5

I've got a website that uses Forms Authentication, my dilemma is I need users to hit the Default.aspx page when they first navigate to the site with "www.[site].com". Then they have the option of clicking on the login link to get redirected to the login page and login to the site from there.

Right now whenever you request the site, you always get the login page. I'm not sure I'm using the right approach though?

Any thoughts?

Update: like this flow:

  1. Navigate to www.[site].com
  2. Get Default.aspx
  3. Click on LoginStatus control configured with an image
  4. Redirects to Login.aspx

Considering that web.config looks like:

<authentication mode="Forms">
  <forms loginUrl="Default.aspx" timeout="20" protection="None" cookieless="UseCookies"/>
</authentication>

The LoginStatus control is like this:

 <div class="loginStat">
            <asp:LoginStatus ID="HeadLoginStatus" runat="server" LogoutAction="Redirect" LoginImageUrl="~/images/Key-icon.png"
                LogoutImageUrl="~/images/LogOut32.png" LogoutPageUrl="~/" ToolTip="Log in/out" />
        </div>
Improve this question

2 Answers 2

Reset to default
1

How about setting the DefaultUrl property to "default.aspx" and exlude the login.aspx from the forms authentication tag?

Edit based on your comment:
Apparently you didn't exclude the login.aspx. Add this in the appropriate place inside the web.config of your root (if login.aspx and default.aspx are placed inside the root)

<location path="login.aspx"> 
 <system.web>
  <authorization> 
    <allow users="*" />
  </authorization>
  </system.web>
</location>
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I've done that, and the reason why I felt it's not straight forward approach is that <asp:LoginStatus > control that has login image, always redirect you to the default page, in that case I have to use a linked image or something else to redirect to login page and forget about build-in code for forms authentication?
You haven't done what I told you to do, otherwise you would not be redirected to the default.aspx when opening the login.aspx. I've edited my post.
thank you citronas, I appreciate your answer, I've already have that in my web.config, problem is LoginStatus redirects to default page which is "default.aspx" instead of "login.aspx". From what I see, I think I should use a linked image or an href'd image with my own code to do the proper authentication.
How about rebuilding your own LoginStatus, if the LoginStatus is causing the redirect? It's very easy to get the Name of the logged in user, and the logout link are 3 lines of code
sorry for the late response, it's very easy to forget without email notification!! Yes I ended up doing that. Thank you very much!
1

Your issue is that you've got Default.aspxspecified as the "loginUrl" property within your "Forms" authentication tag. Your second issue is probably that you are not allowing anonymous users access to Default.aspx.

Modify your web.config to look like this:

<authentication mode="Forms">
    <forms defaultUrl="Default.aspx" loginUrl="Login.aspx" timeout="20" protection="None" cookieless="UseCookies"/>
</authentication>

The key to allowing anonymous users to view Default.aspx without Forms Authentication automatically redirecting them to Login.aspx is to include this in your web.config:

<location path="Default.aspx"> 
    <system.web>
        <authorization> 
            <allow users="*" />
        </authorization>
    </system.web>
</location>

This will allow users to see Default.aspx without logging in. If the user is anonymous the LoginStatus control will use the "loginUrl" property of the "forms" tag as the location to link to, which with my configuration will be Login.aspx, as you desire.

Improve this answer

2 Comments

thanks for the reply, are you suggesting that I don't assign anything to loginUrl? I actually ended up writing my own LoginStatus and added more jQuery stuff to it.
"loginURL" should be the URL which users use to log in. Just as it says on the tin :) The reason you always got the login page when you requested the site was that you hadn't allowed unauthenticated (aka "anonymous") users to access "Default.aspx". That's the second part of my reply.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.