By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,795 Members | 1,235 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,795 IT Pros & Developers. It's quick & easy.

Directory based authentication

P: n/a
Hello all,

I have a set of admin pages which are put in a subfolder called admin inside
my application folder.
I want to limit access to these admin pages.
How can I do this?

In Linux, I can password protect the directory, so that whenever a page
within the admin subfolder is accessed for the first time, an authentication
window pops up asking for username-password. How can I implement the same
in IIS ?

This way I can avoid having to programmatically implement login feature.

Can anyone please throw light on this ?

Thanks
SeeSharp.
Nov 17 '05 #1
Share this Question
Share on Google+
10 Replies


P: n/a
You can go for form authentication or windows authentication, then use
location tag or create web.config (in that folder) to specify particular
permission for specific folder using role based authorization. For example
to set permission to particular folder using location tag,
<location path="<foldername>">
<system.web>
<autorization>
<allow users="Admin">
<deny users="*">
</autorization>
</system.web>
</location>
--
Saravana
Microsoft India Community Star,
MCAD,SE,SD,DBA.
"See Sharp" <sm****@inapp.com> wrote in message
news:#U**************@TK2MSFTNGP11.phx.gbl...
Hello all,

I have a set of admin pages which are put in a subfolder called admin inside my application folder.
I want to limit access to these admin pages.
How can I do this?

In Linux, I can password protect the directory, so that whenever a page
within the admin subfolder is accessed for the first time, an authentication window pops up asking for username-password. How can I implement the same
in IIS ?

This way I can avoid having to programmatically implement login feature.

Can anyone please throw light on this ?

Thanks
SeeSharp.

Nov 17 '05 #2

P: n/a
Thanks Saravana,

But I still get problems. Its shows an access denied problem.
I have a parent directory called app. I configured it as a virtual
directory.
I use the IIS configuration tool from control panel, right click app -> all
tasks -> permission wizard -> select new security settings -> public
website.
Now I can access the pages in app folder as http://localhost/app/index1.aspx
In the web.config of the app folder I have the following data:
************************************************** ********
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>

<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
<location path="admin">
<system.web>
<authorization>
<allow users="abcd" />
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
****************************

I have a subfolder admin in my app folder.
Actually I made it as another application and copied the application's
folder as a subfolder called admin in my app folder.
The admin folder therefore has a web.config too.
But I deleted it so that there is no ambiguity.
I have not made the admin subfolder as a virtual directory.

Now with the above security settings, I should get the the files in the
admin folder as http://localhost/app/admin/index1.aspx
It should ask for authentication and when I enter the username password of
user abcd, it should let me in.
But This does not happen.
I get an error.
I tried making the admin subfolder as a virtual directory.
I even tried to retain its web.config and place this within it:
<authorization>
<allow users="abcd" />
<deny users="*" />
</authorization>
In that case it works, but it allows all users in.
Not abcd alone.

Can you please throw light on this ?
Thanks a lot
SeeSharp.

"Saravana" <sa******@sct.co.in> wrote in message
news:Oc**************@TK2MSFTNGP11.phx.gbl...
You can go for form authentication or windows authentication, then use
location tag or create web.config (in that folder) to specify particular
permission for specific folder using role based authorization. For example
to set permission to particular folder using location tag,
<location path="<foldername>">
<system.web>
<autorization>
<allow users="Admin">
<deny users="*">
</autorization>
</system.web>
</location>
--
Saravana
Microsoft India Community Star,
MCAD,SE,SD,DBA.
"See Sharp" <sm****@inapp.com> wrote in message
news:#U**************@TK2MSFTNGP11.phx.gbl...
Hello all,

I have a set of admin pages which are put in a subfolder called admin

inside
my application folder.
I want to limit access to these admin pages.
How can I do this?

In Linux, I can password protect the directory, so that whenever a page
within the admin subfolder is accessed for the first time, an

authentication
window pops up asking for username-password. How can I implement the same in IIS ?

This way I can avoid having to programmatically implement login feature.

Can anyone please throw light on this ?

Thanks
SeeSharp.


Nov 17 '05 #3

P: n/a
Have set integrated authentication or basic authentication in IIS. So first
set its authentication mode in IIS,then enable impersonation in web.config.
Then try, it should work.

--
Saravana
Microsoft India Community Star,
MCAD,SE,SD,DBA.
"See Sharp" <sm****@inapp.com> wrote in message
news:e9**************@tk2msftngp13.phx.gbl...
Thanks Saravana,

But I still get problems. Its shows an access denied problem.
I have a parent directory called app. I configured it as a virtual
directory.
I use the IIS configuration tool from control panel, right click app -> all tasks -> permission wizard -> select new security settings -> public
website.
Now I can access the pages in app folder as http://localhost/app/index1.aspx In the web.config of the app folder I have the following data:
************************************************** ********
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>

<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
<location path="admin">
<system.web>
<authorization>
<allow users="abcd" />
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
****************************

I have a subfolder admin in my app folder.
Actually I made it as another application and copied the application's
folder as a subfolder called admin in my app folder.
The admin folder therefore has a web.config too.
But I deleted it so that there is no ambiguity.
I have not made the admin subfolder as a virtual directory.

Now with the above security settings, I should get the the files in the
admin folder as http://localhost/app/admin/index1.aspx
It should ask for authentication and when I enter the username password of
user abcd, it should let me in.
But This does not happen.
I get an error.
I tried making the admin subfolder as a virtual directory.
I even tried to retain its web.config and place this within it:
<authorization>
<allow users="abcd" />
<deny users="*" />
</authorization>
In that case it works, but it allows all users in.
Not abcd alone.

Can you please throw light on this ?
Thanks a lot
SeeSharp.

"Saravana" <sa******@sct.co.in> wrote in message
news:Oc**************@TK2MSFTNGP11.phx.gbl...
You can go for form authentication or windows authentication, then use
location tag or create web.config (in that folder) to specify particular
permission for specific folder using role based authorization. For example to set permission to particular folder using location tag,
<location path="<foldername>">
<system.web>
<autorization>
<allow users="Admin">
<deny users="*">
</autorization>
</system.web>
</location>
--
Saravana
Microsoft India Community Star,
MCAD,SE,SD,DBA.
"See Sharp" <sm****@inapp.com> wrote in message
news:#U**************@TK2MSFTNGP11.phx.gbl...
Hello all,

I have a set of admin pages which are put in a subfolder called admin

inside
my application folder.
I want to limit access to these admin pages.
How can I do this?

In Linux, I can password protect the directory, so that whenever a page within the admin subfolder is accessed for the first time, an

authentication
window pops up asking for username-password. How can I implement the

same in IIS ?

This way I can avoid having to programmatically implement login feature.
Can anyone please throw light on this ?

Thanks
SeeSharp.



Nov 17 '05 #4

P: n/a
Please fix the date on your computer.
Nov 17 '05 #5

P: n/a
Yup. I did that. I am sorry. I used the calendar to choose a relieving date
[ I am planning to resign from my job next month].
And I accidently clicked OK :">

SeeSharp

"Steve C. Orr, MCSD" <St***@Orr.net> wrote in message
news:ug**************@TK2MSFTNGP12.phx.gbl...
Please fix the date on your computer.

Nov 17 '05 #6

P: n/a
Hi SeeSharp,

I am an application that does EXACTLY the same as you - an admin folder with
admin pages that is restricted to a select few. Have you managed to get
your application to work as you wanted? If so, I would be very interested
to know how you did it. Authentication is something I have not yet
mastered.

Cheers,

Paul Hobbs

"See Sharp" <sm****@inapp.com> wrote in message
news:#U**************@TK2MSFTNGP11.phx.gbl...
Hello all,

I have a set of admin pages which are put in a subfolder called admin inside my application folder.
I want to limit access to these admin pages.
How can I do this?

In Linux, I can password protect the directory, so that whenever a page
within the admin subfolder is accessed for the first time, an authentication window pops up asking for username-password. How can I implement the same
in IIS ?

This way I can avoid having to programmatically implement login feature.

Can anyone please throw light on this ?

Thanks
SeeSharp.

Nov 17 '05 #7

P: n/a
Hi Paul

I disabled anonymous logon to my admin directory. In the access control
list, I add each member whom I want to deny [including anonymous] and deny
all rights to them. The everyone user has all "required" permissions.

SeeSharp

"Paul Hobbs" <pa**@mobius.net.au> wrote in message
news:#R**************@TK2MSFTNGP12.phx.gbl...
Hi SeeSharp,

I am an application that does EXACTLY the same as you - an admin folder with admin pages that is restricted to a select few. Have you managed to get
your application to work as you wanted? If so, I would be very interested
to know how you did it. Authentication is something I have not yet
mastered.

Cheers,

Paul Hobbs

"See Sharp" <sm****@inapp.com> wrote in message
news:#U**************@TK2MSFTNGP11.phx.gbl...
Hello all,

I have a set of admin pages which are put in a subfolder called admin

inside
my application folder.
I want to limit access to these admin pages.
How can I do this?

In Linux, I can password protect the directory, so that whenever a page
within the admin subfolder is accessed for the first time, an

authentication
window pops up asking for username-password. How can I implement the same in IIS ?

This way I can avoid having to programmatically implement login feature.

Can anyone please throw light on this ?

Thanks
SeeSharp.


Nov 17 '05 #8

P: n/a
AuthentiX passwords protects directories and files.

http://www.flicks.com/prod.htm#authnx


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 17 '05 #9

P: n/a
What sets the current "user"? For example how do I know if the person is
"Admin"? Where is that set?

"Saravana" <sa******@sct.co.in> wrote in message
news:Oc**************@TK2MSFTNGP11.phx.gbl...
You can go for form authentication or windows authentication, then use
location tag or create web.config (in that folder) to specify particular
permission for specific folder using role based authorization. For example
to set permission to particular folder using location tag,
<location path="<foldername>">
<system.web>
<autorization>
<allow users="Admin">
<deny users="*">
</autorization>
</system.web>
</location>
--
Saravana
Microsoft India Community Star,
MCAD,SE,SD,DBA.
"See Sharp" <sm****@inapp.com> wrote in message
news:#U**************@TK2MSFTNGP11.phx.gbl...
Hello all,

I have a set of admin pages which are put in a subfolder called admin

inside
my application folder.
I want to limit access to these admin pages.
How can I do this?

In Linux, I can password protect the directory, so that whenever a page
within the admin subfolder is accessed for the first time, an

authentication
window pops up asking for username-password. How can I implement the same in IIS ?

This way I can avoid having to programmatically implement login feature.

Can anyone please throw light on this ?

Thanks
SeeSharp.


Nov 17 '05 #10

P: n/a
You assign roles to each user. This has to be done on each request. You set
Context.User to a new GenericPrincipal, and assign roles at the same time.
Then you can check using User.IsInRole.

The downside is, obviousely, that you must create a new user on each
request. A better way would be to save all this information in the Session
object. But unfortunately that data isn't accessible from within any of the
Application_Request* events in global.asax. So you basically need to include
a file for checking in every page.

/john

"VB Programmer" <gr*********@go-intech.com> wrote in message
news:uy**************@TK2MSFTNGP11.phx.gbl...
What sets the current "user"? For example how do I know if the person is
"Admin"? Where is that set?

"Saravana" <sa******@sct.co.in> wrote in message
news:Oc**************@TK2MSFTNGP11.phx.gbl...
You can go for form authentication or windows authentication, then use
location tag or create web.config (in that folder) to specify particular
permission for specific folder using role based authorization. For example to set permission to particular folder using location tag,
<location path="<foldername>">
<system.web>
<autorization>
<allow users="Admin">
<deny users="*">
</autorization>
</system.web>
</location>
--
Saravana
Microsoft India Community Star,
MCAD,SE,SD,DBA.
"See Sharp" <sm****@inapp.com> wrote in message
news:#U**************@TK2MSFTNGP11.phx.gbl...
Hello all,

I have a set of admin pages which are put in a subfolder called admin

inside
my application folder.
I want to limit access to these admin pages.
How can I do this?

In Linux, I can password protect the directory, so that whenever a page within the admin subfolder is accessed for the first time, an

authentication
window pops up asking for username-password. How can I implement the

same in IIS ?

This way I can avoid having to programmatically implement login feature.
Can anyone please throw light on this ?

Thanks
SeeSharp.



Nov 17 '05 #11

This discussion thread is closed

Replies have been disabled for this discussion.