► Problem: Anyone can access a webpage, but I only want logged in users to be authorized to access it.
Background:
- Web Server = IIS 8
- Server OS = Windows Server 2012
- Framework = .NET 4.5
- Environment = .\WebFolder\logon.aspx, .\WebFolder\inside.html
- Website = Simple logon page ("logon.aspx") that guards an html page ("inside.html").
- Users = External people (ie, non-intranet)
Sample URLs:
A. "www.webpage.com/logon.aspx"
B. "www.webpage.com/inside.html"
Desired Outcome:
Everyone can access the "logon.aspx" page
Only logged on users can access the "inside.html" page
Any direct attempts to access "B" will trigger a redirect to "A"
No additional use of program code
Prior Attempts: I've been fiddling with the web.config file (authentication & authorization), but to no avail (501 Server Error, 401 Authorization Error, Runtime Application Error).
Web.Config File:
<system.web>
<authentication>
<forms name=".ASPXFORMSAUTH" loginUrl="logon.aspx" protection="All" timeout="1" path="/" slidingExpiration="true" requireSSL="false" />
</authentication>
<authorization></authorization>
</system.web>
Bottom line: I'm sure this is a very basic/easy thing to configure, it's just that I haven't been able to do it so far. Plus, I do not want to write any additional code in order to accomplish a seemingly fundamental task.
Thanks in advance!
Okay, I figured it out (after 7 hours). It requires four things (based on the example file structure):
1. Using the
FormsAuthenticationmoduleVS2012 → Project → Your credentials/authentication code → Use
FormsAuthentication.RedirectFromLogin(_var1_, _var2_)instead ofResponse.Redirect(inside.html)2. Adding a new node in the
web.configfile3. Including the 'defaultUrl' attribute in the
Formstag4. Adding a location tag authorization restriction to the 'web.config' file
See my comments (below) for an explanation of each of these four pieces.