Re: ASP.NET login authentication

From: Ken Dopierala Jr. (kdopierala2_at_wi.rr.com)
Date: 09/24/04


Date: Fri, 24 Sep 2004 10:27:21 -0500

Hi,

What I do is I use one login page but then I create <location> tags. These
tags specify which users in which roles get to access pages in specific
folders. Be sure to assign roles to your users when they login. For
example:

 <location path="Members/Administrator">
  <system.web>
   <authorization>
    <allow roles="Administrator"></allow>
    <deny users="*"/>
   </authorization>
  </system.web>
 </location>

 <location path="Members/Registered">
  <system.web>
   <authorization>
    <allow roles="Registered"></allow>
    <deny users="*"/>
   </authorization>
  </system.web>
 </location>

 <location path="Members/Shared">
  <system.web>
   <authorization>
    <allow roles="Administrator, Registered"></allow>
    <deny users="*"/>
   </authorization>
  </system.web>
 </location>

The top location tag allows only people in the Administrator role to access
pages in the /Members/Administrator folder. The second tag allows
Registered users to view their pages. The third allows both Administrators
and Registered users to view the Shared folder. I put my <location> tags
directly above my <system.web> tag and directly below my <configuration> tag
in the Web.config file. Doing it this way you only need to have 1 login per
user and then they can go wherever they are allowed to. Good luck! Ken.

-- 
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
"nicholas" <murmurait1@hotmail.com> wrote in message
news:%23859cjkoEHA.3988@tk2msftngp13.phx.gbl...
> Hi,
>
> Got an asp.net application and I use the "forms" authentication mode
defined
> in the web.config file.
>
> Everything works fine.
> But now I would like to add a second, different login page for the users
> that go in a specific folder.
> How can I do this?
>
> I tried this:
>
> my root web.config contains:
> -----------------------------
>             <authentication mode="Forms">
>                     <forms name="GLWEB.ASPXAUTH"
>                            loginUrl="login.aspx"
>                            protection="All"
>                            timeout="500"
>                            path="/"
>                      />
>              </authentication>
>
>             <authorization>
>                <allow users="*" />
>                <deny users="?" />
>             </authorization>
> -----------------------------
>
> But for the folder /members I want another login page, so I inserted this
in
> the web.config in the folder /members:
> -----------------------------
>    <authentication mode="Forms">
>         <forms name="GLWEB.ASPXAUTH"
>                loginUrl="/members/login.aspx"
>                protection="All"
>                timeout="500"
>                path="/"
>         />
>    </authentication>
>
>    <authorization>
>        <allow roles="member" />
>     <deny users="*" />
>  </authorization>
> -------------------------------
>
> Hope someone can help me.
> THX !
>
>


Relevant Pages

  • Re: authorization problems
    ... There is also a tag that you can use to specify a particular file ... If the user is not authorized, the UrlAuthorizationModule calls ... > your IE would pop up login screen asking for username and password. ... >>> authorization caused problems. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ASP.NET login authentication
    ... THX a lot for your reply. ... Be sure to assign roles to your users when they login. ... > The top location tag allows only people in the Administrator role to ... > Ken Dopierala Jr. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: can I set web.config to require authentication only for some files?
    ... You can specify some pages to require login, and others to not require login ... via your web.config file by using the tag. ... > What if I want to configure authentication so that it's only required ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: hide SOME query results for unauthorized users
    ... I presume you have some kind of login procedure, ... and you have a table of Users and Login info. Include the tag ... permission, ... I think I know how I could "tag" ...
    (microsoft.public.access.queries)
  • Re: Let login page protect all but one page.
    ... Simply put something like this after the tag. ... "feng" wrote in message ... > Right now I have my login.aspx protects all the pages in ... > page without login, he/she will be allowed. ...
    (microsoft.public.dotnet.framework.aspnet)