Re: Newbie question

From: Brock Allen (ballen_at_NOSPAMdevelop.com)
Date: 05/18/05

  • Next message: Brock Allen: "Re: Extendig SqlMembershipprovider"
    Date: Tue, 17 May 2005 15:03:22 -0700
    
    

    You need to authenticate the user on every request. It sounds like you want
    to use FormsAuthentication which is a mechanism of issuing a cookie to the
    user to identity them. Then there's a declarative syntax you can specify
    in your web.config to control access. This is nice so you don't have to manually
    code the access check in every page. Here's a link on Forms Authentication
    to get you started:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconSimpleCookieAuthentication.asp

    and

    http://www.dotnetjunkies.com/QuickStart/aspplus/default.aspx?url=/quickstart/aspplus/doc/formsauth.aspx

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen

    > I have a login which does a lookup in a Sql server table to check for
    > valid usernames and password. Then if login is Ok user allowed to go
    > to next page by using a response.redirect. Once on the next page he
    > can continue using site.
    >
    > Question is how do I prevent a user from copying a URL from the
    > explorer and copying that address to a browser and then go directly to
    > that page, bypassing the login page?
    >
    > I need to use SQL server based login because it is easier for the
    > users to maintain that list with a simple User Interface than it is to
    > have them understand the ins and outs of Windows security and groups.
    > most of my customers are small buisnesses with no budgets for training
    > or hiring system admins so I gotta KISS - (keep it simple stupid) :-)
    >
    > Thanks for any help
    >
    > RD
    >


  • Next message: Brock Allen: "Re: Extendig SqlMembershipprovider"

    Relevant Pages

    • Re: Linux authentication via AD
      ... What I do to integrate with Windows is to use NIS and Samba. ... a way to do this under older AIX) allows people to login authenticating ... authentication is done to the Windows Password Server. ... text passwords authenticate to the Windows Password Server as well. ...
      (comp.os.linux.security)
    • Re: Was told by DSL tech support that
      ... Network Setup Wizard"? ... PPPoE does not in itself require a login and password. ... PBI/SBC/AT&T wants the user to authenticate. ...
      (alt.internet.wireless)
    • Re: Linux authentication via AD
      ... Primarily I need to integrate Linux ... servers, but I do have a few OpenBSD servers. ... > a way to do this under older AIX) allows people to login authenticating ... > text passwords authenticate to the Windows Password Server as well. ...
      (comp.os.linux.security)
    • not authenticating when redirected from another page
      ... target page, it first checks to see if the user/browser is authenticated. ... the page I wanted after a successful login. ... authenticate, it sends the login page back again. ... even though I'm using the same browser window. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Slow active directory authentication across campus backbone
      ... We have a building network in which users authenticate at login via ... Netware Client32 to both Novell's eDirectory and to an Active ... Directory domain. ...
      (microsoft.public.win2000.active_directory)