Forms Authentication and dynamic folders

Discussion in 'ASP .Net Security' started by Jason James, Mar 23, 2006.

  1. Jason James

    Jason James Guest

    Hi all,

    I am writing an ASP app that requires the users
    to authenticate (using forms authentication as this
    will be an internet app). Once authenticated they
    have access to there own folder that will have
    been created ahead of time. The folder will
    only be available to anyone authorised to view it.
    Other users of the app will have access only to their
    own folders. There is also a public section of the site
    that all users can view.
    ..
    All user folders as contained below a main folder which
    is configured to have forms authentication and
    authorization is required to view it. The ASP
    account creates the sub folders which also creates
    users names and passwords for the users.

    Does anyone have any resources or suggestions
    as to how I can use forms authentication, tickets,
    roles, cookies, or anything else to restrict access
    to only those users with the correct username and
    password. I already have a single login form but
    I'm not entirely sure about how to handle this
    complex authentication and redirection problem?

    Many thanks,

    Jason.
     
    Jason James, Mar 23, 2006
    #1
    1. Advertising

  2. Jason James

    dkode Guest

    hey,

    this could be a little bit tricky. At first glance I would say write
    your own httpmodule ISAPI handler, this way you can intercept requests
    before they are processed and perform your on conditionals as to where
    the user should go, this might be overkill though. Thats how I would
    have done it in .NET 1.1, someone else might have a better way to do
    this with the new forms authentication scheme in .net 2.0
     
    dkode, Mar 23, 2006
    #2
    1. Advertising

  3. Jason James

    Jason James Guest

    Yeah,

    That does sound like a very difficult solution to my problem. I
    wouldn't even know where to begin with that.

    Could I dynamically write to the web.config file and add
    locations for each newly created folder; or create a web.config
    file for each folder? I think that this would only handle the
    authorization element of my security! Would I then have to
    write to the application web.config file to add each user?

    I've been doing some digging about today and that seems like
    it's the only way to move this forward.

    Many thanks,

    Jason.

    On 23 Mar 2006 06:50:09 -0800, "dkode" <> wrote:

    >hey,
    >
    >this could be a little bit tricky. At first glance I would say write
    >your own httpmodule ISAPI handler, this way you can intercept requests
    >before they are processed and perform your on conditionals as to where
    >the user should go, this might be overkill though. Thats how I would
    >have done it in .NET 1.1, someone else might have a better way to do
    >this with the new forms authentication scheme in .net 2.0
    >
     
    Jason James, Mar 24, 2006
    #3
  4. Jason James

    MikeS Guest

    >>or create a web.config file for each folder?

    You could plunk down a web config with only an authorization tag right
    in the directory when you create it.

    Watch that changing these files on the fly seems to me to cause the
    application to restart.
    Even though the authorization section does not have
    restartOnExternalChanges set and even when using a configSource for
    one. Your mileage may differ.
     
    MikeS, Mar 26, 2006
    #4
  5. Jason James

    MikeS Guest

    >>cause the application to restart

    So maybe it is better to create a role per user, create the directories
    web.config with an allow role and add the user(s) to the role.
     
    MikeS, Mar 26, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Harley
    Replies:
    1
    Views:
    664
    John Saunders
    Nov 25, 2003
  2. Jurjen de Groot
    Replies:
    0
    Views:
    425
    Jurjen de Groot
    Jan 30, 2004
  3. Eric
    Replies:
    2
    Views:
    1,498
    Tommy
    Feb 13, 2004
  4. Jerry Morton
    Replies:
    0
    Views:
    449
    Jerry Morton
    Oct 10, 2004
  5. Eric
    Replies:
    2
    Views:
    562
Loading...

Share This Page