Re: How to bypass Forms Authentication on selected pages programma
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 13 Feb 2007 13:58:34 -0600
Not the query string, but the Request.Url or Request.Path property. I don't
really have a sample for you, but basically your code would do this:
In the appropriate event (probably the Authenticate event so this runs after
authentication but before authorization) check the Url of the Request to see
if it matches one of the resources you want to exclude. If so, set
SkipAuthorization to false. Be very careful with how you do the matching of
the path against your list of exclusions. There isn't really much to it.
Just play around with it. :)
There are also probably some fancier ways you can do this. You might apply
some kind of marker to the actual page via a base class, marker interface or
custom attribute on your pages and determine that from the IHttpHandler that
is set up in the HttpContext for the request. I haven't tried that, but I
don't see why it wouldn't work. Part of it depends on how you want to
maintain the list of excluded resources. If you want to do this from the
code in the page, I'd take this approach. If you want to maintain a list of
their URLs, then the previous approach is better. However, that kind of
thing might be easier to deal with through the standard location tags in
web.config.
I'm curious if Dominick (or anyone else) sees this thread and has a strong
opinion about this.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"ajmehra" <ajmehra@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7E76E7BF-60DC-441D-9A43-841CBBE0087E@xxxxxxxxxxxxxxxx
Thanks Joe.
Do you have an example of this property being used in Global.asax? I am
not
sure about how to check to see if -- this is the right page to be left
out
for authentication.
Should I use a QueryString for this check?
Thanks again
AJ
"Joe Kaplan" wrote:
Use the HttpContext.SkipAuthorization property to turn authorization on
or
off programmatically on a page by page basis. You probably want to put
this
code in global.asax or an IHttpModule.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"ajmehra" <ajmehra@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A9894367-B2BC-496D-9FD7-057381022AC6@xxxxxxxxxxxxxxxx
Hi
I am trying to bypass Forms Authentication on certain pages
programmatically. Any thoughts will be appreciated.
Thanks,
AJ
.
- Follow-Ups:
- References:
- Prev by Date: Re: How to bypass Forms Authentication on selected pages programma
- Next by Date: Re: How to bypass Forms Authentication on selected pages programma
- Previous by thread: Re: How to bypass Forms Authentication on selected pages programmatica
- Next by thread: Re: How to bypass Forms Authentication on selected pages programma
- Index(es):
Relevant Pages
|
