Wrox Programmer Forums
|
ASP.NET 1.0 and 1.1 Professional For advanced ASP.NET 1.x coders. Beginning-level questions will be redirected to other forums. NOT for "classic" ASP 3 or the newer ASP.NET 2.0 and 3.5
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 1.0 and 1.1 Professional section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old December 12th, 2006, 11:30 AM
Authorized User
 
Join Date: Dec 2005
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
Default Security Question

How do you prevent a user from copying an address from a website that they have loged into, closing that browser, opening a new one and pasting the address and taking them directly where they left off.

What I want is if someone pastes the address into the address bar I want them to go directly to the login page and not the address entered.



 
Old December 12th, 2006, 11:58 AM
Wrox Author
 
Join Date: Oct 2005
Posts: 4,104
Thanks: 1
Thanked 64 Times in 64 Posts
Send a message via AIM to dparsons
Default

Well this depends on how you have setup your Website security. If you use the .NET FormsAuthentication classes this is a relatively easy requirement to fulfil.

When a user logs on to your website you would do something similar to this:

FormsAuthentication.RedirectFromLoginPage([username], [true||false])

Now, the bool value is what you need to be concerned with, if it is set to true the runtime will create a cookie on the users PC that will presist for 50 years if it is set to false the cookie will only persist for as long as the browser is open.

With that said, as long as you dont give the user the ability to stay logged into your website (a poor useability choice IMHO) you can manually set this to false in all of your code. Now say you have a directory structure like this:

**root files
     -->default.aspx
     -->otherfile.aspx
**super_secert_directory**
     -->super_secert_file.aspx

Lets say that the file super_secert_file.aspx is the page you dont want the user to directly link to once they have closed their browser what you need to do is add a web.config file to that directory that looks like this:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.web>

    <authorization>
        <deny users="?" />
    </authorization>

  </system.web>
</configuration>


If a user links directly to this page (and you have not allowed them to persist their logon cookie) they will be directed to the logon page. What this web config file "says" is that all anonomous users are not allowed to view ANY file in that directory. So if you had, say, 10 files in there, a user who isnt logged on couldnt view any of them!

Again this is assuming you are using forms authentication and it is, by far, the fastest way to achieve what you are asking.


hth.

-------------------------
I will only tell you how to do it, not do it for you.
Unless, of course, you want to hire me to do work for you.

^^Thats my signature
 
Old December 12th, 2006, 12:19 PM
Authorized User
 
Join Date: Dec 2005
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for the quick response. I'll give it a shot.

 
Old December 13th, 2006, 10:07 AM
Authorized User
 
Join Date: Dec 2005
Posts: 30
Thanks: 0
Thanked 0 Times in 0 Posts
Default

It worked. Thanks again.

 
Old December 13th, 2006, 10:39 AM
Wrox Author
 
Join Date: Oct 2005
Posts: 4,104
Thanks: 1
Thanked 64 Times in 64 Posts
Send a message via AIM to dparsons
Default

No problem, glad it worked for you.

-------------------------
I will only tell you how to do it, not do it for you.
Unless, of course, you want to hire me to do work for you.

^^Thats my signature





Similar Threads
Thread Thread Starter Forum Replies Last Post
Access security question kuznickic Access 2 August 4th, 2008 01:22 PM
Security question Grafixx01 Access 5 April 18th, 2007 11:24 AM
Ajax Security Question! evogli Ajax 1 November 2nd, 2006 05:46 AM
Web Services Security Question Wee Bubba .NET Web Services 0 September 15th, 2005 07:54 PM
data base security question TnTandyO Classic ASP Databases 9 February 13th, 2004 02:11 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.