How is unautenticated site navigation handled in ASP.NET?
I am wondering how to do the following...
I have a registration system. When the user successfully registers, he is then led down a series of data gathering pages (for his profile) and then, finally, ends on his profile's home page where he can start to use the site.
All this happens without ever logging into the system so, he is unauthenticated and unconfirmed.
My question is, how does this happen? How can I allow my user to be unauthenticated (and unconfirmed, but this I understand) and use all aspects of the Web site?
The way I have things set up right now, my code should be doing this:
case CreateProfileStatus.Success:
//FormsAuthentication.SetAuthCookie(userName, false);
Response.Redirect("NextPage.aspx", false);
break;
but, I am being redirected to the login page after registration which is not the result I want. This is what the relevant nodes in my web.config look like:
<authentication mode="Forms">
<forms name=".AuthCookie" loginUrl="default.aspx" protection="All"/>
</authentication>
<authorization>
<deny users="?"/>
<allow roles="Administrators" />
</authorization>
<anonymousIdentification enabled="true"
cookieName=".ASPXANONYMOUS"
cookieTimeout="100000" cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="Encryption"
cookieless="UseCookies"
domain="" />
When the user logs out after the reg开发者_运维问答istration and initial interaction with the site he will be required to log in upon return. At this point he must be authenticated but does not need to be confirmed for a period of time. Eventually, he will be reminded.
So, how is this done? Thanks in advance.
Right now, the deny users="?" is denying access to anonymous users to ALL parts of the site. Forms authentication isn't all or nothing. You can set it up to apply only to a portion of your site. Since you've applied it to everywhere, any time you have an anonymous user who hasn't been given an auth cookie they will be redirected to "default.aspx" which is where they are required to log in.
If I understand correctly, you need to do the following...Set the registration portion of the site to be open to anonymous users (you do this in the authorization section of the web.config). This will prevent redirecting to "default.aspx" during the registration process. Once they are finished registering, you can either send them to "default.aspx" to log in, or recognize that they are now registered and log in for them (by using the FormsAuthentication.SetAuthCookie method).
精彩评论