I know there is a way to restrict user access to certain areas throughout your site using the web.config file, so that you don't have to use the classic ASP way of creating a session flag and verifying it on every page. While researching this, I'm running into a few snags.
What I want to do
Restrict users from signing up as members unless they 1) have agreed to a legal agreement (by clicking a checkbox stating they agree), and 2) enter a code that we give them authorizing them to signup as members. If both of those conditions have been met, then I want to allow them access to the "signup" folder which contains all the aspx files to signup (or, at least *will* include them in the future anyway.)
web.config setup
Here is how I currently have my web.config file setup. This is my best guess after doing research online, and directed more towards my needs. For future use, to restrict other areas of the site (once they ARE members) I want to have the users authenticated against a database record of their id and password...I don't want to use the web.config file to store that information.
In the top part of my "signupAgreement.aspx" page, I have the following script. It verifies that both the checkbox and code have been entered (and verifies that the code is correct. Then, if both conditions are met, I try to activate the system to allow them access to other areas within the signup folder. This is the part I believe is wrong. Please let me know if anyone notices what I'm doing wrong.
I realize this is a bit long, and I really appreciate any help anyone can provide, or if you can point me in the right direction!
-Ovatvvon :-Q
What I want to do
Restrict users from signing up as members unless they 1) have agreed to a legal agreement (by clicking a checkbox stating they agree), and 2) enter a code that we give them authorizing them to signup as members. If both of those conditions have been met, then I want to allow them access to the "signup" folder which contains all the aspx files to signup (or, at least *will* include them in the future anyway.)
web.config setup
Here is how I currently have my web.config file setup. This is my best guess after doing research online, and directed more towards my needs. For future use, to restrict other areas of the site (once they ARE members) I want to have the users authenticated against a database record of their id and password...I don't want to use the web.config file to store that information.
Code:
<configuration>
<system.web>
<customErrors mode="Off"/>
</system.web>
<system.web>
<authentication mode="Forms">
<forms loginUrl="signup/signupAgreement.aspx" protection="All" timeout="30" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="signup/">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>In the top part of my "signupAgreement.aspx" page, I have the following script. It verifies that both the checkbox and code have been entered (and verifies that the code is correct. Then, if both conditions are met, I try to activate the system to allow them access to other areas within the signup folder. This is the part I believe is wrong. Please let me know if anyone notices what I'm doing wrong.
Code:
<script runat="server">
Sub btnSignupCode_Click(sender As Object, e As EventArgs)
'<!-- Verifies the user checked the agreement checkbox, and provided
'the appropriate signup code for access. -->
Dim checkAgreement As Boolean = False
Dim checkCode As Boolean = False
If chkAgreement.checked = False Then
lblErrorMessageAgreement.Visible = True
Else
lblErrorMessageAgreement.Visible = False
checkAgreement = True
End If
If txtSignupCode.Text <> "abc" Then
lblErrorMessageSignupCode.Visible = True
Else
lblErrorMessageSignupCode.Visible = False
checkCode = True
End If
If checkAgreement=True and checkCode=True Then
System.Web.Security.FormsAuthentication.RedirectFromLoginPage("Signup Guest", chkPersist.Checked)
Else
Response.write("Invalid Credentials - go back and try again!")
End If
End Sub
</script>I realize this is a bit long, and I really appreciate any help anyone can provide, or if you can point me in the right direction!
-Ovatvvon :-Q