Controlling Page Access in .aspx page

S

Shawn Berg

I am building some .NET classes and pages that will be part of an existing
classic ASP app. The ASP app uses cookies to store login information for
administrators. I have one include file that checks to see if the user is a
logged in administrator, and if not, redirects to a login page. I then
include this file in all ASP pages I do not want non-administrators to be
able to access.

I want to be able to do the same type of thing with .ASPX pages. I know I
could easily do this with a base page and by setting a property
"LoginRequired" or something of the like, and then checking a cookie and
redirecting in the BasePage class, but I do not want this to be something
that is in the code-behind. I'd like to be able to set some sort of value on
the actual .ASPX page and have the BasePage class check that instead. This
way I can make changes on the fly if need be without having to recompile code.

Any ideas?
 
G

Geir Aamodt

Shawn,

not quite what you are asking about, but check out, todo, and
see the snippet below. It migth help you out.

--

Best regards,
Geir Aamodt
geir.aamodt(AT)bekk.no

--------- Snippet start---------
Partition Your Web Site
Separate the public and restricted access areas of your Web site. Place your
application's logon page and other pages and resources that should only be
accessed by authentication users in a separate folder from the public access
areas. Protect the restricted subfolders by configuring them in IIS to
require SSL access, and then use <authorization> elements to restrict access
and force a login. For example, the following Web.config configuration
allows anyone to access the current directory (this provides public access),
but prevents unauthenticated users from accessing the restricted sub folder.
Any attempt to do so forces a Forms login.

<system.web>
<!-- The virtual directory root folder contains general pages.
Unauthenticated users can view them and they do not need
to be secured with SSL. -->
<authorization>
<allow users="*" />
</authorization>
</system.web>

<!-- The restricted folder is for authenticated and SSL access only. -->
<location path="Restricted" >
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
--------- Snippet end---------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top