Web.Config and Authentication

Depending on the number of non-secure pages, you have two options.

1. Create two apps, one secure and one not. You can have the secure app
inside the non-secure so they appear the same to the user. If you do not
store anything in the Session object, you can also institute single sign on
for any number of apps by using the same session cookie name and
encrypt/decrypt keys.

2. Set up exclusions for the files you wish the user to hit (with 1.1, I
believe each file has to be excluded individually, whether config or
programatic).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
"Shapper" wrote:

Hello,

I am creating a web site with a Content Management System.

The web site doesn't have any restricted area.
The CMS has a login page and all pages in it need the user to be
authenticated.

I am following this tutorial in MSDN:
http://support.microsoft.com/kb/308157/EN-US/

I am having a few problems the moment I start to make changes in
<authorization> in my web config file.

Should I use 2 web.cofig files? One for the web site pages and other for
the CMS pages. Well, I don't know if this is even possible.

And how can I set that pages A and B need authentication and pages C, D
and E don't need authentication.

Can someone give me some help and guidance on this?

Thanks,
Miguel

Hello,

My plan is as follows:

1. Redirect the user to login.aspx when the user visits a protected page
and it is not login yet.

2. After login 2 information need to be available:
a) User has Login
b) User Access Level

3. In each protected page I need to be able to:
a) Check if user has login
b) Check what is the user access level.

Can someone help me out with this?
I have been reading an but I got completely lost about it as it just
simulates a simple login with no access level and no public and
protected pages.

Thanks,
Miguel

"Cowboy (Gregory A. Beamer) - MVP" <No************@comcast.netNoSpamM>
wrote in message news:No************@comcast.netNoSpamM:

Depending on the number of non-secure pages, you have two options.

1. Create two apps, one secure and one not. You can have the secure app
inside the non-secure so they appear the same to the user. If you do not
store anything in the Session object, you can also institute single sign on
for any number of apps by using the same session cookie name and
encrypt/decrypt keys.

2. Set up exclusions for the files you wish the user to hit (with 1.1, I
believe each file has to be excluded individually, whether config or
programatic).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
"Shapper" wrote:

Hello,

I am creating a web site with a Content Management System.

The web site doesn't have any restricted area.
The CMS has a login page and all pages in it need the user to be
authenticated.

I am following this tutorial in MSDN:
http://support.microsoft.com/kb/308157/EN-US/

I am having a few problems the moment I start to make changes in
<authorization> in my web config file.

Should I use 2 web.cofig files? One for the web site pages and other for
the CMS pages. Well, I don't know if this is even possible.

And how can I set that pages A and B need authentication and pages C, D
and E don't need authentication.

Can someone give me some help and guidance on this?

Thanks,
Miguel