roles and authentication

M

Mike P

I have some code of my own where I am checking a username/password
against a database for login, I am not using any of the login controls
etc. What I want to do next is to create a folder for my admin pages
and make it only available to administrators. At login I set an int
which if an admin logs in is set to 2, otherwise it is set to 1 or 3. So
what I want to be able to do is check if this int is 2, and if so set a
global value which means that the admin pages can be viewed. How do I
do this?
 
D

digitaljeebus

if you're open to a slightly more complex way of doing this, using
asp.net roleproviders and membershipproviders provides a more built in,
hands off way of doing this.

here's a couple of links to get you started
http://weblogs.asp.net/scottgu/archive/2006/04/13/442772.aspx - Source
Code for the Built-in ASP.NET 2.0 Providers Now Available for Download
http://www.devx.com/asp/Article/29256 - Writing A Custom Membership
Provider for your ASP.NET 2.0 Web Site

once you've set that up, in order to protect a folder in your website,
all you have to do is add this to that folder's web.config:
// ------ web.config ---------
<configuration>
<system.web>
<authorization>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>

that will alllow users w/ the role 'admin' and deny all the rest ...
you can also use "<users="?" />" to deny unauthorized users. we just
finished updating our website to ouse those, and it helped us strip out
a lot of ugly looking code.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top