is a FP Extended site. ... > I will be inheriting a website and I want to know what information I will ... > If I get the logon and password, will I be able to do this with FP2003 with ...
      (microsoft.public.frontpage.client)
    • Bypassing form Authentication
      ... I'm running a web site and implementing both folderand class ... A new requirement came in to allow an external web site ... The users are valid users, and I will build the principle object anyway, but ... I need to do this before they are being re-directed to the logon page. ...
      (microsoft.public.dotnet.security)
    • Bypassing authentication
      ... I'm running a web site and implementing both folderand class ... A new requirement came in to allow an external web site ... The users are valid users, and I will build the principle object anyway, but ... I need to do this before they are being re-directed to the logon page. ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Bringing out-of-print math books into print
      ... a website or Wiki where consumers of math books could "vote" for which books ... with statistics from MathSciNet showing that matroid theory is thriving; ... Setting up a web site to elicit suggestions for bringing a work back ... effectiveness of producing titles); and it is uncertain how to ...
      (sci.math.research)
    • Re: DNS Internet
      ... www delegation changing to ns415.hostgator.com ns416.hostgator.com ... I can ping ns416.hostgator.com, successfully. ... department agonized wanting to have unfettered access to the web site. ... Are you sayin your website is hosted externally AND internally?? ...
      (microsoft.public.win2000.dns)