Regarding ASP.NET Web Application

[anbaesivam]

I need to develop an ASP.NET web application. And application will be
accessed by normal users and administrators. In the application, the normal
users can only access a set of pages. If the normal user want to access an
administrative page, then a login page needs to be displayed for
aunthenticated and if authentication is succesfull, then the page will be is
shown. For normal users page to displayed, there is no need for any
authentication.

To develop these type of application, what are configurations to made?.
Kindly provide any tutorial or sample application of this kind.

Thanks in advance.

 

[Vince Xu [MSFT]]

Hello Anbaesivam,

I think Asp.Net Membership and Role Manager can achieve it as you wish.
Please check the following reference:

http://weblogs.asp.net/scottgu/archive/2006/05/07/ASP.NET-2.0-Membership-and
-Roles-Tutorial-Series.aspx

In following reference, you can get some helpful samples of it:
http://www.dotnetjunkies.com/QuickStartv20/aspnet/doc/security/membership.as
px

The following link is about "Authorizing Access to a Page with Role
Manager" that is what you need I think.
http://www.dotnetjunkies.com/QuickStartv20/aspnet/doc/security/membership.as
px#auth

Furthermore, I will make a sample for you.

For example, I created two roles("user" and "admin") and there are two
folders(securedfolder and adminfolder) in the application.
1. The anonymous users can't access any pages in "securedfolder" or
"adminfolder" folder.
2. The managed users with "user" role can only access the pages in
"securedfolder" folder, but not for "adminfolder" folder.
3. The managed users with "admin" role can access any pages in the
application.

After deploying Membership and the roles for users, we need configure the
authorizing access to a folder in Web.Config.

<configuration>
<location path="securedfolder">
<system.web>
<authorization>
<deny users="?"/> <!--deny any anonymous
users-->
<allow users="*"/> <!--allow any managed
users-->
</authorization>
</system.web>
</location>
<location path="adminfolder">
<system.web>
<authorization>
<allow roles="admin"/> <!--allow any users
with "admin" role-->
<deny users="*"/> <!--deny any
anonymous/managed users-->
</authorization>
</system.web>
</location>
</configuration>

To redirect to the login page if authentication is not successful, please
deploy the following code in section "system.web" in Web.Config.

<authentication mode="Forms">
<forms name=".ASPXUSERDEMO" loginUrl="login.aspx"
protection="All" timeout="60"/>
</authentication>



Sincerely,

Vince Xu

Microsoft Online Support

£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

MSDN Managed Newsgroup support offering is for non-urgent issues where an
initial response from the community or a Microsoft Support Engineer within
2 business day is acceptable. Please note that each follow up response may
take approximately 2 business days as the support professional working with
you may need further investigation to reach the most efficient resolution.
The offering is not appropriate for situations that require urgent,
real-time or phone-based interactions. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx

£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½£½

 

[anbaesivam]

I am restatin my requirement once again

Root
|
+-Public folder
+-Admin folder

Here the public folder can be accessed by any one including anonymous.
When the anonymous/normal user tries to access "Admin folder", then the
login page should be displayed for authentication.

And the problem with ASP.NET is that <authentication mode="Forms"> in the
root folder alone and in the sub-folder we can't specify it.

Please help me how to do this requirement.

 

[Vince Xu [MSFT]]

Hello Anbaesivam,

Firstly, please create two role: "normal" and "admin"

<configuration>
<location path="Admin">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="?"/>
<deny roles="normal"/> <!-- you can also use <deny users="*"/>
to deny any
anonymous/managed users -->
</authorization>
</system.web>
</location>
</configuration>

For second question, based on my understanding, your login page is in some
sub folder rather than root folder. If I have misunderstood you, please
feel free to let me know.
Actually, you can define the property "loginUrl" to locate the page
wherever it is.

<authentication mode="Forms">
<forms name=".ASPXUSERDEMO"
loginUrl="subfolder/login.aspx"
protection="All" timeout="60"/>
</authentication>


Sincerely,

Vince Xu

Microsoft Online Support

 

[anbaesivam]

<location path="Admin">
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="?"/>
<deny roles="normal"/> <!-- you can also use <deny users="*"/>
to deny any
anonymous/managed users -->
</authorization>
</system.web>
</location>
</configuration>

With the above configuration how can I redirect the page to Login.aspx, when
a normal user access the path "Admin"?

 

[Vince Xu [MSFT]]

Hello Anbaesivam,

To redirect to the login page if authentication is not successful, please
deploy the following code in section "system.web" in Web.Config.

<authentication mode="Forms">
<forms name=".ASPXUSERDEMO"
loginUrl="folder/login.aspx" protection="All" timeout="60"/>
</authentication>

Sincerely,

Vince Xu

Microsoft Online Support