Multi Level Forms Authentication Help DESPERATELY NEEDED!

Tech-Archive recommends: Fix windows errors by optimizing your registry

Help Please!



I've been tasked with converting a portion of the corporate web site that
currently utilizes local user accounts and NTFS via Basic Authentication to
access certain files on the web site to an ASP .NET Forms Authentication
approach with SQL Server. I'm just getting comfortable with ASP .Net, but
strong in Classic ASP.



My issue lies with the multiple levels of security (or roles) required to
manage access to sub folders on the server. All users that successfully
authenticate via the DB will need access to a folder called Dealers. (I
fairly certain I can handle that part.) Within the Dealers folder, there
are two additional sub folders; Sales and Marketing. Some users will
require access to just Sales, some to only Marketing, some to both, and some
to neither. I am considering using a roles approach, like in AD, only the
roles and users info would be extracted from the DB during the
authentication process. A user could be associated to 1 or many roles like
DlrAccess, SalesAccess, and/or MktAccess to help manage access.



I would appreciate your help in how I can provide a single login approach
while still managing access to the aforementioned subdirectories. There's a
catch... I need to also managing access to non-Dot Net files, like .pdfs
and .docs.



I feel confident I could code this if I only had to work with .aspx pages.
However, I'm reached an impasse as to how I can support the other file
types. I know I can map the .pdf extension to the aspnet_isapi.dll.
Unfortunately, that doesn't allow me to access the roles returned from the
DB to determine if that user can access the requested file. And requiring
the user to log in multiple times is a last resort approach.



Can anyone help me out and offer another design to solve this dilemma???



Please Help!

-Rigs




.

Relevant Pages

  • Re: Forms based authentication and classic ASP pages
    ... Associate .asp with .NET API ... > I have a web site which is currently protected by forms authentication ... > the rest of the web site. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Web.config Always Reverts to authentication mode="Windows"
    ... I am new to ASP.NET I am even newer to Visual Studio. ... Every time I "Publish Web Site" (doing so on a local networked ... authentication mode="Windows" ...
    (microsoft.public.dotnet.framework.aspnet)
  • Web.config Always Reverts to authentication mode="Windows"
    ... I am new to ASP.NET I am even newer to Visual Studio. ... Every time I "Publish Web Site" (doing so on a local networked ... authentication mode="Windows" ...
    (microsoft.public.vsnet.general)
  • Re: Forms Authentication
    ... All the sub folders will be covered by the same authentication ... The authorization settings also cover all the sub folders, ... placing a new web.config file in a sub directory. ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: SBS 2003 Activesync Problem-getting 0x85010004 error on the PD
    ... Please open IIS manager console, navigate to Web Sites->Default Web Site ... Click Directory Security tap, Under Authentication and access control, ... When opening a new thread via the web interface, we recommend you check the ...
    (microsoft.public.windows.server.sbs)