Re: ASP.NET login authentication

From: Ken Dopierala Jr. (kdopierala2_at_wi.rr.com)
Date: 09/24/04


Date: Fri, 24 Sep 2004 10:27:21 -0500

Hi,

What I do is I use one login page but then I create <location> tags. These
tags specify which users in which roles get to access pages in specific
folders. Be sure to assign roles to your users when they login. For
example:

 <location path="Members/Administrator">
  <system.web>
   <authorization>
    <allow roles="Administrator"></allow>
    <deny users="*"/>
   </authorization>
  </system.web>
 </location>

 <location path="Members/Registered">
  <system.web>
   <authorization>
    <allow roles="Registered"></allow>
    <deny users="*"/>
   </authorization>
  </system.web>
 </location>

 <location path="Members/Shared">
  <system.web>
   <authorization>
    <allow roles="Administrator, Registered"></allow>
    <deny users="*"/>
   </authorization>
  </system.web>
 </location>

The top location tag allows only people in the Administrator role to access
pages in the /Members/Administrator folder. The second tag allows
Registered users to view their pages. The third allows both Administrators
and Registered users to view the Shared folder. I put my <location> tags
directly above my <system.web> tag and directly below my <configuration> tag
in the Web.config file. Doing it this way you only need to have 1 login per
user and then they can go wherever they are allowed to. Good luck! Ken.

-- 
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
"nicholas" <murmurait1@hotmail.com> wrote in message
news:%23859cjkoEHA.3988@tk2msftngp13.phx.gbl...
> Hi,
>
> Got an asp.net application and I use the "forms" authentication mode
defined
> in the web.config file.
>
> Everything works fine.
> But now I would like to add a second, different login page for the users
> that go in a specific folder.
> How can I do this?
>
> I tried this:
>
> my root web.config contains:
> -----------------------------
>             <authentication mode="Forms">
>                     <forms name="GLWEB.ASPXAUTH"
>                            loginUrl="login.aspx"
>                            protection="All"
>                            timeout="500"
>                            path="/"
>                      />
>              </authentication>
>
>             <authorization>
>                <allow users="*" />
>                <deny users="?" />
>             </authorization>
> -----------------------------
>
> But for the folder /members I want another login page, so I inserted this
in
> the web.config in the folder /members:
> -----------------------------
>    <authentication mode="Forms">
>         <forms name="GLWEB.ASPXAUTH"
>                loginUrl="/members/login.aspx"
>                protection="All"
>                timeout="500"
>                path="/"
>         />
>    </authentication>
>
>    <authorization>
>        <allow roles="member" />
>     <deny users="*" />
>  </authorization>
> -------------------------------
>
> Hope someone can help me.
> THX !
>
>