开发者

Form Based Authentication problem?

i have 2 pages : Login.aspx and Satis.aspx. i redirected from Login.aspx to Satis.aspx if authentication is correct . if i signout from satis i redirected to Login.aspx. But if i write satis.aspx' url on web scanner i entered satis.aspx. But i am not sign in Satis.aspx. i should't enter Satis.aspx directly.

my web config:

    <authentication mode="Forms">
            <forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" path="/"  protection="All">
                <credentials>
                    <user name="a" password="a"></user>
                </credentials>
            </forms>
        </authentication>

    <authorization>
      <allow users="*"/>
    </authorization>


    </system.web>
    <location path="~/ContentPages/Satis/Satis.aspx">
        <system.web>
            <authorization>
                <deny users="?"/>
            </authorization>
        </system.web>
    </location>

Login.aspx.cs:

   protected void lnkSubmit_Click(object sender, EventArgs e)
        {

            if(FormsAuthentication.Authenticate(UserEmail.Value,UserPass.Value))
            {
                  FormsAuthentication.RedirectFromLoginPage
                   (UserEmail.Value, PersistForms.Checked);
  开发者_如何学JAVA          }

             else
                Msg.Text = "Invalid Credentials: Please try again";

        }

Satis.aspx

 protected void LogoutSystem_Click(object sender, EventArgs e)
        {
            FormsAuthentication.SignOut();

            Response.Redirect("~/Login/Login.aspx");
        }


I think you should use "deny users="?"" instead of "allow users="*"" in your web.config file

[*] means all users even those who did not pass authentication

[?] means only users who passed authentication

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜