Some days back when I was working on a simple asp.net application, I tried to implement form based security,  I started with a very simple scenario with only two pages

  1. SignIn.aspx
  2. Default.aspx

In my application only authenticated users were allowed to access “Default.aspx” page which is very easy to implement through form based security, for that I made a change in web.config like this:

<system.web>

<authentication mode=”Forms”>

            <forms loginUrl=”SignIn.aspx” name=”.ASPNETAUTH”></forms>

      </authentication>

      <authorization>

            <deny users=”?”/>

      </authorization>

</system.web>

 

 

This shows if a user is not authenticated he/she will be redirected to “SignIn.aspx” page, which is very nice.

Then I tried to made it more usefull and I added a “SignUp.aspx” page, purpose of the page was very clear, If a user is not authenticated he can use “SignUp” page, but according to my settings in web.config file, accessing the “SignUp” page was not possible because user is only allowed to access “SignIn.aspx” page if he/she is not authenticated, after some googling a found this solution

<location path=”SignUp.aspx”>

            <system.web>

                  <authorization>

                        <allow users=”*”/>

                  </authorization>

            </system.web>

      </location>

      <system.web>

            <authentication mode=”Forms”>

                  <forms loginUrl=”SignIn.aspx” name=”.ASPNETAUTH”></forms>

            </authentication>

            <authorization>

<deny users=”?”/>

            </authorization>

</system.web>

Solution for Error: The following file(s) have been blocked by the administrator

Recently when I tried to upload a .mdb (Access Database) file in a Document Library I got this error

Solution : You’re unable to update the Access file because SharePoint by default blocks .MDB files.

Do the following:

1. Go to SharePoint Central Administrator.

2. Under the “Security Configuration” section, click “Manage Blocked File Types”.

1

3. Find MDB.

4. Remove MDB from the list & click the “OK” button.

2

if it is helpful, plese dont forget to leave a comment.

Hello
This article deals with the problem of getting access to the restricted area of a website even after logging out.
We are not going to use form Controls like login control and etc.
1) Let us first see what happens when you visit a webpage. When it is loaded into your browser, it keeps copy of the page in browser cache. Now suppose, a user request for a url http://www.domain.com/restrictedarea/login.aspx. When this url opens, it asks for username and password. Based on authentication, user is redirected to home page of that restricted area. When that home page loads, its copy is captured by browser cache. Now when a user click logout, we will definately redirect user to login page or any other page of our choice. But problem now starts, when user click back button of a browser, cached copy of that browser will be displayed again revealing the text of that page to another user on that pc.
2) This needs to be prevented especially in a case when you are working on a public computer and you dont want that page again to be viewed by anonymous user.
3) Now lets see the solution.
4) For this demo, we will create 2 aspx pages SignIn.aspx, home.aspx
5) Below is the coding of SignIn.aspx
********************
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class SignIn : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
if (this.Login1.UserName==”sa” && this.Login1.Password==”sa”)
{
HttpCookie ck=new HttpCookie(“AdminLogin” , “true”);
ck.Expires=DateTime.MaxValue;
Response.Cookies.Add(ck);
Response.Redirect(“Home.aspx”, true);
}
}
}

In the above coding when user enters username and password and clicks sign in button, credentials are checked and if found correct, one cookie value is created Response.cookies(“AdminLogin”)=true to tell the session that admin login is correct. Now you will be redirected to home.aspx which looks like following
**************
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class Home : System.Web.UI.Page
{

protected void LoginStatus1_LoggingOut(object sender, LoginCancelEventArgs e)
{
HttpCookie ck = Request.Cookies[“AdminLogin”];
ck.Value = “false”;
ck.Expires = DateTime.MaxValue;
Response.Cookies.Add(ck);
Response.Redirect(“SignIn.aspx”);
}
}
What this page does is it just set previous cookies values to false and redirects user to SignIn.aspx
6) Now the main thing lies in home.aspx
With simple aspx page, it will be cached in browser and it will be displayed no matter you do.
Now we have to tell the home.aspx page that session of admin is over and also you should not leave a copy of yours on browser cache.
This is how it is done
***********
using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class Home : System.Web.UI.Page
{

protected void Page_Load(object sender, EventArgs e)
{
Response.Cache.SetCacheability(HttpCacheability.ServerAndNoCache);
HttpCookie ck = Request.Cookies[“AdminLogin”];
if (ck!=null)
{
if (ck.Value==”false”)
{
Response.Redirect(“SignIn.aspx”, true);
}
}
}}

The first line of the page not to cache itself. Then simple is that, check cookie value we created in SignIn.aspx and check that its not false or null. If it is, then redirect the user to SignIn.aspx.
This will even work when you press back button of the browser.
Thats it.
I hope this basic security info will be helpful to many visitors.
Bye and have a nice day

you can download code from here

if it is helpful, plese dont forget to leave a comment.