RE: Securing a single aspx page

---

• From: stcheng@xxxxxxxxxxxxxxxxxxxx (Steven Cheng[MSFT])
• Date: Thu, 06 Sep 2007 03:02:53 GMT

---

Hi Brian,

Regarding on your current scenario, are you using the ASP.NET's built-in
forms authentication? Or have you also adopted the ASP.NET 2.0
membership/roleManager services? If so, I think it is quite convenient to
implement the security structure you want. Here is the steps for you to
configure them:

** Normally, forms authentication by default will allow everyone access
"login.aspx", this is the login entry. Therefore, you will not need to
apply particular secure setting on it

** For other aspx pages in your application, you can simply set them to
allow only authenticated users(who has login) by the following
authorization setting:
==================
<system.web>
...........
<authorization>
<deny users="*"/>
</authorization>
..........
============

** For the Default.aspx page, if you want to make it also available to all
users(authenticated or unauthenticated), you can use the <location> element
to apply a dedicated authorization setting for it. e.g.

<configuration>
<location path="default.aspx¡±>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
<<<<<<<<<<<<<<<<<<<<<<<<


You can also use this approach to provide customized authorization
setting(or some other setting that allow sub directory level) for a
particular page or sub directory in your ASP.NET application:

#HOW TO: Control Authorization Permissions in an ASP.NET Application
http://support.microsoft.com/kb/316871

#How To Make Application and Directory-Specific Configuration Settings in
an ASP.NET Application
http://support.microsoft.com/kb/815174

Hope this helps.


Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------

From: "Brian Simmons" <centraso@xxxxxxxxxxxxxxxx>
Subject: Securing a single aspx page
Date: Wed, 5 Sep 2007 16:33:44 -0400


I'm hoping this is a really easy situation to solve. ASP.NET 2, C#

I've got these pages in a directory:
Default.aspx // I want this page to be accessible by anyone
EditGrid.aspx // I want this page to be accessible only after you've

logged

in at Login.aspx
Login.aspx // This is the simple login page in order to access
EditGrid.aspx

Basically, Default.aspx is going to show a grid of data with no
editing/inserting/deleting capabilities and is viewable by anyone.
EditGrid.aspx is a page just for me (or other editors), and in order to

get

to the page, you need to enter the appropriate credentials at Login.aspx.

Is there an easy way to set this up?

Thanks,
Brian

.

---

• Follow-Ups:
  • Re: Securing a single aspx page
    • From: Brian Simmons

• References:
  • Securing a single aspx page
    • From: Brian Simmons

• Prev by Date: Re: Gzip weirdness
• Next by Date: Re: Looping thru asp.net controls in opener page
• Previous by thread: Re: Securing a single aspx page
• Next by thread: Re: Securing a single aspx page
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Error Writing to Event Log ... me what authentication mode you are using in you Asp.net project? ... modify the DACL setting of eventlog in registry with SDDL format. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... (microsoft.public.dotnet.general) Re: Calling SQL Native Web Service failed as unauthorized ... I understand that when you try to Add web reference to a sql http web ... right for kerberbose authentication. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... (microsoft.public.sqlserver.xml) Re: Securing a single aspx page ... forms authentication by default will allow everyone access ... authorization setting: ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ... (microsoft.public.dotnet.framework.aspnet) Re: strange security role issue ... As for the authorization, here is the setting, for a section that should not be viewable by a new user: ... But this seems only to reproduce the functionality that security trimming provides, and is not required, correct? ... Microsoft MSDN Online Support Lead ... from the community or a Microsoft Support ... (microsoft.public.vsnet.general) Re: Network/Web Site Authentication ... Kerberos auth related issue. ... make sure the 'Enable Integrated Windows Authentication' ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ... (microsoft.public.inetserver.iis.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.aspnet  > 2007-09