Hi,
I'm using SQL Server 2008 session states in my web app and also SQL Server Authentication. The website is intended for deployment on the Internet and only authenticated users are supposed to access it. I created a SQL Server database that stores the authorized users information. I haven't deployed the web app yet.
But testing on the dev machine, I could still access the Home.aspx web page just by typing its address on the browser. I've added this to my web config file:
<location path="Home.aspx">
<system.web>
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
</system.web>
</location>
My Login page is not using ASP.NET control. I just used username/password textboxes. I salted and hashed the password and validate credentials based on username and password. I'm not using any Membership because of SQL Server Authentication mode.
Appreciate any help on how to get this working.