Authorization on dynamic URL

178 views Asked by At

I have multiple child sites in a site. sometimes called tennants. what i mean by this is i will have 1 site but when users access the sites we will use their ip address to add there company name to the uri. example for users in company 1 and company 2 would be

http://www.main-site.in/company-1/ http://www.main-site.in/company-2/

We have managed to get the routing to work however we get issue with authorisation. for example we need to show error,login,forgot password paged based on child site.

location of page is ~/Account/ForgotPassword.aspx. so i want to access above page like below

account/forgot-password

company-1/account/forgot-password

company-2/account/forgot-password

Case 1 : if I call directly by physical url www.main-site.in/account/forgot-password It works well.

Case 2 : if I call by routing based url www.main-site.in/child-site-1/account/forgot-password In this case url authorization will generate permission denied error.

Note: I can't allow all user to access pages by default in authorization due to security issues. so I configured deny all user in root web.config's authorization section and also configured allow all user under a folder (Account) in authorization. Authorization section. I think url authorization module does not move request to route handler until url is authorized. Do I need to create a custom module for authorization ?

Please suggest?

0

There are 0 answers