RE: Secure some pages and not other
From: Steven Cheng[MSFT] (v-schang_at_online.microsoft.com)
Date: 03/02/04
- Next message: Amit Pandya: "Re: Preserve value in HTML File Control"
- Previous message: Jack Wright: "Re: Reduce The Size Of Your ASP.NET Output"
- In reply to: Shimon Sim: "Secure some pages and not other"
- Next in thread: Shimon Sim: "Re: Secure some pages and not other"
- Reply: Shimon Sim: "Re: Secure some pages and not other"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 02 Mar 2004 04:05:29 GMT
Hi Shimon,
Thanks for posting in the community!
>From your description, you're using the Formsauthentication in your ASP.NET
web app. And you've some different sets fo files in your web apps which are
protected from different groups of users(protected level). So you're
wanting how to set such multi-authroized configuration in a single ASP.NET
web app, yes?
If there is anything I misunderstood, please feel free to let me know.
Based on my experience, you may have a try on the <location> Element in the
web.config file. This element can help apply a certain sections of
configuration to a certain specified part of a web app(via url path). Here
are the referernce of the <location> Element in MSDN:
#<location> Element
http://msdn.microsoft.com/library/en-us/cpgenref/html/gngrflocationelement.a
sp?frame=true
As for your situation , you can put those different protected files into
several sub dirctories in the web app's root folder. Then use the
<location> Element to specify different authorization settings for these
sub directories. For example:
If we have a web app named MyApp(used formsauthentication) and has the
following folder hierarchy:
MyApp/
....public resources
Admin/
....admin protected level resources
User/
....normal user protected level resources
Then we can specify different authorization protections for them via t he
below configuration in web.config
<configuration>
<system.web>
<authentication mode="Forms">
<forms name=".ASPNET_FORM_NAME" loginUrl="login.aspx" >
</forms>
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<!¡ª Configuration for the "Sub1" subdirectory. -->
<location path="Admin">
<system.web>
<authorization>
..... Authrozation for Admin
</authorization>
</system.web>
</location>
<!¡ª Configuration for the "Sub2" subdirectory. -->
<location path="sub2">
<system.web>
<authorization>
..... Authrozation for Normal user
</authorization>
</system.web>
</location>
</configuration>
In addition, here are some further tech references on how to apply
heirarchical configuration Inheritance in web.config:
#Configuration Inheritance
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconconfigurationinher
itance.asp?frame=true
#Configuration <location> Settings
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconconfigurationlocat
ionsettings.asp?frame=true
#Locking Configuration Settings
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconlockingconfigurati
onsettings.asp?frame=true
Please refer to them if you feel anything unclear.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx
- Next message: Amit Pandya: "Re: Preserve value in HTML File Control"
- Previous message: Jack Wright: "Re: Reduce The Size Of Your ASP.NET Output"
- In reply to: Shimon Sim: "Secure some pages and not other"
- Next in thread: Shimon Sim: "Re: Secure some pages and not other"
- Reply: Shimon Sim: "Re: Secure some pages and not other"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
