Women in Technology

Hear us Roar



Article:
  ASP.NET Forms Authentication - Part 1
Subject:   Emergency-Form level authentication
Date:   2004-06-10 16:38:26
From:   altanic
Response to: Emergency-Form level authentication

look into the URLAuthorization stuff. I don't claim to have a solid handle on this but I've accomplished a working example on doing exactly what you guys ask for by setting each file/folder's authorization settings in the web.config file.


You would want to add an element such as:
<location path="PublicPage.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>


for each item/folder you want to be freely available to everybody. Conversely, you could open your whole site to allow users="*" and then change the above to:


<location path="protected_directory">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>


so as to protect this one directory. (or page if you like)


I think the key comes in understanding the <location> element and how it is used. Once you learn this you'll know enough.

Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • Emergency-Form level authentication
    2004-09-10 14:23:49  Bev3 [View]

    Thanks ... I inherited a site that required an initial login ... as soon as the site was accessed, the first page was a login.aspx page.

    It was later decided to have an open website with the previously secured information linked to from the default.aspx page.

    Using the .Net 'Solution Explorer', I created a new subdirectory called "dbpages" and, again using the .Net 'Solution Explorer', I cut/pasted all of the original root directory pages and subdirectories into "dbpages".

    After a lot of hair pulling / trying web.config files in subdirectories / wandering the web looking for a solution, I read this about <location> and tried it ... thanks much!

    Previously, my root web.config was:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
    <system.web>
    <authentication mode="Forms">
    <forms name=".myCookie" loginUrl="./Login.aspx" protection="All" timeout="40" path="/"/>
    </authentication>

    <authorization>
    <deny users="?"/>
    </authorization>

    </system.web>
    </configuration>

    Now, my root web.config is:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
    <location path="dbpages/">
    <system.web>
    <authentication mode="Forms">
    <forms name="./dbpages/myCookie" loginUrl="./dbpages/Login.aspx" protection="All" timeout="40" path="./dbpages/"/>
    </authentication>

    <authorization>
    <deny users="?"/>
    </authorization>

    </system.web>
    </location>
    </configuration>

    I've left out a lot of <compilation> and <appSettings> as not pertinent to the discussion.

    I also do not have/need any othe web.config than the one in the root directory ... thanks again!