Please help: Forms authentication - securing folders in application

Discussion in 'ASP .Net' started by Jurjen de Groot, Jan 30, 2004.

  1. I have build an ASP.NET application and would like to protect various
    folders containing aspnet pages for various usertypes.

    /Admin
    /Manager
    /User

    I've created a login on the default.aspx in the root of the project. After
    typing username/password and hitting the login button the user is validated
    against a USER/ROLE Table in the database and an object having the
    IPrincipal interface (BusinessPrincipal) is created (with one role (in
    uppercase) attached to it) and is put into the CurrentPrincipal.

    In my /web.config I have :
    ....
    <authentication mode="Forms" >
    <forms name="Default" loginUrl="Default.aspx" protection="All"
    timeout="60" />
    </authentication>

    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>


    <!-- secure path Admin -->
    <location path="Admin">
    <system.web>
    <authorization>
    <allow roles="ADMIN" /> <!-- Allow all users have role ADMIN -->
    <deny users="*" /> <!-- and DisAllow all other
    users -->
    </authorization>
    </system.web>
    </location>

    I've also tried leaving out the last part '-- secure path admin --' and
    putting it in a web.config within the Admin folder like this :

    <configuration>
    <location>
    <system.web>
    <authorization>
    <allow roles="ADMIN" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>
    </configuration>

    But it doesn't seem to work, if I login (having role ADMIN !!) I get
    redirected to my login page with the returnUrl of Admin/Default.aspx

    Can anyone enlighten me and/or give me some advice on this. I would like to
    prevent a User from gaining access to Admin or Manager pages.


    Jurjen.
    Jurjen de Groot, Jan 30, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Harley
    Replies:
    1
    Views:
    657
    John Saunders
    Nov 25, 2003
  2. Replies:
    2
    Views:
    567
    Scott Allen
    Oct 6, 2005
  3. tafs7
    Replies:
    0
    Views:
    120
    tafs7
    Apr 30, 2004
  4. Eric
    Replies:
    2
    Views:
    498
  5. Frank
    Replies:
    1
    Views:
    136
    Dominick Baier
    Apr 17, 2008
Loading...

Share This Page