Re: Newbie Needs Help!
- From: "Joe Rigley" <jcrigley@xxxxxxxxxxxxxxxxx>
- Date: Tue, 5 Apr 2005 15:46:35 -0400
Craig,
Thanks for the great information. You mentioned Impersonation. How would
that help me?
-Joe
"Craig Deelsnyder" <cdeelsny@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:op.sorovfme75dg5d@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> On Tue, 05 Apr 2005 10:11:12 -0500, Joe Rigley
> <jcrigley@xxxxxxxxxxxxxxxxx> wrote:
>
>> Hi,
>>
>> I'd appreciate some advise... I've been assigned the task of creating
>> form
>> based authentication via SQL Server for a section of our corporate web
>> site.
>> I know classic ASP quite well, but the ASP .NET world is very different.
>> And from what I've read, ASP .NET has some great functionality built
>> into it
>> for form based authentication. What I'd like to know is how to make this
>> work.
>>
>> Currently, our corporate web server is IIS 5.0 on a Win2K Pro Server in
>> our
>> DMZ. (We are upgrading to IIS 6 / Win2003 Pro Server next month.) I
>> need
>> to manage access to a handful of subfolders in the website. The
>> subfolders
>> contain .html, .asp, and .pdf files.
>>
>> Will IIS 5.0 support ASP .Net's built in methods for the integrated form
>> based authentication approach? (The .Net Framework, ver 1.1, is
>> installed).
>> Obviously, I could go the classic ASP approach and place code in the top
>> of
>> each page to do some kind of check for authentication. If the check
>> passes, generate the page, else redirect to the login. However, I'd
>> prefer
>> to not have to modify every page.
>>
>> Assuming that setup will work, how will an ASP .NET form based
>> authentication manage access to .pdf files and static .html files?
>>
>> At this point, please don't send any code. I'd just appreciate a
>> response
>> as to whether this is possible and it if it is, what's the best approach
>> to
>> make it happen.
>>
>> Thanks kindly,
>> -Joe
>>
>>
>
> I'd recommend reading up on Forms Authentication; it does exactly what you
> would want to do in ASP. It sets a cookie on the user's system to say
> whether they are logged in or not; if not they are sent to the login
> page. In addition, you may want to check out the concept 'impersonation'
> if it's something that may be useful here (intranet application?).
>
> As far as non-aspnet files, as mentioned, IIS by default will be the one
> to determine permissions on the folder, files, etc. When a request comes
> in for an aspx file, IIS looks up aspx in the ISAPI dll mappings in MMC,
> and passes it to the aspnet ISAPI dll (which in essence passes it to the
> aspnet worker process). However, if it's not a .NET-type of file such as
> html, pdf, etc. IIS will do whatever is setup in the MMC for ISAPI dll
> mappings. Which as we know html and pdf are just served up to the user.
>
> You can map the aspnet ISAPI dll to these other file extensions in IIS,
> and then Forms Authentication can also protect them. Note there was talk
> there may be performance hits and/or maybe corruption problems by doing
> this (aspnet handling non-aspnet files), though I've never actually heard
> of major problems with it.
>
> --
> Craig Deelsnyder
> Microsoft MVP - ASP/ASP.NET
.
- Follow-Ups:
- Re: Newbie Needs Help!
- From: Craig Deelsnyder
- Re: Newbie Needs Help!
- References:
- Newbie Needs Help!
- From: Joe Rigley
- Re: Newbie Needs Help!
- From: Craig Deelsnyder
- Newbie Needs Help!
- Prev by Date: Re: regarding polling through thread
- Next by Date: Solution while process is running
- Previous by thread: Re: Newbie Needs Help!
- Next by thread: Re: Newbie Needs Help!
- Index(es):
Relevant Pages
|
