Re: Multi Level Forms Authentication Help DESPERATELY NEEDED!

Forms authentication supports this functionality.
You can have a web.config in each folder that specifies who's allowed in.

Here's more info:
http://www.dotnetbips.com/displayarticle.aspx?id=117
http://support.microsoft.com/default.aspx?scid=kb;en-us;311495
http://www.4guysfromrolla.com/webtech/121901-1.2.shtml
http://www.eggheadcafe.com/articles/20020906.asp

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://SteveOrr.net


"Joe Rigley" <jcrigley@xxxxxxxxxxxxxxxxx> wrote in message
news:OIJhYSnVFHA.4056@xxxxxxxxxxxxxxxxxxxxxxx
> Help Please!
>
>
>
> I've been tasked with converting a portion of the corporate web site that
> currently utilizes local user accounts and NTFS via Basic Authentication
> to access certain files on the web site to an ASP .NET Forms
> Authentication approach with SQL Server. I'm just getting comfortable
> with ASP .Net, but strong in Classic ASP.
>
>
>
> My issue lies with the multiple levels of security (or roles) required to
> manage access to sub folders on the server. All users that successfully
> authenticate via the DB will need access to a folder called Dealers. (I
> fairly certain I can handle that part.) Within the Dealers folder, there
> are two additional sub folders; Sales and Marketing. Some users will
> require access to just Sales, some to only Marketing, some to both, and
> some to neither. I am considering using a roles approach, like in AD,
> only the roles and users info would be extracted from the DB during the
> authentication process. A user could be associated to 1 or many roles
> like DlrAccess, SalesAccess, and/or MktAccess to help manage access.
>
>
>
> I would appreciate your help in how I can provide a single login approach
> while still managing access to the aforementioned subdirectories. There's
> a catch... I need to also managing access to non-Dot Net files, like
> .pdfs and .docs.
>
>
>
> I feel confident I could code this if I only had to work with .aspx pages.
> However, I'm reached an impasse as to how I can support the other file
> types. I know I can map the .pdf extension to the aspnet_isapi.dll.
> Unfortunately, that doesn't allow me to access the roles returned from the
> DB to determine if that user can access the requested file. And requiring
> the user to log in multiple times is a last resort approach.
>
>
>
> Can anyone help me out and offer another design to solve this dilemma???
>
>
>
> Please Help!
>
> -Rigs
>
>
>
>


.