Databases
StackOverflow2013
Postsdbo
POForms authentication + URL Rewriting gives access to secure pages
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POForms authentication + URL Rewriting gives access to secure pages
    primarykey
    data
    text
    <p>I have a problem with URL rewriting and Forms authentication in ASP.NET... Based on articles I've found on the net, I have created the following <code>HttpModule</code>:</p> <pre><code>public class UrlRewriter : IHttpModule { private UrlRewriteConfigurationSection config; public UrlRewriter() { config = ConfigurationManager.GetSection("urlrewrites") as UrlRewriteConfigurationSection; } public void Dispose() { } public void Init(HttpApplication context) { httpApplication.AuthorizeRequest += new EventHandler(OnAuthorizeRequest); } private void OnAuthorizeRequest(object sender, EventArgs e) { string requestedPath = HttpContext.Current.Request.Path; foreach (UrlRewriteRule rule in config.UrlRewriteRules) { RegexOptions options = config.IgnoreCase ? RegexOptions.IgnoreCase : RegexOptions.None; Regex regex = new Regex(rule.UrlPattern, options); Match match = regex.Match(requestedPath); if (match.Success) { string newPath = regex.Replace(requestedPath, rule.RewritePattern); if (!String.IsNullOrEmpty(newPath)) { HttpContext.Current.RewritePath(newPath); return; } } } } } </code></pre> <p>The problem, however, is that this somehow disables authorization! To explain assume i have the following rewrite rule:</p> <p>UrlPattern: <code>^user/profile$</code> RewritePattern: <code>protected/profile.aspx</code></p> <p>And assume that the folder <code>protected</code> is setup to deny anonymous users access..</p> <p>Now, when the code in the <code>OnAuthorizeRequest</code> runs, it correctly rewrites the path to <code>protected/profile.aspx</code>, however, the problem is that I am shown the page, even though I'm not logged in! If I request the page directly (<a href="http://localhost/site/protected/profile.aspx" rel="nofollow noreferrer">http://localhost/site/protected/profile.aspx</a>) it does not allow access to the site..</p> <p>All articles I find on the net says I need to do the rewrite in <code>AuthorizeRequest</code> as opposed to <code>AuthenticateRequest</code> or <code>BeginRequest</code>..</p> <p>Any ideas?</p> <p>N.B.: I have tried moving my rewriting code to <code>AuthenticateRequest</code> which does seem to work, but redirection to the login page is not correct (e.g. it redirects to /login?returnUrl=protected/profile.aspx instead of login?returnUrl=user/profile)</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USMorten Jacobsen
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. POForms authentication + URL Rewriting gives access to secure pages
      1. USJosh Close
      1. VTFavorite
    2. VO
      singulars
      1. POForms authentication + URL Rewriting gives access to secure pages
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POForms authentication + URL Rewriting gives access to secure pages
      1. This table or related slice is empty.
      1. VTUpMod
    1. COMorten - this appears to be a duplicate of http://stackoverflow.com/questions/940067/using-forms-authentication-authorization-with-rewritten-urls
      singulars
      1. POForms authentication + URL Rewriting gives access to secure pages
      1. USjro
    2. COjro - You are right it is quite similar. However, the difference is that in your link, he solves the problem by adding .aspx to the "nice" url.. This does not work for me...
      singulars
      1. POForms authentication + URL Rewriting gives access to secure pages
      1. USMorten Jacobsen
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload