[thelist] .net login

Ken Schaefer Ken at adOpenStatic.com
Tue Jun 26 00:26:10 CDT 2007

Hi Jeremy,

Until IIS 7.0 is released, only pages mapped to the ASP.NET ISAPI Extension
will be protected by ASP.NET Forms Based Authentication. 

Your HTML file will be mapped to the IIS static file handler by default, and
so ASP.NET is never invoked when handling the page request, and the FBA will
never kick in.

Your options?
a) map .html to ASP.NET (like aspx pages are)
b) change pages with the .html extension to .aspx instead
c) use some other security system

To do (a), open IIS Manager, and bring up the properties of your website. On
the Home Directory tab, click the "Configuration" button. On the "Mappings"
tab, map .html to ASP.NET in the same way that .aspx is


-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jeremy Coulson
Sent: Tuesday, 26 June 2007 6:17 AM
To: evolt
Subject: [thelist] .net login

Hello friends,


First off, thanks to those who tried to help me with an IE issue recently.
I tried all suggestions and nothing helped, so I just decided to reinstall
Windows.  It's nice to get a clean install once in a while, anyway.


Here's my new problem.  In case you won't be able to tell, I'm hardly a
programmer and generally a n00b to .Net.  We have an intranet site that's
hosted on a server and only available on our local network in the building.
We have several outside locations who would like access to the intranet and
some employees have expressed an interest in using some of the features from
home, so I want to move the intranet to our web server.  I don't, however,
want the entire world to read the intranet, so I want to set up some kind of
login deal.  


The server is running Windows 2003 and .Net Framework 1.1.  We can't upgrade
to 2.0 just yet because the vendor who makes our e-Treasurer apps has some
compatibility concerns.  So far, I have had success making a database of
usernames and passwords and using a login form to send a user to one page or
another depending on whether or not the credentials supplied were found in
the database.  Score.  


The problem is that if a person wanted to go to intranet/topSecretPage.html
without logging in at intranet/login.aspx, all that person needs to do is
type the URL for topSecretPage.html directly.  Our software vendor told me
to use a cookie and set up sessions for users, but they didn't offer any
information beyond that.  I've chipped away at the problem for weeks now,
but I'm at a point where I need assistance.  I'm not asking for someone to
do it for me; I just need a nice example and overview of how to accept
credentials, check them against a database, assign a session to a user, and
allow that user access as long as that session remains valid.  




Jeremy Coulson, PC Technician/Webmaster

County of Frederick

(540) 722-8211

jcoulson at co.frederick.va.us



* * Please support the community that supports you.  * *

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt ! 

More information about the thelist mailing list