Re: Newbie Needs Help!
- From: "Craig Deelsnyder" <cdeelsny@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 05 Apr 2005 11:17:29 -0500
On Tue, 05 Apr 2005 10:11:12 -0500, Joe Rigley <jcrigley@xxxxxxxxxxxxxxxxx> wrote:
Hi,
I'd appreciate some advise... I've been assigned the task of creating form
based authentication via SQL Server for a section of our corporate web site.
I know classic ASP quite well, but the ASP .NET world is very different.
And from what I've read, ASP .NET has some great functionality built into it
for form based authentication. What I'd like to know is how to make this
work.
Currently, our corporate web server is IIS 5.0 on a Win2K Pro Server in our
DMZ. (We are upgrading to IIS 6 / Win2003 Pro Server next month.) I need
to manage access to a handful of subfolders in the website. The subfolders
contain .html, .asp, and .pdf files.
Will IIS 5.0 support ASP .Net's built in methods for the integrated form
based authentication approach? (The .Net Framework, ver 1.1, is installed).
Obviously, I could go the classic ASP approach and place code in the top of
each page to do some kind of check for authentication. If the check
passes, generate the page, else redirect to the login. However, I'd prefer
to not have to modify every page.
Assuming that setup will work, how will an ASP .NET form based authentication manage access to .pdf files and static .html files?
At this point, please don't send any code. I'd just appreciate a response
as to whether this is possible and it if it is, what's the best approach to
make it happen.
Thanks kindly, -Joe
I'd recommend reading up on Forms Authentication; it does exactly what you would want to do in ASP. It sets a cookie on the user's system to say whether they are logged in or not; if not they are sent to the login page. In addition, you may want to check out the concept 'impersonation' if it's something that may be useful here (intranet application?).
As far as non-aspnet files, as mentioned, IIS by default will be the one to determine permissions on the folder, files, etc. When a request comes in for an aspx file, IIS looks up aspx in the ISAPI dll mappings in MMC, and passes it to the aspnet ISAPI dll (which in essence passes it to the aspnet worker process). However, if it's not a .NET-type of file such as html, pdf, etc. IIS will do whatever is setup in the MMC for ISAPI dll mappings. Which as we know html and pdf are just served up to the user.
You can map the aspnet ISAPI dll to these other file extensions in IIS, and then Forms Authentication can also protect them. Note there was talk there may be performance hits and/or maybe corruption problems by doing this (aspnet handling non-aspnet files), though I've never actually heard of major problems with it.
-- Craig Deelsnyder Microsoft MVP - ASP/ASP.NET .
- Follow-Ups:
- Re: Newbie Needs Help!
- From: Joe Rigley
- Re: Newbie Needs Help!
- References:
- Newbie Needs Help!
- From: Joe Rigley
- Newbie Needs Help!
- Prev by Date: Re: Setting listbox items
- Next by Date: Re: serial port access from asp.net
- Previous by thread: Re: Newbie Needs Help!
- Next by thread: Re: Newbie Needs Help!
- Index(es):
Relevant Pages
|
