Denying access to a page to certain users redirects to login page

I have an administration page in my web application (which uses Forms Authentication) and I've protected it by making an authorization rule in the web.config for that particular page.  I've allowed one user access and denied all others by using the following:

 

	</system.web>
	<location path="UserAdmin.aspx">
		<system.web>
			<authorization>
				<allow users="AdminGuy" />
				<deny users="*" />
			</authorization>
		</system.web>
	</location>
</configuration>
 

Let's assume that a user visits the site and isn't "AdminGuy".  I've hidden the link to that page so he can't click on it, however he knows the page's URL and types it in, attempting to access that page.  He isn't successful; instead he gets redirected to the login page.  Is there a way to redirect the user to an "Access denied" page?  I've tried adding an element to the custom errors section but it's getting ignored.

 

0
desertfoxaz
8/8/2008 10:30:10 PM
asp.net.security 27051 articles. 1 followers. Follow

2 Replies
887 Views

Similar Articles

[PageSpeed] 14

check this: http://www.asp.net/learn/security/tutorial-07-vb.aspx or there is a C# version also


/GuruBhai
0
guru_sarkar
8/8/2008 10:44:22 PM

Thanks, that's a great article.  It pointed me in the right direction.

0
desertfoxaz
8/8/2008 11:22:55 PM
Reply:

Similar Artilces:

How to automatically send denied users to "access denied" page, instead of a login prompt only then to be sent to "access denied" page
Hello: My security works fine except for one small annoyance.  This is an intranet site only and are using Windows (AD) authentication with Anonymous turned off.  The 'good' users get right in, with no prompts.  This is good.  However, the 'bad' (denied) users get a prompt to enter their credentials only to be denied.  I would like to eliminate the need for them to even try and enter credentials and send them directly to an "access denied" page (no prompts).  It only wastes their time and aggrevates them. Thoughts? Tha...

Role authorization
For role authorization if we specify location path is there any way to notify a user that they were denied access to a directory instead of just redirecting them to the forms logon page with no feedback. For instance if i put the following location path in my web.config file and a user tries to access a link to a file in the folder it just shows them the forms logon page. If they type their username and password it redirects them immediately back to the user logon page. There is no feedback that they do not have access to the folder. Is there an event i can hook into to either direct them to...

Redirect to certain page when authenticated users are not allowed access to a restricted page
I have this code that denies all unauthenticated users to the site. Once logged in I only want to allow BOB access to mypage.axd. When an authenticated user tries to access mypage.axd they get sent back to the login page. They are already logged in they are just not allowed access to that certain page so can I do a redirect to somewhere else apart from the login page?   <authentication mode="Forms"> <forms path="/" loginUrl="/login.aspx" protection="All" requireSSL="false"/> </authentication> <authoriz...

Need help related to redirecting to login page if unauthorised user try to view secure page
Hello AllI am facing a problem when an unauthorized user tries to access a secure page. Usually the unauthorized user is redirected to the login page without any note or any information given to them saying that " YOU ARE UNAUTHORIZED TO VIEW THIS PAGE ". Can anyone help me as my requirement is to  either display a message or redirect them to an error page first and then depending on the users choice, user will click on given link to continue the older session of  browsing or login to different role which is having access to view Secure page. Store userid / username i...

Routing unauthenticated users to login page, then onto the intended secure page after login
Ok, in my setup, I made a folder called "Secure" and in the ASP.NET web administration tool via VWD, I added an access rule that denies anonymous users access to aspx files in that folder.  Now, when I directly type in a URL pointing to an aspx file in the "Secure" folder when I'm unauthenticated, the system knows to route me to the login page (I'm using the default membership provider in VWD), and after successful login, to the secure page that was the intended destination.  So I thought all was good.  For reference, here's how it looks li...

How to redirect Login page even we access other pages in application
hi friends i want to open a login page first even for accessing any other pages in the application.my code in web.config:<authentication mode="Forms"><forms loginUrl="~/Pages/login.aspx" defaultUrl ="~/Pages/default2.aspx" protection ="Validation" timeout="30"/></authentication><authorization><deny users ="?"/></authorization><location path ="~/Pages/default2.aspx"><system.web ><authorization ><deny users="?"/></authorization></system.web></location><location path ="~/Pages/DepartmentMain.aspx"><system.web...

Anonymous Access to some pages, Secure access to other pages
I have an application that I want to allow anonymous access to some of the pages and enforce page level authorization on others. How do I go about setting up the authorization settings in Webconfig? I'm using forms authenitcation with the RedirectFromLoginPage method. Try this for the web.config <configuration> <system.web> <authentication mode="Forms"> </authentication> <authorization> <allow users="*" /> </authorization> </system.we...

Redirecting from login page to different pages based on user roles
Hi,I have this requirement where the user on successful login has to be redirected to different pages based on the user role. For example: I have 3 pages - Sales,Recruiting and HR . When a user in the recruiter role logs in, he/she should be redirected to the recruiting page. How can I achieve this with DNN. Any suggestion/help is appreciated.Thanks,Trisha <qoute>Hi,I have this requirement where the user on successful login has to be redirected to different pages based on the user role. For example: I have 3 pages - Sales,Recruiting and HR . When a user in the recruiter role logs in,...

Redirect from registration page in a subfolder to another page than the login page
Hi! I have a web application with a root, containing all my secure files like the Login page and the Welcome page. Therefore, I have the following settings in the config file: <authentication mode="Forms"> <forms loginUrl = "login.aspx" protection = "Encryption" timeout = "130" path = "/" /> </authentication> <authorization> <deny users="?" /> </authorization> and the following code in the login.aspx.cs, which is processed when the password matches with a password stored in a database: FormsAuthentication.SetAuthCookie(TBUsername.Text,false)...

Paging Paging Paging
I am trying to do paging with my search results and it isnt working very well. Here is what I've tried and I feel I've tried everything, lol, please help me out. Sub DataGrid1_SortCommand(Sender as object, e as DataGridSortCOmmandEventArgs) DataGrid1.DataBind() End Sub Sub Datagrid1_PageIndexChanged(Sender as object, e as DataGridPageChangedEventArgs) Dim ds as dataSet DataGrid1.CurrentPageIndex = e.NewPageIndex if Session("Search") is nothing then 'Session probably has expired, get the datasource from database Datagrid1.DataSource = ...

context.Response.Redirect is sending user to login page.. even for unsecured pages??
Hi all, I have an HttpHandler in my application, which runs fine under the VS IDE. When I put it up on the server it's asking users to login when it redirects them to unsecured pages (which it shouldn't, they're ment to be freely accesable).The way the application was set up (before I picked it up) was that each page that does not require the user to logon to view is identified in the web.config. The page the HttpHandler Response.Redirects to in one such page (that's tried and tested and that page is linkable to from outside pages, etc). The HttpHandler basicly inte...

Not redirecting user to login page when accessing restricted site.
Hi Guys,  I need your insight on this issue that I'm currently having.I have successfully implemented some restrictions on my websiteusing SqlRoleProvider and a Custom Membership Provider. My question is this:Whenever a restricted user accessed a restricted page on my site,the user is automatically redirected to the login page. I would wantto customize that functionality, say not redirecting to the login pagebut only displaying a message. So, how do I prevent from being redirectedto the login page automatically whenever the user accessed a restric...

if page = current page redirect to other page
 hi ppl.. i wan to redirect my page to another page once read the page display is not the correct page. For example. once it reads the page is page1.aspx it will automatically redirect to page2.aspx  In your page load you can do the following: if(Request.Url.Contains("page1.aspx") { Response.Redirect("~/page2.aspx"); }    i tried but if(Request.Url.contains ... url does not have contains .. i am using C#i tried Request.Url.Equals ... also not working.. ...

Redirect an authenitcated user from a page to which they are denied access in the Web.config
In my web.config <LOCATION path="MYDIR"> <SYSTEM.WEB> <AUTHORIZATION> <DENY users="*"> <ALLOW roles="Allowed_User_Role"> </AUTHORIZATION> </SYSTEM.WEB> </LOCATION>  In my web.sitemap <SITEMAPNODE title="My Page" description="My Page" url="~/MYDIR/mypage.aspx" roles="Allowed_User_Role" /> What I want to happen: - I don't want the SiteMapNode in my TreeView to show to users not in the Allowed_User_Role. Th...

Web resources about - Denying access to a page to certain users redirects to login page - asp.net.security

Wikipedia:Redirect - Wikipedia, the free encyclopedia
This page documents an English Wikipedia editing guideline . It is a generally accepted standard that editors should attempt to follow, though ...

Asteroid Redirect Mission: Boulder Collection Concept - YouTube
This animation illustrates one of two robotic mission concepts under consideration for NASA's Asteroid Redirect Mission. In this concept, the ...

CloudFlare boss’s Gmail hacked in redirect attack on 4Chan
Content distribution network CloudFlare reset all its customer API keys over the weekend after its CEO’s personal and corporate Gmail was breached ...

Return to sender: is it really that hard to redirect your mail when you move?
Scrawling &quot;return to sender&quot; on past residents' mail is getting old, writes Meena Evers.

Parramatta shootings: We need to redouble our efforts to redirect all at-risk teens from a destructive ...
He was too young to drive, and too young to vote. We may discover why he killed, but we may not. What we can do is boost our efforts to divert ...

Budget 2015: Generic drug prices expected to fall as Government redirects health spending
Patients will benefit from a significant drop in the price of many common drugs with changes due in next week's budget.

Redirect 'spying,' ad funds to student jobs, Tories told
The federal government is highlighting its funding for student summer jobs at the same time it has come under fire from the opposition for the ...

Redirect Permanent
Just a little note to tell you this blog has now completely moved to its new home. I hope you find it nicer, especially more mobile-friendly. ...

Colorado governor candidate redirects volunteers to Douglas County races
KUSA-Republican gubernatorial candidate and current Colorado Secretary of State Scott Gessler is wading into a local school board election. ...

Pinterest to Disable Affiliate Links, Redirects and Tracking on Pins
... Pinterest is going to clamp down on the practice . The social bookmarking site sent its users an email notifying them that affiliate, redirects ...

Resources last updated: 2/11/2016 3:52:38 AM