Secure some pages and not other

Discussion in 'ASP .Net' started by Shimon Sim, Mar 2, 2004.

  1. Shimon Sim

    Shimon Sim Guest

    I am creating application that is mostly is used by registered user. I am
    using Form security to let user in. I also need to create registration for
    users. This of cause has to be accessible to everyone.
    Can I do everything in one ASP.NET application or I have to create two
    applications for each task?
    Thanks,
    Shimon.
    Shimon Sim, Mar 2, 2004
    #1
    1. Advertising

  2. Shimon Sim

    Beginner Guest

    Put all secured page in one directory and use a seperate web.config in that
    direcotry to specify <authorization><deny ...>

    "Shimon Sim" <> wrote in message
    news:%23ZRq5p$$...
    > I am creating application that is mostly is used by registered user. I am
    > using Form security to let user in. I also need to create registration for
    > users. This of cause has to be accessible to everyone.
    > Can I do everything in one ASP.NET application or I have to create two
    > applications for each task?
    > Thanks,
    > Shimon.
    >
    >
    Beginner, Mar 2, 2004
    #2
    1. Advertising

  3. Hi Shimon,

    Thanks for posting in the community!
    From your description, you're using the Formsauthentication in your ASP.NET
    web app. And you've some different sets fo files in your web apps which are
    protected from different groups of users(protected level). So you're
    wanting how to set such multi-authroized configuration in a single ASP.NET
    web app, yes?
    If there is anything I misunderstood, please feel free to let me know.

    Based on my experience, you may have a try on the <location> Element in the
    web.config file. This element can help apply a certain sections of
    configuration to a certain specified part of a web app(via url path). Here
    are the referernce of the <location> Element in MSDN:

    #<location> Element
    http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrflocationelement.a
    sp?frame=true

    As for your situation , you can put those different protected files into
    several sub dirctories in the web app's root folder. Then use the
    <location> Element to specify different authorization settings for these
    sub directories. For example:
    If we have a web app named MyApp(used formsauthentication) and has the
    following folder hierarchy:
    MyApp/
    ....public resources
    Admin/
    ....admin protected level resources
    User/
    ....normal user protected level resources

    Then we can specify different authorization protections for them via t he
    below configuration in web.config
    <configuration>
    <system.web>
    <authentication mode="Forms">
    <forms name=".ASPNET_FORM_NAME" loginUrl="login.aspx" >
    </forms>
    </authentication>

    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>

    <!¡ª Configuration for the "Sub1" subdirectory. -->
    <location path="Admin">
    <system.web>
    <authorization>
    ..... Authrozation for Admin
    </authorization>
    </system.web>
    </location>

    <!¡ª Configuration for the "Sub2" subdirectory. -->
    <location path="sub2">
    <system.web>
    <authorization>
    ..... Authrozation for Normal user

    </authorization>
    </system.web>
    </location>
    </configuration>

    In addition, here are some further tech references on how to apply
    heirarchical configuration Inheritance in web.config:

    #Configuration Inheritance
    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconconfigurationinher
    itance.asp?frame=true

    #Configuration <location> Settings
    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconconfigurationlocat
    ionsettings.asp?frame=true

    #Locking Configuration Settings
    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconlockingconfigurati
    onsettings.asp?frame=true

    Please refer to them if you feel anything unclear.


    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)

    Get Preview at ASP.NET whidbey
    http://msdn.microsoft.com/asp.net/whidbey/default.aspx
    Steven Cheng[MSFT], Mar 2, 2004
    #3
  4. Shimon Sim

    Shimon Sim Guest

    Thank you very much. This is exactly what I was looking for.
    Shimon.
    "Steven Cheng[MSFT]" <> wrote in message
    news:...
    > Hi Shimon,
    >
    > Thanks for posting in the community!
    > From your description, you're using the Formsauthentication in your

    ASP.NET
    > web app. And you've some different sets fo files in your web apps which

    are
    > protected from different groups of users(protected level). So you're
    > wanting how to set such multi-authroized configuration in a single ASP.NET
    > web app, yes?
    > If there is anything I misunderstood, please feel free to let me know.
    >
    > Based on my experience, you may have a try on the <location> Element in

    the
    > web.config file. This element can help apply a certain sections of
    > configuration to a certain specified part of a web app(via url path). Here
    > are the referernce of the <location> Element in MSDN:
    >
    > #<location> Element
    >

    http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrflocationelement.a
    > sp?frame=true
    >
    > As for your situation , you can put those different protected files into
    > several sub dirctories in the web app's root folder. Then use the
    > <location> Element to specify different authorization settings for these
    > sub directories. For example:
    > If we have a web app named MyApp(used formsauthentication) and has the
    > following folder hierarchy:
    > MyApp/
    > ....public resources
    > Admin/
    > ....admin protected level resources
    > User/
    > ....normal user protected level resources
    >
    > Then we can specify different authorization protections for them via t he
    > below configuration in web.config
    > <configuration>
    > <system.web>
    > <authentication mode="Forms">
    > <forms name=".ASPNET_FORM_NAME" loginUrl="login.aspx" >
    > </forms>
    > </authentication>
    >
    > <authorization>
    > <allow users="*" />
    > </authorization>
    > </system.web>
    >
    > <!¡ª Configuration for the "Sub1" subdirectory. -->
    > <location path="Admin">
    > <system.web>
    > <authorization>
    > ..... Authrozation for Admin
    > </authorization>
    > </system.web>
    > </location>
    >
    > <!¡ª Configuration for the "Sub2" subdirectory. -->
    > <location path="sub2">
    > <system.web>
    > <authorization>
    > ..... Authrozation for Normal user
    >
    > </authorization>
    > </system.web>
    > </location>
    > </configuration>
    >
    > In addition, here are some further tech references on how to apply
    > heirarchical configuration Inheritance in web.config:
    >
    > #Configuration Inheritance
    >

    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconconfigurationinher
    > itance.asp?frame=true
    >
    > #Configuration <location> Settings
    >

    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconconfigurationlocat
    > ionsettings.asp?frame=true
    >
    > #Locking Configuration Settings
    >

    http://msdn.microsoft.com/library/en-us/cpguide/html/cpconlockingconfigurati
    > onsettings.asp?frame=true
    >
    > Please refer to them if you feel anything unclear.
    >
    >
    > Regards,
    >
    > Steven Cheng
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    > Get Preview at ASP.NET whidbey
    > http://msdn.microsoft.com/asp.net/whidbey/default.aspx
    >
    Shimon Sim, Mar 2, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,419
    Teemu Keiski
    Jun 8, 2004
  2. zdrakec
    Replies:
    1
    Views:
    424
    zdrakec
    Jul 25, 2005
  3. Joe
    Replies:
    5
    Views:
    945
    Steven Cheng[MSFT]
    Dec 13, 2005
  4. rb

    secure and non-secure pages

    rb, Dec 4, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    323
  5. Dinis Cruz
    Replies:
    0
    Views:
    207
    Dinis Cruz
    Oct 30, 2003
Loading...

Share This Page