Re: Newbie Needs Help!

AFAIK, forms based authentication is used only to control access to pages in
your ASP.NET application. It simply works by testing to see if you have a
valid ticket for the current session (usually set once login is successful)
if there isn't one then the user is redirected to a login page, usually
defined in the Web.Config file.

Access to files via a direct URL will, I think, only be controlled by the
filesystem access allowed to the directory in question, so I there is a
security restrictions in place then the user might be prompted to enter
their credentials into a windows dialog box.

Hope that help a bit.

IIS 5 does indeed support ASP.NET 1.1 and all that goes with it.

MattC
"Joe Rigley" <jcrigley@xxxxxxxxxxxxxxxxx> wrote in message
news:unlXnGfOFHA.2604@xxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> I'd appreciate some advise... I've been assigned the task of creating
> form based authentication via SQL Server for a section of our corporate
> web site. I know classic ASP quite well, but the ASP .NET world is very
> different. And from what I've read, ASP .NET has some great functionality
> built into it for form based authentication. What I'd like to know is how
> to make this work.
>
> Currently, our corporate web server is IIS 5.0 on a Win2K Pro Server in
> our DMZ. (We are upgrading to IIS 6 / Win2003 Pro Server next month.) I
> need to manage access to a handful of subfolders in the website. The
> subfolders contain .html, .asp, and .pdf files.
>
> Will IIS 5.0 support ASP .Net's built in methods for the integrated form
> based authentication approach? (The .Net Framework, ver 1.1, is
> installed). Obviously, I could go the classic ASP approach and place code
> in the top of each page to do some kind of check for authentication. If
> the check passes, generate the page, else redirect to the login. However,
> I'd prefer to not have to modify every page.
>
> Assuming that setup will work, how will an ASP .NET form based
> authentication manage access to .pdf files and static .html files?
>
> At this point, please don't send any code. I'd just appreciate a response
> as to whether this is possible and it if it is, what's the best approach
> to make it happen.
>
> Thanks kindly,
> -Joe
>
>


.

Relevant Pages

  • Re: IIS/Windows Permissions/Rights
    ... double hop because that is a security vulnerability. ... Suppose your ASP page, when authenticated, connects to the user's bank using ... allowing the server to use their identity on their behalf to do something. ... Kerberos between IIS6 and the backend servers -- the authentication protocol ...
    (microsoft.public.inetserver.iis.security)
  • Re: NT security accounts database vs. "other"
    ... > drawbacks as I see it to NT authentication are that it may require you to ... > domain than just web server access. ... > Another option is to use local Windows accounts on the web server. ... > on an ASP page for authentication. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Newbie Needs Help!
    ... based authentication via SQL Server for a section of our corporate web site. ... I know classic ASP quite well, but the ASP .NET world is very different. ... our corporate web server is IIS 5.0 on a Win2K Pro Server in our ...
    (microsoft.public.dotnet.framework.aspnet)
  • Newbie Needs Help!
    ... based authentication via SQL Server for a section of our corporate web site. ... I know classic ASP quite well, but the ASP .NET world is very different. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Accessing network file form ASP page
    ... As to how it affects usage of Integrated Authentication -- maybe IE has code ... while when I use url WITHOUT domain specification it's loaded ... Security Zone and now my asp page works properly. ... > differently depending on whether the server name has dots in it or not (it ...
    (microsoft.public.inetserver.misc)
Loading