File level permissions using the web.config & forms authentication

[Stu Lock]

Hi,

Is there a way of requiring a log in for individual asp.net pages rather
than securing a entire directory. I have a web app where there are 100+
pages but only 2 need to be password protected. I am currently using forms
authentication to block the entire folder:

<authentication mode="Forms">
<forms name=".MYCOOKIE"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>

Thanks in advance,

Stu

 

[Girish Bharadwaj]

Can you put them in a sub directory and use <location> tag to do the
authentication?

 

[Stu Lock]

authentication?

I could but I was looking for a 'nicer' way to do it. The pages are part of
quite a large content management system with hierachical menus. I would have
preferred not having to mess about with changing the menu links to pages if
they are to be secured.

If I can't do it by configuring the web.config file I'll probably go with
something like this in the pageload area:

If Not IsNumeric(Page.User.Identity) Then
Response.Redirect("logon.aspx?ReturnUrl="MyPage.aspx")

Thanks for the response anyway.

Stu

 

[Guest]

Would this work:

<authorization>
<allow users="*"/>
</authorization>

<location path="folder/filename1.aspx">
<system.web>
<authorization>
<allow roles="user"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="folder/filename2.aspx">
<system.web>
<authorization>
<allow roles="user"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

I hope that helps!

Charles