ASP.NET - Authentication global.asax - Asked By Anandh Ramanujam on 19-Apr-11 08:39 AM

Hi,

Iam working in an asp.net application which is based on windows authentication.

But not all the users can use the application.

Im having list of users (windows login id) maintaining in the database who can access the application.

The users accessing the application apart from the listed users, then the application should redirect to the unauthorized page.

Now, the existing process is in each and every page, im checking whether this is the right person. If it is not, then the application redirect to the unauthorized page.

I dont want to check this is in every page. Can we able to do in global.asax. If so, how can we do...

Please help me in this regard.

Thanks.





dipa ahuja replied to Anandh Ramanujam on 19-Apr-11 08:43 AM
Check this article..

This will help you

http://www.codeproject.com/KB/web-security/formsroleauth.aspx
TSN ... replied to Anandh Ramanujam on 19-Apr-11 08:50 AM
Hi..

In the Global.asax file raise the Application_OnAuthenticateRequest, there get the required list of users and check the condition to redirect the user to unauthorized or authorized page...

hope this helps you...
Jitendra Faye replied to Anandh Ramanujam on 19-Apr-11 08:53 AM

ASP.NET supports various authentication modes, including Windows authentication, forms authentication, Passport authentication, and custom authentication. You should choose Windows authentication if your user accounts are maintained by a Microsoft® Windows NT… domain controller or within Microsoft Windows… Active Directory™ and there are no firewall issues.

The main benefit of using Windows authentication is that it can be coupled with IIS authentication so that you don't have to write any custom code.

For more detail follow this link-

http://msdn.microsoft.com/en-us/library/ff647405.aspx

Anandh Ramanujam replied to dipa ahuja on 19-Apr-11 08:53 AM
Thanks for ur reply...

In my application no login page at all.

Directly they can use the url.

Anandh Ramanujam replied to TSN ... on 19-Apr-11 08:55 AM
Thanks.

I tried that...

But what happens, when I redirect the page to unauthorized page, again this event will fire and keep on going like recursion... I dont know how to handle it...
Mihir Soni replied to Anandh Ramanujam on 19-Apr-11 10:42 AM
Hello,

for that you need to have a knowledge of active directory authentication where you can specify user group or specify username to allow access to user

http://msdn.microsoft.com/en-us/library/ms180890(v=vs.80).aspx

hope this helps you.

thank you.
TSN ... replied to Anandh Ramanujam on 20-Apr-11 04:26 AM
HI..

Yes, the Application_AuthenticateRequest event fires upon attempting to authenticate the user when he/she visite your site. I think you can handle the OnAuthenticateRequest and filter URl like this example so that page will not goes into an endless loop

      if (!Request.Url.ToString().ToLower().Contains("content.aspx"))
      {
        Response.Redirect("content.aspx");
      }

Hope this helps you.........