Deny Users to acesss administrator pages by by direct copying url

Question

0.00/5 (No votes)

See more:

Hi All

I have a application on which i want to stop the users to navigate to admin pages which they can access by giving direct url. can any body please to help me.

i already tried the code

XML

<authentication mode="Forms">
      <forms loginUrl="~/default.aspx" defaultUrl="~/default.aspx"></forms>
    </authentication>

XML

<location path="Admin_Pages">
    <system.web>
      <authorization>
        <allow users="admin_Pages"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

in web config file.
But now the actual users also can not logon. after clicking login button they are redirecting the default page.

Posted 4-Jul-12 0:19am

Mir Ishaq

Updated 4-Jul-12 19:21pm

v2

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Mohd Imran Saifi · Answer 1 · 2012-07-04T20:07:00

Solution 3

use session at the time of login.
and after logout or Close the window clear the session.
and at page_load event check session. if session is null then redirect to the login pagae.

Posted 4-Jul-12 20:07pm

Mohd Imran Saifi

Sebastian T Xavier · Answer 2 · 2012-07-04T19:48:00

Solution 2

What about using session...

http://dotnetguts.blogspot.in/2009/06/basics-of-session-in-aspnet.html[^]

ASP.NET Session Management Internals[^]

http://asp.net-tutorials.com/state/sessions/[^]

http://msdn.microsoft.com/en-us/library/ms178581.aspx[^]

Regards
Sebastian

Posted 4-Jul-12 19:48pm

Sebastian T Xavier

Pranay Rana · Answer 3 · 2012-07-04T19:47:00

Solution 1

You login url should be your login page not default page

XML

<authentication mode="Forms">
      <forms loginUrl="~/login.aspx" defaultUrl="~/login.aspx"></forms>
    </authentication>

here is link to article talks about the same : Form authentication and authorization in ASP.NET[^]

Posted 4-Jul-12 19:47pm

Pranay Rana

Updated 4-Jul-12 19:48pm

v2

Comments

Sebastian T Xavier 5-Jul-12 1:49am

my +5

Rahul Rajat Singh 5-Jul-12 2:08am

good answer. +5.