user access to only selected pages

Discussion in 'ASP .Net' started by joe, Jul 6, 2003.

  1. joe

    joe Guest

    Some time ago I set up an ASP application that used a login page which
    checked a username and password against a database to determine a users
    authorization to access certain pages on the site. This was done by setting
    a session variable within the application if the user was authorized and
    using code one each page for which protection was required to check for the
    status of the session variable.

    Now I am aware of the various techniques that ASP.NET provides to allow or
    preclude access to asp.net apps but frankly I really liked that other one
    because it didn't use cookies which many users are a bit afraid of.

    My problem is this....I can't remember how I set it up and I don't know
    where to look. I think I found the technique in an old ASP book (vs
    asp.net).

    Does anyone know where I can look to find this technique in the form of
    sample code or a tutorial?

    and

    Is this a viable technique to use in ASP.Net?


    Thanks in advance
    joe, Jul 6, 2003
    #1
    1. Advertising

  2. You can put each group of files into their own subfolders under your root
    web application, and then create a web.config for each subfolder with the
    appropriate settings in it.
    You could alternately do this with a single web.config file by using the
    <location> tag.
    Here's more info on that and an example:
    http://www.dotnetbips.com/displayarticle.aspx?id=117

    --
    I hope this helps,
    Steve C. Orr, MCSD
    http://Steve.Orr.net


    "joe" <contact_by_Newsgroup_only.please> wrote in message
    news:u$...
    > Some time ago I set up an ASP application that used a login page which
    > checked a username and password against a database to determine a users
    > authorization to access certain pages on the site. This was done by

    setting
    > a session variable within the application if the user was authorized and
    > using code one each page for which protection was required to check for

    the
    > status of the session variable.
    >
    > Now I am aware of the various techniques that ASP.NET provides to allow or
    > preclude access to asp.net apps but frankly I really liked that other one
    > because it didn't use cookies which many users are a bit afraid of.
    >
    > My problem is this....I can't remember how I set it up and I don't know
    > where to look. I think I found the technique in an old ASP book (vs
    > asp.net).
    >
    > Does anyone know where I can look to find this technique in the form of
    > sample code or a tutorial?
    >
    > and
    >
    > Is this a viable technique to use in ASP.Net?
    >
    >
    > Thanks in advance
    >
    >
    Steve C. Orr, MCSD, Jul 6, 2003
    #2
    1. Advertising

  3. joe

    joe Guest

    Thanks Steve I've read that but call me dumb but I don't see how it works.
    Perhaps I'm missing something, I don't see the way it :

    1) determines which users to permit access to

    nor

    2) how it maintains the users status once authorized should the user request
    additional pages in the protected folder.


    Is that done in the web.config file? I don't see any instructions at that
    link on how to accomplish this whithout using cookies.






    "Steve C. Orr, MCSD" <> wrote in message
    news:...
    > You can put each group of files into their own subfolders under your root
    > web application, and then create a web.config for each subfolder with the
    > appropriate settings in it.
    > You could alternately do this with a single web.config file by using the
    > <location> tag.
    > Here's more info on that and an example:
    > http://www.dotnetbips.com/displayarticle.aspx?id=117
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD
    > http://Steve.Orr.net
    >
    >
    > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > news:u$...
    > > Some time ago I set up an ASP application that used a login page which
    > > checked a username and password against a database to determine a users
    > > authorization to access certain pages on the site. This was done by

    > setting
    > > a session variable within the application if the user was authorized and
    > > using code one each page for which protection was required to check for

    > the
    > > status of the session variable.
    > >
    > > Now I am aware of the various techniques that ASP.NET provides to allow

    or
    > > preclude access to asp.net apps but frankly I really liked that other

    one
    > > because it didn't use cookies which many users are a bit afraid of.
    > >
    > > My problem is this....I can't remember how I set it up and I don't know
    > > where to look. I think I found the technique in an old ASP book (vs
    > > asp.net).
    > >
    > > Does anyone know where I can look to find this technique in the form of
    > > sample code or a tutorial?
    > >
    > > and
    > >
    > > Is this a viable technique to use in ASP.Net?
    > >
    > >
    > > Thanks in advance
    > >
    > >

    >
    >
    joe, Jul 6, 2003
    #3
  4. It uses forms authentication, which uses cookies.
    Here's more info on basic forms authentication:
    http://www.dotnetbips.com/displayarticle.aspx?id=9

    Of course you can also set Forms Authentication to work if the user has
    cookies turned off by setting the cookieless="true" in your web.config.
    Then it will munge the session id into the URL automatically.
    You can specify which files and folders to allow to to which users in your
    web.config file.
    There is a link to sample code that you can download and play with.
    http://www.dotnetbips.com/displayarticle.aspx?id=117

    --
    I hope this helps,
    Steve C. Orr, MCSD
    http://Steve.Orr.net



    "joe" <contact_by_Newsgroup_only.please> wrote in message
    news:...
    > Thanks Steve I've read that but call me dumb but I don't see how it works.
    > Perhaps I'm missing something, I don't see the way it :
    >
    > 1) determines which users to permit access to
    >
    > nor
    >
    > 2) how it maintains the users status once authorized should the user

    request
    > additional pages in the protected folder.
    >
    >
    > Is that done in the web.config file? I don't see any instructions at that
    > link on how to accomplish this whithout using cookies.
    >
    >
    >
    >
    >
    >
    > "Steve C. Orr, MCSD" <> wrote in message
    > news:...
    > > You can put each group of files into their own subfolders under your

    root
    > > web application, and then create a web.config for each subfolder with

    the
    > > appropriate settings in it.
    > > You could alternately do this with a single web.config file by using the
    > > <location> tag.
    > > Here's more info on that and an example:
    > > http://www.dotnetbips.com/displayarticle.aspx?id=117
    > >
    > > --
    > > I hope this helps,
    > > Steve C. Orr, MCSD
    > > http://Steve.Orr.net
    > >
    > >
    > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > news:u$...
    > > > Some time ago I set up an ASP application that used a login page which
    > > > checked a username and password against a database to determine a

    users
    > > > authorization to access certain pages on the site. This was done by

    > > setting
    > > > a session variable within the application if the user was authorized

    and
    > > > using code one each page for which protection was required to check

    for
    > > the
    > > > status of the session variable.
    > > >
    > > > Now I am aware of the various techniques that ASP.NET provides to

    allow
    > or
    > > > preclude access to asp.net apps but frankly I really liked that other

    > one
    > > > because it didn't use cookies which many users are a bit afraid of.
    > > >
    > > > My problem is this....I can't remember how I set it up and I don't

    know
    > > > where to look. I think I found the technique in an old ASP book (vs
    > > > asp.net).
    > > >
    > > > Does anyone know where I can look to find this technique in the form

    of
    > > > sample code or a tutorial?
    > > >
    > > > and
    > > >
    > > > Is this a viable technique to use in ASP.Net?
    > > >
    > > >
    > > > Thanks in advance
    > > >
    > > >

    > >
    > >

    >
    >
    Steve C. Orr, MCSD, Jul 6, 2003
    #4
  5. joe

    joe Guest

    Thanks Steve...I'll check it out.


    "Steve C. Orr, MCSD" <> wrote in message
    news:...
    > It uses forms authentication, which uses cookies.
    > Here's more info on basic forms authentication:
    > http://www.dotnetbips.com/displayarticle.aspx?id=9
    >
    > Of course you can also set Forms Authentication to work if the user has
    > cookies turned off by setting the cookieless="true" in your web.config.
    > Then it will munge the session id into the URL automatically.
    > You can specify which files and folders to allow to to which users in your
    > web.config file.
    > There is a link to sample code that you can download and play with.
    > http://www.dotnetbips.com/displayarticle.aspx?id=117
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD
    > http://Steve.Orr.net
    >
    >
    >
    > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > news:...
    > > Thanks Steve I've read that but call me dumb but I don't see how it

    works.
    > > Perhaps I'm missing something, I don't see the way it :
    > >
    > > 1) determines which users to permit access to
    > >
    > > nor
    > >
    > > 2) how it maintains the users status once authorized should the user

    > request
    > > additional pages in the protected folder.
    > >
    > >
    > > Is that done in the web.config file? I don't see any instructions at

    that
    > > link on how to accomplish this whithout using cookies.
    > >
    > >
    > >
    > >
    > >
    > >
    > > "Steve C. Orr, MCSD" <> wrote in message
    > > news:...
    > > > You can put each group of files into their own subfolders under your

    > root
    > > > web application, and then create a web.config for each subfolder with

    > the
    > > > appropriate settings in it.
    > > > You could alternately do this with a single web.config file by using

    the
    > > > <location> tag.
    > > > Here's more info on that and an example:
    > > > http://www.dotnetbips.com/displayarticle.aspx?id=117
    > > >
    > > > --
    > > > I hope this helps,
    > > > Steve C. Orr, MCSD
    > > > http://Steve.Orr.net
    > > >
    > > >
    > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > news:u$...
    > > > > Some time ago I set up an ASP application that used a login page

    which
    > > > > checked a username and password against a database to determine a

    > users
    > > > > authorization to access certain pages on the site. This was done by
    > > > setting
    > > > > a session variable within the application if the user was authorized

    > and
    > > > > using code one each page for which protection was required to check

    > for
    > > > the
    > > > > status of the session variable.
    > > > >
    > > > > Now I am aware of the various techniques that ASP.NET provides to

    > allow
    > > or
    > > > > preclude access to asp.net apps but frankly I really liked that

    other
    > > one
    > > > > because it didn't use cookies which many users are a bit afraid of.
    > > > >
    > > > > My problem is this....I can't remember how I set it up and I don't

    > know
    > > > > where to look. I think I found the technique in an old ASP book (vs
    > > > > asp.net).
    > > > >
    > > > > Does anyone know where I can look to find this technique in the form

    > of
    > > > > sample code or a tutorial?
    > > > >
    > > > > and
    > > > >
    > > > > Is this a viable technique to use in ASP.Net?
    > > > >
    > > > >
    > > > > Thanks in advance
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
    joe, Jul 6, 2003
    #5
  6. joe

    joe Guest

    I see they have put the user names and passwords in the login.vb file. Isn't
    this (hard coding) a potential security problem?

    I realize it is not presented in the HTML on the client and the server does
    all the work but it just makes me a bit uncomfortable.

    Or am I wrong?




    "joe" <contact_by_Newsgroup_only.please> wrote in message
    news:...
    > Thanks Steve...I'll check it out.
    >
    >
    > "Steve C. Orr, MCSD" <> wrote in message
    > news:...
    > > It uses forms authentication, which uses cookies.
    > > Here's more info on basic forms authentication:
    > > http://www.dotnetbips.com/displayarticle.aspx?id=9
    > >
    > > Of course you can also set Forms Authentication to work if the user has
    > > cookies turned off by setting the cookieless="true" in your web.config.
    > > Then it will munge the session id into the URL automatically.
    > > You can specify which files and folders to allow to to which users in

    your
    > > web.config file.
    > > There is a link to sample code that you can download and play with.
    > > http://www.dotnetbips.com/displayarticle.aspx?id=117
    > >
    > > --
    > > I hope this helps,
    > > Steve C. Orr, MCSD
    > > http://Steve.Orr.net
    > >
    > >
    > >
    > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > news:...
    > > > Thanks Steve I've read that but call me dumb but I don't see how it

    > works.
    > > > Perhaps I'm missing something, I don't see the way it :
    > > >
    > > > 1) determines which users to permit access to
    > > >
    > > > nor
    > > >
    > > > 2) how it maintains the users status once authorized should the user

    > > request
    > > > additional pages in the protected folder.
    > > >
    > > >
    > > > Is that done in the web.config file? I don't see any instructions at

    > that
    > > > link on how to accomplish this whithout using cookies.
    > > >
    > > >
    > > >
    > > >
    > > >
    > > >
    > > > "Steve C. Orr, MCSD" <> wrote in message
    > > > news:...
    > > > > You can put each group of files into their own subfolders under your

    > > root
    > > > > web application, and then create a web.config for each subfolder

    with
    > > the
    > > > > appropriate settings in it.
    > > > > You could alternately do this with a single web.config file by using

    > the
    > > > > <location> tag.
    > > > > Here's more info on that and an example:
    > > > > http://www.dotnetbips.com/displayarticle.aspx?id=117
    > > > >
    > > > > --
    > > > > I hope this helps,
    > > > > Steve C. Orr, MCSD
    > > > > http://Steve.Orr.net
    > > > >
    > > > >
    > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > news:u$...
    > > > > > Some time ago I set up an ASP application that used a login page

    > which
    > > > > > checked a username and password against a database to determine a

    > > users
    > > > > > authorization to access certain pages on the site. This was done

    by
    > > > > setting
    > > > > > a session variable within the application if the user was

    authorized
    > > and
    > > > > > using code one each page for which protection was required to

    check
    > > for
    > > > > the
    > > > > > status of the session variable.
    > > > > >
    > > > > > Now I am aware of the various techniques that ASP.NET provides to

    > > allow
    > > > or
    > > > > > preclude access to asp.net apps but frankly I really liked that

    > other
    > > > one
    > > > > > because it didn't use cookies which many users are a bit afraid

    of.
    > > > > >
    > > > > > My problem is this....I can't remember how I set it up and I don't

    > > know
    > > > > > where to look. I think I found the technique in an old ASP book

    (vs
    > > > > > asp.net).
    > > > > >
    > > > > > Does anyone know where I can look to find this technique in the

    form
    > > of
    > > > > > sample code or a tutorial?
    > > > > >
    > > > > > and
    > > > > >
    > > > > > Is this a viable technique to use in ASP.Net?
    > > > > >
    > > > > >
    > > > > > Thanks in advance
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
    joe, Jul 6, 2003
    #6
  7. joe

    Vincent V Guest

    you should buy a book it would save time posting


    "joe" <contact_by_Newsgroup_only.please> wrote in message
    news:#...
    > I see they have put the user names and passwords in the login.vb file.

    Isn't
    > this (hard coding) a potential security problem?
    >
    > I realize it is not presented in the HTML on the client and the server

    does
    > all the work but it just makes me a bit uncomfortable.
    >
    > Or am I wrong?
    >
    >
    >
    >
    > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > news:...
    > > Thanks Steve...I'll check it out.
    > >
    > >
    > > "Steve C. Orr, MCSD" <> wrote in message
    > > news:...
    > > > It uses forms authentication, which uses cookies.
    > > > Here's more info on basic forms authentication:
    > > > http://www.dotnetbips.com/displayarticle.aspx?id=9
    > > >
    > > > Of course you can also set Forms Authentication to work if the user

    has
    > > > cookies turned off by setting the cookieless="true" in your

    web.config.
    > > > Then it will munge the session id into the URL automatically.
    > > > You can specify which files and folders to allow to to which users in

    > your
    > > > web.config file.
    > > > There is a link to sample code that you can download and play with.
    > > > http://www.dotnetbips.com/displayarticle.aspx?id=117
    > > >
    > > > --
    > > > I hope this helps,
    > > > Steve C. Orr, MCSD
    > > > http://Steve.Orr.net
    > > >
    > > >
    > > >
    > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > news:...
    > > > > Thanks Steve I've read that but call me dumb but I don't see how it

    > > works.
    > > > > Perhaps I'm missing something, I don't see the way it :
    > > > >
    > > > > 1) determines which users to permit access to
    > > > >
    > > > > nor
    > > > >
    > > > > 2) how it maintains the users status once authorized should the user
    > > > request
    > > > > additional pages in the protected folder.
    > > > >
    > > > >
    > > > > Is that done in the web.config file? I don't see any instructions

    at
    > > that
    > > > > link on how to accomplish this whithout using cookies.
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > > "Steve C. Orr, MCSD" <> wrote in message
    > > > > news:...
    > > > > > You can put each group of files into their own subfolders under

    your
    > > > root
    > > > > > web application, and then create a web.config for each subfolder

    > with
    > > > the
    > > > > > appropriate settings in it.
    > > > > > You could alternately do this with a single web.config file by

    using
    > > the
    > > > > > <location> tag.
    > > > > > Here's more info on that and an example:
    > > > > > http://www.dotnetbips.com/displayarticle.aspx?id=117
    > > > > >
    > > > > > --
    > > > > > I hope this helps,
    > > > > > Steve C. Orr, MCSD
    > > > > > http://Steve.Orr.net
    > > > > >
    > > > > >
    > > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > > news:u$...
    > > > > > > Some time ago I set up an ASP application that used a login page

    > > which
    > > > > > > checked a username and password against a database to determine

    a
    > > > users
    > > > > > > authorization to access certain pages on the site. This was done

    > by
    > > > > > setting
    > > > > > > a session variable within the application if the user was

    > authorized
    > > > and
    > > > > > > using code one each page for which protection was required to

    > check
    > > > for
    > > > > > the
    > > > > > > status of the session variable.
    > > > > > >
    > > > > > > Now I am aware of the various techniques that ASP.NET provides

    to
    > > > allow
    > > > > or
    > > > > > > preclude access to asp.net apps but frankly I really liked that

    > > other
    > > > > one
    > > > > > > because it didn't use cookies which many users are a bit afraid

    > of.
    > > > > > >
    > > > > > > My problem is this....I can't remember how I set it up and I

    don't
    > > > know
    > > > > > > where to look. I think I found the technique in an old ASP book

    > (vs
    > > > > > > asp.net).
    > > > > > >
    > > > > > > Does anyone know where I can look to find this technique in the

    > form
    > > > of
    > > > > > > sample code or a tutorial?
    > > > > > >
    > > > > > > and
    > > > > > >
    > > > > > > Is this a viable technique to use in ASP.Net?
    > > > > > >
    > > > > > >
    > > > > > > Thanks in advance
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
    Vincent V, Jul 6, 2003
    #7
  8. joe

    joe Guest

    I don't mind taking the time posting but I do understand that for some
    reading is a bit more difficult than it is for others.


    "Vincent V" <> wrote in message
    news:...
    > you should buy a book it would save time posting
    >
    >
    > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > news:#...
    > > I see they have put the user names and passwords in the login.vb file.

    > Isn't
    > > this (hard coding) a potential security problem?
    > >
    > > I realize it is not presented in the HTML on the client and the server

    > does
    > > all the work but it just makes me a bit uncomfortable.
    > >
    > > Or am I wrong?
    > >
    > >
    > >
    > >
    > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > news:...
    > > > Thanks Steve...I'll check it out.
    > > >
    > > >
    > > > "Steve C. Orr, MCSD" <> wrote in message
    > > > news:...
    > > > > It uses forms authentication, which uses cookies.
    > > > > Here's more info on basic forms authentication:
    > > > > http://www.dotnetbips.com/displayarticle.aspx?id=9
    > > > >
    > > > > Of course you can also set Forms Authentication to work if the user

    > has
    > > > > cookies turned off by setting the cookieless="true" in your

    > web.config.
    > > > > Then it will munge the session id into the URL automatically.
    > > > > You can specify which files and folders to allow to to which users

    in
    > > your
    > > > > web.config file.
    > > > > There is a link to sample code that you can download and play with.
    > > > > http://www.dotnetbips.com/displayarticle.aspx?id=117
    > > > >
    > > > > --
    > > > > I hope this helps,
    > > > > Steve C. Orr, MCSD
    > > > > http://Steve.Orr.net
    > > > >
    > > > >
    > > > >
    > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > news:...
    > > > > > Thanks Steve I've read that but call me dumb but I don't see how

    it
    > > > works.
    > > > > > Perhaps I'm missing something, I don't see the way it :
    > > > > >
    > > > > > 1) determines which users to permit access to
    > > > > >
    > > > > > nor
    > > > > >
    > > > > > 2) how it maintains the users status once authorized should the

    user
    > > > > request
    > > > > > additional pages in the protected folder.
    > > > > >
    > > > > >
    > > > > > Is that done in the web.config file? I don't see any instructions

    > at
    > > > that
    > > > > > link on how to accomplish this whithout using cookies.
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > > "Steve C. Orr, MCSD" <> wrote in message
    > > > > > news:...
    > > > > > > You can put each group of files into their own subfolders under

    > your
    > > > > root
    > > > > > > web application, and then create a web.config for each subfolder

    > > with
    > > > > the
    > > > > > > appropriate settings in it.
    > > > > > > You could alternately do this with a single web.config file by

    > using
    > > > the
    > > > > > > <location> tag.
    > > > > > > Here's more info on that and an example:
    > > > > > > http://www.dotnetbips.com/displayarticle.aspx?id=117
    > > > > > >
    > > > > > > --
    > > > > > > I hope this helps,
    > > > > > > Steve C. Orr, MCSD
    > > > > > > http://Steve.Orr.net
    > > > > > >
    > > > > > >
    > > > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > > > news:u$...
    > > > > > > > Some time ago I set up an ASP application that used a login

    page
    > > > which
    > > > > > > > checked a username and password against a database to

    determine
    > a
    > > > > users
    > > > > > > > authorization to access certain pages on the site. This was

    done
    > > by
    > > > > > > setting
    > > > > > > > a session variable within the application if the user was

    > > authorized
    > > > > and
    > > > > > > > using code one each page for which protection was required to

    > > check
    > > > > for
    > > > > > > the
    > > > > > > > status of the session variable.
    > > > > > > >
    > > > > > > > Now I am aware of the various techniques that ASP.NET provides

    > to
    > > > > allow
    > > > > > or
    > > > > > > > preclude access to asp.net apps but frankly I really liked

    that
    > > > other
    > > > > > one
    > > > > > > > because it didn't use cookies which many users are a bit

    afraid
    > > of.
    > > > > > > >
    > > > > > > > My problem is this....I can't remember how I set it up and I

    > don't
    > > > > know
    > > > > > > > where to look. I think I found the technique in an old ASP

    book
    > > (vs
    > > > > > > > asp.net).
    > > > > > > >
    > > > > > > > Does anyone know where I can look to find this technique in

    the
    > > form
    > > > > of
    > > > > > > > sample code or a tutorial?
    > > > > > > >
    > > > > > > > and
    > > > > > > >
    > > > > > > > Is this a viable technique to use in ASP.Net?
    > > > > > > >
    > > > > > > >
    > > > > > > > Thanks in advance
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
    joe, Jul 6, 2003
    #8
  9. joe

    joe Guest

    Thanks again Steve.


    "Steve C. Orr, MCSD" <> wrote in message
    news:O$...
    > You can use a database for this if you prefer.
    > Here are some examples:
    >

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT03.asp
    > http://www.4guysfromrolla.com/webtech/121901-1.shtml
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD
    > http://Steve.Orr.net
    >
    >
    > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > news:%...
    > > I see they have put the user names and passwords in the login.vb file.

    > Isn't
    > > this (hard coding) a potential security problem?
    > >
    > > I realize it is not presented in the HTML on the client and the server

    > does
    > > all the work but it just makes me a bit uncomfortable.
    > >
    > > Or am I wrong?
    > >
    > >
    > >
    > >
    > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > news:...
    > > > Thanks Steve...I'll check it out.
    > > >
    > > >
    > > > "Steve C. Orr, MCSD" <> wrote in message
    > > > news:...
    > > > > It uses forms authentication, which uses cookies.
    > > > > Here's more info on basic forms authentication:
    > > > > http://www.dotnetbips.com/displayarticle.aspx?id=9
    > > > >
    > > > > Of course you can also set Forms Authentication to work if the user

    > has
    > > > > cookies turned off by setting the cookieless="true" in your

    > web.config.
    > > > > Then it will munge the session id into the URL automatically.
    > > > > You can specify which files and folders to allow to to which users

    in
    > > your
    > > > > web.config file.
    > > > > There is a link to sample code that you can download and play with.
    > > > > http://www.dotnetbips.com/displayarticle.aspx?id=117
    > > > >
    > > > > --
    > > > > I hope this helps,
    > > > > Steve C. Orr, MCSD
    > > > > http://Steve.Orr.net
    > > > >
    > > > >
    > > > >
    > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > news:...
    > > > > > Thanks Steve I've read that but call me dumb but I don't see how

    it
    > > > works.
    > > > > > Perhaps I'm missing something, I don't see the way it :
    > > > > >
    > > > > > 1) determines which users to permit access to
    > > > > >
    > > > > > nor
    > > > > >
    > > > > > 2) how it maintains the users status once authorized should the

    user
    > > > > request
    > > > > > additional pages in the protected folder.
    > > > > >
    > > > > >
    > > > > > Is that done in the web.config file? I don't see any instructions

    > at
    > > > that
    > > > > > link on how to accomplish this whithout using cookies.
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > > "Steve C. Orr, MCSD" <> wrote in message
    > > > > > news:...
    > > > > > > You can put each group of files into their own subfolders under

    > your
    > > > > root
    > > > > > > web application, and then create a web.config for each subfolder

    > > with
    > > > > the
    > > > > > > appropriate settings in it.
    > > > > > > You could alternately do this with a single web.config file by

    > using
    > > > the
    > > > > > > <location> tag.
    > > > > > > Here's more info on that and an example:
    > > > > > > http://www.dotnetbips.com/displayarticle.aspx?id=117
    > > > > > >
    > > > > > > --
    > > > > > > I hope this helps,
    > > > > > > Steve C. Orr, MCSD
    > > > > > > http://Steve.Orr.net
    > > > > > >
    > > > > > >
    > > > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > > > news:u$...
    > > > > > > > Some time ago I set up an ASP application that used a login

    page
    > > > which
    > > > > > > > checked a username and password against a database to

    determine
    > a
    > > > > users
    > > > > > > > authorization to access certain pages on the site. This was

    done
    > > by
    > > > > > > setting
    > > > > > > > a session variable within the application if the user was

    > > authorized
    > > > > and
    > > > > > > > using code one each page for which protection was required to

    > > check
    > > > > for
    > > > > > > the
    > > > > > > > status of the session variable.
    > > > > > > >
    > > > > > > > Now I am aware of the various techniques that ASP.NET provides

    > to
    > > > > allow
    > > > > > or
    > > > > > > > preclude access to asp.net apps but frankly I really liked

    that
    > > > other
    > > > > > one
    > > > > > > > because it didn't use cookies which many users are a bit

    afraid
    > > of.
    > > > > > > >
    > > > > > > > My problem is this....I can't remember how I set it up and I

    > don't
    > > > > know
    > > > > > > > where to look. I think I found the technique in an old ASP

    book
    > > (vs
    > > > > > > > asp.net).
    > > > > > > >
    > > > > > > > Does anyone know where I can look to find this technique in

    the
    > > form
    > > > > of
    > > > > > > > sample code or a tutorial?
    > > > > > > >
    > > > > > > > and
    > > > > > > >
    > > > > > > > Is this a viable technique to use in ASP.Net?
    > > > > > > >
    > > > > > > >
    > > > > > > > Thanks in advance
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
    joe, Jul 6, 2003
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Iain
    Replies:
    3
    Views:
    927
  2. Nathan Sokalski
    Replies:
    0
    Views:
    604
    Nathan Sokalski
    Oct 5, 2008
  3. John
    Replies:
    5
    Views:
    985
    dorayme
    Mar 1, 2010
  4. mldardy
    Replies:
    0
    Views:
    961
    mldardy
    Sep 28, 2010
  5. joe
    Replies:
    0
    Views:
    116
Loading...

Share This Page