How to keep a default page with Forms Authentication?_问答_开发者

How to keep a default page with Forms Authentication?

开发者 https://www.devze.com 2023-03-29 08:39 出处：网络

I\'ve got a website that uses Forms Authentication, my dilemma is I need users to hit the Default.aspx page when they first navigate to the site with \"www.[site].com\". Then they have the option of c

I've got a website that uses Forms Authentication, my dilemma is I need users to hit the Default.aspx page when they first navigate to the site with "www.[site].com". Then they have the option of clicking on the login link to get redirected to the login page and login to the site from there.

Right now whenever you request the site, you always get the login page. I'm not sure I'm using the right approach though?

Any thoughts?

Update: like this flow:

Navigate to www.[site].com
Get Default.aspx
Click on LoginStatus control configured with an image
Redirects to Login.aspx

Considering that web.config looks like:

<authentication mode="Forms">
  <forms loginUrl="Default.aspx" timeout="20" protection="None" cookieless="UseCookies"/>
</authentication>

The LoginStatus control is like this:

 <div class="loginStat">
            <asp:LoginStatus ID="HeadLoginStatus" runat="server" LogoutAction="Redirect" LoginImageUrl="~/images/Key-icon.png"
                LogoutImageUrl="~/images/LogOut32.png" LogoutP开发者_如何学CageUrl="~/" ToolTip="Log in/out" />
        </div>

How about setting the DefaultUrl property to "default.aspx" and exlude the login.aspx from the forms authentication tag?

Edit based on your comment:
Apparently you didn't exclude the login.aspx. Add this in the appropriate place inside the web.config of your root (if login.aspx and default.aspx are placed inside the root)

<location path="login.aspx"> 
 <system.web>
  <authorization> 
    <allow users="*" />
  </authorization>
  </system.web>
</location>

Your issue is that you've got Default.aspxspecified as the "loginUrl" property within your "Forms" authentication tag. Your second issue is probably that you are not allowing anonymous users access to Default.aspx.

Modify your web.config to look like this:

<authentication mode="Forms">
    <forms defaultUrl="Default.aspx" loginUrl="Login.aspx" timeout="20" protection="None" cookieless="UseCookies"/>
</authentication>

The key to allowing anonymous users to view Default.aspx without Forms Authentication automatically redirecting them to Login.aspx is to include this in your web.config:

<location path="Default.aspx"> 
    <system.web>
        <authorization> 
            <allow users="*" />
        </authorization>
    </system.web>
</location>

This will allow users to see Default.aspx without logging in. If the user is anonymous the LoginStatus control will use the "loginUrl" property of the "forms" tag as the location to link to, which with my configuration will be Login.aspx, as you desire.