Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > File level permissions using the web.config & forms authentication

Reply
Thread Tools

File level permissions using the web.config & forms authentication

 
 
Stu Lock
Guest
Posts: n/a
 
      10-19-2004
Hi,

Is there a way of requiring a log in for individual asp.net pages rather
than securing a entire directory. I have a web app where there are 100+
pages but only 2 need to be password protected. I am currently using forms
authentication to block the entire folder:

<authentication mode="Forms">
<forms name=".MYCOOKIE"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>

Thanks in advance,

Stu


 
Reply With Quote
 
 
 
 
Girish Bharadwaj
Guest
Posts: n/a
 
      10-19-2004
Can you put them in a sub directory and use <location> tag to do the
authentication?

--
Girish Bharadwaj
http://msmvps.com/gbvb
"Stu Lock" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hi,
>
> Is there a way of requiring a log in for individual asp.net pages rather
> than securing a entire directory. I have a web app where there are 100+
> pages but only 2 need to be password protected. I am currently using forms
> authentication to block the entire folder:
>
> <authentication mode="Forms">
> <forms name=".MYCOOKIE"
> loginUrl="login.aspx"
> protection="All"
> timeout="30"
> path="/"/>
> </authentication>
> <authorization>
> <deny users="?" />
> </authorization>
>
> Thanks in advance,
>
> Stu
>
>



 
Reply With Quote
 
 
 
 
Stu Lock
Guest
Posts: n/a
 
      10-19-2004
> Can you put them in a sub directory and use <location> tag to do the
> authentication?


I could but I was looking for a 'nicer' way to do it. The pages are part of
quite a large content management system with hierachical menus. I would have
preferred not having to mess about with changing the menu links to pages if
they are to be secured.

If I can't do it by configuring the web.config file I'll probably go with
something like this in the pageload area:

If Not IsNumeric(Page.User.Identity) Then
Response.Redirect("logon.aspx?ReturnUrl="MyPage.as px")

Thanks for the response anyway.

Stu


"Girish Bharadwaj" <(E-Mail Removed)> wrote in message
news:OGL$(E-Mail Removed)...
> Can you put them in a sub directory and use <location> tag to do the
> authentication?
>
> --
> Girish Bharadwaj
> http://msmvps.com/gbvb
> "Stu Lock" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Hi,
>>
>> Is there a way of requiring a log in for individual asp.net pages rather
>> than securing a entire directory. I have a web app where there are 100+
>> pages but only 2 need to be password protected. I am currently using
>> forms
>> authentication to block the entire folder:
>>
>> <authentication mode="Forms">
>> <forms name=".MYCOOKIE"
>> loginUrl="login.aspx"
>> protection="All"
>> timeout="30"
>> path="/"/>
>> </authentication>
>> <authorization>
>> <deny users="?" />
>> </authorization>
>>
>> Thanks in advance,
>>
>> Stu
>>
>>

>
>



 
Reply With Quote
 
=?Utf-8?B?Q2hhcmxlcw==?=
Guest
Posts: n/a
 
      10-19-2004
Would this work:

<authorization>
<allow users="*"/>
</authorization>

<location path="folder/filename1.aspx">
<system.web>
<authorization>
<allow roles="user"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="folder/filename2.aspx">
<system.web>
<authorization>
<allow roles="user"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

I hope that helps!

Charles

"Stu Lock" wrote:

> Hi,
>
> Is there a way of requiring a log in for individual asp.net pages rather
> than securing a entire directory. I have a web app where there are 100+
> pages but only 2 need to be password protected. I am currently using forms
> authentication to block the entire folder:
>
> <authentication mode="Forms">
> <forms name=".MYCOOKIE"
> loginUrl="login.aspx"
> protection="All"
> timeout="30"
> path="/"/>
> </authentication>
> <authorization>
> <deny users="?" />
> </authorization>
>
> Thanks in advance,
>
> Stu
>
>
>

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
802.11 X port-level authentication or user-level authentication zillah Wireless Networking 0 11-09-2006 10:00 AM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
c is a low-level language or neither low level nor high level language pabbu C Programming 8 11-07-2005 03:05 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments