Security

  Fly-Over Login Window vs. Dedicated Login Page

Table of Contents
SecurityPrint||
Fly-Over Login Window vs. Dedicated Login Page

If custom membership and role providers are enabled for a project then the application is configured to expose the page with the name Home to anonymous users. A link on a membership bar allows activating the fly-over Login window.

A fly-over login window in web app with custom membership and role providers created with Code OnTime application generator

Developers can re-design the page Home by removing the standard user controls and adding the custom ones. Standard user controls display a site map and login instructions.

Additional pages can be exposed to end users if their Roles property is set to “?”.

For example, create a new page MySiteMap, set its Roles property to “?” (do not copy the double quotes). Activate User Controls tab in Project Explorer, right-click the user control node TableOfContents and choose “Copy”. “Paste” the user control on the new page. Right-click the page and choose “View in Browser”.

The new page will be visible to anonymous users along with Home page.

A page of a web app is exposed to anonymous users if its 'Roles' property is set to '?'

A dedicated login page can “greet” users when they access the web app.

Select the project on the start page of application generator, choose Settings, and proceed to Authentication and Membership. Choose Login Window section and enable a dedicated login page instead of a fly-over login window. Click Finish button.

Select Refresh action to ensure that the dedicated login page is included in the application design. Do not choose any data controllers in Refresh Dialog and simply proceed to refresh the project by clicking on Refresh button.

Generate the project. A dedicated page will be displayed asking users to sign in.

A standard dedicated login page created by application generator

If you need to change the layout of the login page, then activate Project Designer. Select User Controls tab in Project Explorer. Right-click Login user control node and select “Edit in Visual Studio” option in context menu.

Activating Visual Studio to modify the 'Login' user control

Visual Studio will start and display the definition of the user control. The user control is configured to be generated “First Time Only”. Any changes done in Visual Studio will persist between sessions of code generation.

Notice that the pages available to anonymous users are still accessible if the URL of the page is known.

For example,  an anonymous user can access MySiteMap page created above by entering the URL directly in the address bar of a web browser without being required to sign in.

A page can be accessed directly in web app with a dedicated login page if its 'Roles' property is set to '?'

An attempt to access a protected page will redirect an anonymous user to the dedicated login page.