some stuff private

Discussion in 'ASP .Net' started by jaems, Mar 19, 2008.

  1. jaems

    jaems Guest

    I want to keep some stuff just for certain web users using a secure folder
    with id and password which I can set up via my web hosts control panel

    If a visitor to my site needs to go to a page within this folder a login
    window appears and they have to login

    If I have a user who answers certain questions on one of the public page on
    my site I need them to be able to enter the secure area directly

    Is there any way to provide the credentials to get into the secure folder
    with out invoking the login window?


    Jaes
     
    jaems, Mar 19, 2008
    #1
    1. Advertisements

  2. There are a variety of ways to do this, depending on who you are "allowing"
    or "keeping out" and which tools you have at your disposal.

    1. Protect the directory in windows. This works well on an Intranet and will
    prompt users who do not have access via a windows pop up box. This is NOT a
    good option for an Internet site.

    2. Add a config file to the directory in question that has authentication
    and authorization sections set up. This alone will force the user to the
    specified login page.

    Now, if a regular login page is not an option (as you have stated), you can
    either use a custom Membership provider, or you can fake it by using the
    Membership piece and redirecting the user to a page as if they were logged
    in.

    'VB
    FormsAuthentication.RedirectFromLoginPage(userName, False)

    The second part (False) is whether to set a cookie. You might want this to
    be true so the user can revisit the page over and over again.

    You can also kludge up your own security, either by cookie or session, if
    you so desire.

    //C#
    string sessionLogIn = Session["LogIn"];

    if(sessionLogIn == null)
    {
    //usernot valid, send them to another page
    }
    else
    {
    //allow user to see page
    }


    Place on each page and set the Session["LogIn"] value on the page with the
    questions.

    If you can use Membership, it is potentially better, as it allows you to
    reuse bits of the ASP.NET framework, but it may be overkill, especially with
    a custom membership provider.

    SPECIFICS INLINE


    You have the ability to log someone in without them supplying credentials.
    That is the RedirectFromLoginPage() bits (see above). You make a login page
    (your question page) without a login control.

    As mentioned, you can also roll your own.
     
    Cowboy \(Gregory A. Beamer\), Mar 19, 2008
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.