File level permissions using the web.config & forms authentication

Discussion in 'ASP .Net' started by Stu Lock, Oct 19, 2004.

  1. Stu Lock

    Stu Lock Guest

    Hi,

    Is there a way of requiring a log in for individual asp.net pages rather
    than securing a entire directory. I have a web app where there are 100+
    pages but only 2 need to be password protected. I am currently using forms
    authentication to block the entire folder:

    <authentication mode="Forms">
    <forms name=".MYCOOKIE"
    loginUrl="login.aspx"
    protection="All"
    timeout="30"
    path="/"/>
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>

    Thanks in advance,

    Stu
     
    Stu Lock, Oct 19, 2004
    #1
    1. Advertising

  2. Can you put them in a sub directory and use <location> tag to do the
    authentication?

    --
    Girish Bharadwaj
    http://msmvps.com/gbvb
    "Stu Lock" <> wrote in message
    news:%...
    > Hi,
    >
    > Is there a way of requiring a log in for individual asp.net pages rather
    > than securing a entire directory. I have a web app where there are 100+
    > pages but only 2 need to be password protected. I am currently using forms
    > authentication to block the entire folder:
    >
    > <authentication mode="Forms">
    > <forms name=".MYCOOKIE"
    > loginUrl="login.aspx"
    > protection="All"
    > timeout="30"
    > path="/"/>
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    >
    > Thanks in advance,
    >
    > Stu
    >
    >
     
    Girish Bharadwaj, Oct 19, 2004
    #2
    1. Advertising

  3. Stu Lock

    Stu Lock Guest

    > Can you put them in a sub directory and use <location> tag to do the
    > authentication?


    I could but I was looking for a 'nicer' way to do it. The pages are part of
    quite a large content management system with hierachical menus. I would have
    preferred not having to mess about with changing the menu links to pages if
    they are to be secured.

    If I can't do it by configuring the web.config file I'll probably go with
    something like this in the pageload area:

    If Not IsNumeric(Page.User.Identity) Then
    Response.Redirect("logon.aspx?ReturnUrl="MyPage.aspx")

    Thanks for the response anyway.

    Stu


    "Girish Bharadwaj" <> wrote in message
    news:OGL$...
    > Can you put them in a sub directory and use <location> tag to do the
    > authentication?
    >
    > --
    > Girish Bharadwaj
    > http://msmvps.com/gbvb
    > "Stu Lock" <> wrote in message
    > news:%...
    >> Hi,
    >>
    >> Is there a way of requiring a log in for individual asp.net pages rather
    >> than securing a entire directory. I have a web app where there are 100+
    >> pages but only 2 need to be password protected. I am currently using
    >> forms
    >> authentication to block the entire folder:
    >>
    >> <authentication mode="Forms">
    >> <forms name=".MYCOOKIE"
    >> loginUrl="login.aspx"
    >> protection="All"
    >> timeout="30"
    >> path="/"/>
    >> </authentication>
    >> <authorization>
    >> <deny users="?" />
    >> </authorization>
    >>
    >> Thanks in advance,
    >>
    >> Stu
    >>
    >>

    >
    >
     
    Stu Lock, Oct 19, 2004
    #3
  4. Would this work:

    <authorization>
    <allow users="*"/>
    </authorization>

    <location path="folder/filename1.aspx">
    <system.web>
    <authorization>
    <allow roles="user"/>
    <deny users="*"/>
    </authorization>
    </system.web>
    </location>

    <location path="folder/filename2.aspx">
    <system.web>
    <authorization>
    <allow roles="user"/>
    <deny users="*"/>
    </authorization>
    </system.web>
    </location>

    I hope that helps!

    Charles

    "Stu Lock" wrote:

    > Hi,
    >
    > Is there a way of requiring a log in for individual asp.net pages rather
    > than securing a entire directory. I have a web app where there are 100+
    > pages but only 2 need to be password protected. I am currently using forms
    > authentication to block the entire folder:
    >
    > <authentication mode="Forms">
    > <forms name=".MYCOOKIE"
    > loginUrl="login.aspx"
    > protection="All"
    > timeout="30"
    > path="/"/>
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    >
    > Thanks in advance,
    >
    > Stu
    >
    >
    >
     
    =?Utf-8?B?Q2hhcmxlcw==?=, Oct 19, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?TWFubnkgQ2hvaGFu?=

    Forms Authentication using web.config

    =?Utf-8?B?TWFubnkgQ2hvaGFu?=, Oct 20, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    497
    Raterus
    Oct 20, 2004
  2. ABC
    Replies:
    1
    Views:
    820
    Richard Dudley
    Oct 24, 2005
  3. pabbu
    Replies:
    8
    Views:
    768
    Marc Boyer
    Nov 7, 2005
  4. ABC
    Replies:
    1
    Views:
    385
    Patrick.O.Ige
    Oct 31, 2005
  5. Eric
    Replies:
    2
    Views:
    641
Loading...

Share This Page