«

I'm running a web site and implementing both folder(web.config) and class
level authorization. A new requirement came in to allow an external web site
to access some secure web pages directly, without going through the logon
page.

The users are valid users, and I will build the principle object anyway, but
I need to do this before they are being re-directed to the logon page.

Would removing the folder\file reference from the web.config file help?

Thanks
Alex

You could do something in the global Application_Authenticate event, whereas
if the HTTP-REFERER field has this "other" website, that it would create a
GenericPrinicipal like:
if( HttpContext.Current.Request.ServerVariables["HTTP_REFERER"] == "external
website" )
Context.User = new GenericPrincipal("extWebsite", ...);

else
/* you other code */

maybe try that... and this would be a good single place to see where the
overrides are, instead of scattering them in separate pages, making
manageability a little harder.

HTH


--
Eric Newton

C#/ASP.net Solutions developer


"Microsoft" <> wrote in message
news:...
> I'm running a web site and implementing both folder(web.config) and class
> level authorization. A new requirement came in to allow an external web
site
> to access some secure web pages directly, without going through the logon
> page.
>
> The users are valid users, and I will build the principle object anyway,
but
> I need to do this before they are being re-directed to the logon page.
>
> Would removing the folder\file reference from the web.config file help?
>
> Thanks
> Alex
>
>
>