I am using forms authentication on ASP.NET. If I try to access a page by copying the query string and pasting it into the browser, it allows me access to the page.
How can this be prevented? I want the user to always have to login.
i am using web.config file below code it is not working...plz help me
<configuration>
<connectionStrings>
<add name="sugarcon" connectionString="server=(local);database=DSugar_Stores;User Id=sa;Password=adila" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.Extensions.Design, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add assembly="System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/></assemblies>
</compilation>
<authentication mode="Forms">
<forms name="Authen" protection="All" timeout="60" loginUrl="login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>
And i am using login button code
protected void btnlogin_Click(object sender, EventArgs e)
{
objrg = new registration();
objrg.User_Name = txt_name.Text;
objrg.Pass_Word = txt_pwd.Text;
objrg.Department = ddl_dept.SelectedItem.Text;
try
{
if (objdal.validateuser(objrg))
{
if (ddl_dept.SelectedItem.Text.Equals("Stores"))
{
Response.Redirect("Home2.aspx");
}
else if (ddl_dept.SelectedItem.Text.Equals("Engineering"))
{
Response.Redirect("Engineeringdepartment.aspx");
}
else
{
Response.Write("<script> alert('select valid department....');</script>");
}
}
else
{
Response.Write("<script> alert('invalid user name and password....');</script>");
}
}
catch(Exception ex)
{
Response.Write("<script> alert('"+ex.Message.ToString()+"');</script>");
}
finally
{
}
}