Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Regarding ASP.NET Web Application

Reply
Thread Tools

Regarding ASP.NET Web Application

 
 
anbaesivam
Guest
Posts: n/a
 
      02-18-2009
I need to develop an ASP.NET web application. And application will be
accessed by normal users and administrators. In the application, the normal
users can only access a set of pages. If the normal user want to access an
administrative page, then a login page needs to be displayed for
aunthenticated and if authentication is succesfull, then the page will be is
shown. For normal users page to displayed, there is no need for any
authentication.

To develop these type of application, what are configurations to made?.
Kindly provide any tutorial or sample application of this kind.

Thanks in advance.
 
Reply With Quote
 
 
 
 
Vince Xu [MSFT]
Guest
Posts: n/a
 
      02-18-2009
Hello Anbaesivam,

I think Asp.Net Membership and Role Manager can achieve it as you wish.
Please check the following reference:

http://weblogs.asp.net/scottgu/archi...Membership-and
-Roles-Tutorial-Series.aspx

In following reference, you can get some helpful samples of it:
http://www.dotnetjunkies.com/QuickSt.../membership.as
px

The following link is about "Authorizing Access to a Page with Role
Manager" that is what you need I think.
http://www.dotnetjunkies.com/QuickSt.../membership.as
px#auth

Furthermore, I will make a sample for you.

For example, I created two roles("user" and "admin") and there are two
folders(securedfolder and adminfolder) in the application.
1. The anonymous users can't access any pages in "securedfolder" or
"adminfolder" folder.
2. The managed users with "user" role can only access the pages in
"securedfolder" folder, but not for "adminfolder" folder.
3. The managed users with "admin" role can access any pages in the
application.

After deploying Membership and the roles for users, we need configure the
authorizing access to a folder in Web.Config.

<configuration>
<location path="securedfolder">
<system.web>
<authorization>
<deny users="?"/> <!--deny any anonymous
users-->
<allow users="*"/> <!--allow any managed
users-->
</authorization>
</system.web>
</location>
<location path="adminfolder">
<system.web>
<authorization>
<allow roles="admin"/> <!--allow any users
with "admin" role-->
<deny users="*"/> <!--deny any
anonymous/managed users-->
</authorization>
</system.web>
</location>
</configuration>

To redirect to the login page if authentication is not successful, please
deploy the following code in section "system.web" in Web.Config.

<authentication mode="Forms">
<forms name=".ASPXUSERDEMO" loginUrl="login.aspx"
protection="All" timeout="60"/>
</authentication>



Sincerely,

Vince Xu

Microsoft Online Support



Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subs...#notifications.

MSDN Managed Newsgroup support offering is for non-urgent issues where an
initial response from the community or a Microsoft Support Engineer within
2 business day is acceptable. Please note that each follow up response may
take approximately 2 business days as the support professional working with
you may need further investigation to reach the most efficient resolution.
The offering is not appropriate for situations that require urgent,
real-time or phone-based interactions. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subs.../aa948874.aspx



 
Reply With Quote
 
 
 
 
anbaesivam
Guest
Posts: n/a
 
      02-18-2009
I am restatin my requirement once again

Root
|
+-Public folder
+-Admin folder

Here the public folder can be accessed by any one including anonymous.
When the anonymous/normal user tries to access "Admin folder", then the
login page should be displayed for authentication.

And the problem with ASP.NET is that <authentication mode="Forms"> in the
root folder alone and in the sub-folder we can't specify it.

Please help me how to do this requirement.


"Vince Xu [MSFT]" wrote:

> Hello Anbaesivam,
>
> I think Asp.Net Membership and Role Manager can achieve it as you wish.
> Please check the following reference:
>
> http://weblogs.asp.net/scottgu/archi...Membership-and
> -Roles-Tutorial-Series.aspx
>
> In following reference, you can get some helpful samples of it:
> http://www.dotnetjunkies.com/QuickSt.../membership.as
> px
>
> The following link is about "Authorizing Access to a Page with Role
> Manager" that is what you need I think.
> http://www.dotnetjunkies.com/QuickSt.../membership.as
> px#auth
>
> Furthermore, I will make a sample for you.
>
> For example, I created two roles("user" and "admin") and there are two
> folders(securedfolder and adminfolder) in the application.
> 1. The anonymous users can't access any pages in "securedfolder" or
> "adminfolder" folder.
> 2. The managed users with "user" role can only access the pages in
> "securedfolder" folder, but not for "adminfolder" folder.
> 3. The managed users with "admin" role can access any pages in the
> application.
>
> After deploying Membership and the roles for users, we need configure the
> authorizing access to a folder in Web.Config.
>
> <configuration>
> <location path="securedfolder">
> <system.web>
> <authorization>
> <deny users="?"/> <!--deny any anonymous
> users-->
> <allow users="*"/> <!--allow any managed
> users-->
> </authorization>
> </system.web>
> </location>
> <location path="adminfolder">
> <system.web>
> <authorization>
> <allow roles="admin"/> <!--allow any users
> with "admin" role-->
> <deny users="*"/> <!--deny any
> anonymous/managed users-->
> </authorization>
> </system.web>
> </location>
> </configuration>
>
> To redirect to the login page if authentication is not successful, please
> deploy the following code in section "system.web" in Web.Config.
>
> <authentication mode="Forms">
> <forms name=".ASPXUSERDEMO" loginUrl="login.aspx"
> protection="All" timeout="60"/>
> </authentication>
>
>
>
> Sincerely,
>
> Vince Xu
>
> Microsoft Online Support
>
> £½£½£½£½£½£½£½£½£½£½£½£½£ ½£½£½£½£½£½£½£½£½£½£½£½£½ £½£½£½£½£½£½£½£½£½
>
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/en-us/subs...#notifications.
>
> MSDN Managed Newsgroup support offering is for non-urgent issues where an
> initial response from the community or a Microsoft Support Engineer within
> 2 business day is acceptable. Please note that each follow up response may
> take approximately 2 business days as the support professional working with
> you may need further investigation to reach the most efficient resolution.
> The offering is not appropriate for situations that require urgent,
> real-time or phone-based interactions. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://msdn.microsoft.com/en-us/subs.../aa948874.aspx
>
> £½£½£½£½£½£½£½£½£½£½£½£½£ ½£½£½£½£½£½£½£½£½£½£½£½£½ £½£½£½£½£½£½£½£½£½£½
>
>

 
Reply With Quote
 
Vince Xu [MSFT]
Guest
Posts: n/a
 
      02-19-2009
Hello Anbaesivam,

Firstly, please create two role: "normal" and "admin"

<configuration>
<location path="Admin">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="?"/>
<deny roles="normal"/> <!-- you can also use <deny users="*"/>
to deny any
anonymous/managed users -->
</authorization>
</system.web>
</location>
</configuration>

For second question, based on my understanding, your login page is in some
sub folder rather than root folder. If I have misunderstood you, please
feel free to let me know.
Actually, you can define the property "loginUrl" to locate the page
wherever it is.

<authentication mode="Forms">
<forms name=".ASPXUSERDEMO"
loginUrl="subfolder/login.aspx"
protection="All" timeout="60"/>
</authentication>


Sincerely,

Vince Xu

Microsoft Online Support

 
Reply With Quote
 
anbaesivam
Guest
Posts: n/a
 
      02-19-2009
> <configuration>
> <location path="Admin">
> <system.web>
> <authorization>
> <allow roles="admin"/>
> <deny users="?"/>
> <deny roles="normal"/> <!-- you can also use <deny users="*"/>
> to deny any
> anonymous/managed users -->
> </authorization>
> </system.web>
> </location>
> </configuration>


With the above configuration how can I redirect the page to Login.aspx, when
a normal user access the path "Admin"?

"Vince Xu [MSFT]" wrote:

> Hello Anbaesivam,
>
> Firstly, please create two role: "normal" and "admin"
>
> <configuration>
> <location path="Admin">
> <system.web>
> <authorization>
> <allow roles="admin"/>
> <deny users="?"/>
> <deny roles="normal"/> <!-- you can also use <deny users="*"/>
> to deny any
> anonymous/managed users -->
> </authorization>
> </system.web>
> </location>
> </configuration>
>
> For second question, based on my understanding, your login page is in some
> sub folder rather than root folder. If I have misunderstood you, please
> feel free to let me know.
> Actually, you can define the property "loginUrl" to locate the page
> wherever it is.
>
> <authentication mode="Forms">
> <forms name=".ASPXUSERDEMO"
> loginUrl="subfolder/login.aspx"
> protection="All" timeout="60"/>
> </authentication>
>
>
> Sincerely,
>
> Vince Xu
>
> Microsoft Online Support
>
>

 
Reply With Quote
 
Vince Xu [MSFT]
Guest
Posts: n/a
 
      02-19-2009
Hello Anbaesivam,

To redirect to the login page if authentication is not successful, please
deploy the following code in section "system.web" in Web.Config.

<authentication mode="Forms">
<forms name=".ASPXUSERDEMO"
loginUrl="folder/login.aspx" protection="All" timeout="60"/>
</authentication>

Sincerely,

Vince Xu

Microsoft Online Support

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Web application or mvc web application? Andy B ASP .Net 0 08-13-2008 11:32 AM
Need help regarding java application development.... s.nitesh.87@gmail.com Java 0 03-17-2008 03:12 AM
Converting Web Site to Web Application (AJAX web service goes missing) Lloyd Sheen ASP .Net 1 11-15-2007 05:46 PM
Regarding increasing no. of GDI objects in my application sonali_reddy123@yahoo.com ASP .Net 0 09-15-2006 07:01 AM
question regarding overriding of web.config in the root directory..in a web app in a virtual directory dotnetprogram ASP .Net 1 12-27-2003 06:02 AM



Advertisments