Unauthorized user is also getting access to internal pages.

Question

0.00/5 (No votes)

See more:

, +

Hi,
I am trying to build an web application in which,
1. Contains Master page and internal pages (Content pages to Master page).
2.When application is started, user is taken to Login.aspx page (which is not a content page of Master page.)
3. Once user is valid (authenticated), he will be redirected to one of the content pages in master page.

I have completed up to this.
I am using <authentication mode="Form">
I also used <authorization>
<deny users="?">

Still,
Problem i am facing is:

When user is shown Login page, If user requests for inter page (say: /TicketAdmin.aspx), The page will be shown to him.

When i checked with HttpContext.Current.User.Identity.IsAuthenticated .. -it returns True for him!

Kindly help...

Regards
Kiran

Posted 19-Aug-15 4:01am

Kiran2401

Updated 19-Aug-15 4:14am

CHill60

v2

Add a Solution

Comments

F-ES Sitecore 19-Aug-15 11:43am

I don't really understand your question, but most Master page problems come from people not understanding that the master page is simply wrapped around the content page. It is the *content* page that is actually been accessed. If you think protecting access to the master page is going to stop people accessing content pages then you're mistaken. You need to ensure your content pages are in a folder that anonymous users are denied access to, where the master page is is irrelevant.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2015-08-19T04:14:00

Just don't show the restricted content to an unauthorized user. What's the problem?
Remember that any user can request any page. It's up to you what to show on this page. The whole purpose of ASP.NET and any other server-side technology is to generate HTML pages and any other resources dynamically, depending on some data, in response to HTTP request.

—SA