roles and authentication

Discussion in 'ASP .Net' started by Mike P, Jun 13, 2006.

  1. Mike P

    Mike P Guest

    I have some code of my own where I am checking a username/password
    against a database for login, I am not using any of the login controls
    etc. What I want to do next is to create a folder for my admin pages
    and make it only available to administrators. At login I set an int
    which if an admin logs in is set to 2, otherwise it is set to 1 or 3. So
    what I want to be able to do is check if this int is 2, and if so set a
    global value which means that the admin pages can be viewed. How do I
    do this?


    *** Sent via Developersdex http://www.developersdex.com ***
     
    Mike P, Jun 13, 2006
    #1
    1. Advertising

  2. Mike P

    Guest

    if you're open to a slightly more complex way of doing this, using
    asp.net roleproviders and membershipproviders provides a more built in,
    hands off way of doing this.

    here's a couple of links to get you started
    http://weblogs.asp.net/scottgu/archive/2006/04/13/442772.aspx - Source
    Code for the Built-in ASP.NET 2.0 Providers Now Available for Download
    http://www.devx.com/asp/Article/29256 - Writing A Custom Membership
    Provider for your ASP.NET 2.0 Web Site

    once you've set that up, in order to protect a folder in your website,
    all you have to do is add this to that folder's web.config:
    // ------ web.config ---------
    <configuration>
    <system.web>
    <authorization>
    <allow roles="admin"/>
    <deny users="*"/>
    </authorization>
    </system.web>
    </configuration>

    that will alllow users w/ the role 'admin' and deny all the rest ...
    you can also use "<users="?" />" to deny unauthorized users. we just
    finished updating our website to ouse those, and it helped us strip out
    a lot of ugly looking code.

    Mike P wrote:
    > I have some code of my own where I am checking a username/password
    > against a database for login, I am not using any of the login controls
    > etc. What I want to do next is to create a folder for my admin pages
    > and make it only available to administrators. At login I set an int
    > which if an admin logs in is set to 2, otherwise it is set to 1 or 3. So
    > what I want to be able to do is check if this int is 2, and if so set a
    > global value which means that the admin pages can be viewed. How do I
    > do this?
    >
    >
    > *** Sent via Developersdex http://www.developersdex.com ***
     
    , Jun 14, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TS
    Replies:
    4
    Views:
    568
    =?Utf-8?B?VFM=?=
    May 18, 2004
  2. =?Utf-8?B?RWQ=?=
    Replies:
    2
    Views:
    645
    John Saunders
    Jun 4, 2004
  3. Phil Townsend

    forms authentication and roles

    Phil Townsend, Oct 27, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    437
    Phil Townsend
    Oct 27, 2004
  4. Jéjé
    Replies:
    0
    Views:
    245
    Jéjé
    Sep 27, 2005
  5. Eric
    Replies:
    0
    Views:
    203
Loading...

Share This Page