Women in Technology

Hear us Roar



Article:
  ASP.NET Forms Authentication - Part 1
Subject:   Emergency-Form level authentication
Date:   2004-02-03 23:05:34
From:   mohsen_ja
hi.
I've faced with a problem in my .Net project.
I wanna use form level authentication but not for all forms of project. In the other words, when a certain form is called, I want to authenticate user to see whether he/she is allowed to access that form or not.
Thanks.


Kindly Regards,
Mohsen

Full Threads Oldest First

Showing messages 1 through 3 of 3.

  • Emergency-Form level authentication
    2004-06-03 09:02:25  WayneSO [View]

    Mohsen,

    I also need to allow access to all users on some pages in my applicaion while using forms authentication. Have you had any replies to your post or have you figured out how to do this?

    Thanks,
    Wayne
    • Emergency-Form level authentication
      2004-06-10 16:38:26  altanic [View]

      look into the URLAuthorization stuff. I don't claim to have a solid handle on this but I've accomplished a working example on doing exactly what you guys ask for by setting each file/folder's authorization settings in the web.config file.

      You would want to add an element such as:
      <location path="PublicPage.aspx">
      <system.web>
      <authorization>
      <allow users="*"/>
      </authorization>
      </system.web>
      </location>

      for each item/folder you want to be freely available to everybody. Conversely, you could open your whole site to allow users="*" and then change the above to:

      <location path="protected_directory">
      <system.web>
      <authorization>
      <deny users="?"/>
      </authorization>
      </system.web>
      </location>

      so as to protect this one directory. (or page if you like)

      I think the key comes in understanding the <location> element and how it is used. Once you learn this you'll know enough.
      • Emergency-Form level authentication
        2004-09-10 14:23:49  Bev3 [View]

        Thanks ... I inherited a site that required an initial login ... as soon as the site was accessed, the first page was a login.aspx page.

        It was later decided to have an open website with the previously secured information linked to from the default.aspx page.

        Using the .Net 'Solution Explorer', I created a new subdirectory called "dbpages" and, again using the .Net 'Solution Explorer', I cut/pasted all of the original root directory pages and subdirectories into "dbpages".

        After a lot of hair pulling / trying web.config files in subdirectories / wandering the web looking for a solution, I read this about <location> and tried it ... thanks much!

        Previously, my root web.config was:

        <?xml version="1.0" encoding="utf-8"?>
        <configuration>
        <system.web>
        <authentication mode="Forms">
        <forms name=".myCookie" loginUrl="./Login.aspx" protection="All" timeout="40" path="/"/>
        </authentication>

        <authorization>
        <deny users="?"/>
        </authorization>

        </system.web>
        </configuration>

        Now, my root web.config is:

        <?xml version="1.0" encoding="utf-8"?>
        <configuration>
        <location path="dbpages/">
        <system.web>
        <authentication mode="Forms">
        <forms name="./dbpages/myCookie" loginUrl="./dbpages/Login.aspx" protection="All" timeout="40" path="./dbpages/"/>
        </authentication>

        <authorization>
        <deny users="?"/>
        </authorization>

        </system.web>
        </location>
        </configuration>

        I've left out a lot of <compilation> and <appSettings> as not pertinent to the discussion.

        I also do not have/need any othe web.config than the one in the root directory ... thanks again!