[thelist] .net login

Ken Schaefer Ken at adOpenStatic.com
Tue Jun 26 17:26:04 CDT 2007


It shouldn't screw up anything. You just need to be aware of whether it would
conflict with anything you already have setup (i.e. your server is no longer
in a default configuration - e.g. someone mapped HTML to some other extension
like SSI)

Cheers
Ken 

-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jeremy Coulson
Sent: Wednesday, 27 June 2007 12:37 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] .net login

Wow. What are the chances option A could screw something else up on the web
server?  It sounds easy enough, but I've only been here for 4 months and I'd
rather not be the cause of some catastrophic failure of technology until
after my first performance review.

Jeremy Coulson, PC Technician/Webmaster
County of Frederick
(540) 722-8211
jcoulson at co.frederick.va.us

-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Ken Schaefer
Sent: Tuesday, June 26, 2007 1:26 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] .net login

Hi Jeremy,

Until IIS 7.0 is released, only pages mapped to the ASP.NET ISAPI Extension
will be protected by ASP.NET Forms Based Authentication. 

Your HTML file will be mapped to the IIS static file handler by default, and
so ASP.NET is never invoked when handling the page request, and the FBA will
never kick in.

Your options?
a) map .html to ASP.NET (like aspx pages are)
b) change pages with the .html extension to .aspx instead
c) use some other security system

To do (a), open IIS Manager, and bring up the properties of your website. On
the Home Directory tab, click the "Configuration" button. On the "Mappings"
tab, map .html to ASP.NET in the same way that .aspx is

Cheers
Ken

-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jeremy Coulson
Sent: Tuesday, 26 June 2007 6:17 AM
To: evolt
Subject: [thelist] .net login

Hello friends,

 

First off, thanks to those who tried to help me with an IE issue recently.
I tried all suggestions and nothing helped, so I just decided to reinstall
Windows.  It's nice to get a clean install once in a while, anyway.

 

Here's my new problem.  In case you won't be able to tell, I'm hardly a
programmer and generally a n00b to .Net.  We have an intranet site that's
hosted on a server and only available on our local network in the building.
We have several outside locations who would like access to the intranet and
some employees have expressed an interest in using some of the features from
home, so I want to move the intranet to our web server.  I don't, however,
want the entire world to read the intranet, so I want to set up some kind of
login deal.  

 

The server is running Windows 2003 and .Net Framework 1.1.  We can't upgrade
to 2.0 just yet because the vendor who makes our e-Treasurer apps has some
compatibility concerns.  So far, I have had success making a database of
usernames and passwords and using a login form to send a user to one page or
another depending on whether or not the credentials supplied were found in
the database.  Score.  

 

The problem is that if a person wanted to go to intranet/topSecretPage.html
without logging in at intranet/login.aspx, all that person needs to do is
type the URL for topSecretPage.html directly.  Our software vendor told me
to use a cookie and set up sessions for users, but they didn't offer any
information beyond that.  I've chipped away at the problem for weeks now,
but I'm at a point where I need assistance.  I'm not asking for someone to
do it for me; I just need a nice example and overview of how to accept
credentials, check them against a database, assign a session to a user, and
allow that user access as long as that session remains valid.  

 

Thanks.

 

Jeremy Coulson, PC Technician/Webmaster

County of Frederick

(540) 722-8211

jcoulson at co.frederick.va.us





More information about the thelist mailing list