By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,705 Members | 2,013 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,705 IT Pros & Developers. It's quick & easy.

File level permissions using the web.config & forms authentication

P: n/a
Hi,

Is there a way of requiring a log in for individual asp.net pages rather
than securing a entire directory. I have a web app where there are 100+
pages but only 2 need to be password protected. I am currently using forms
authentication to block the entire folder:

<authentication mode="Forms">
<forms name=".MYCOOKIE"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>

Thanks in advance,

Stu
Nov 18 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Can you put them in a sub directory and use <location> tag to do the
authentication?

--
Girish Bharadwaj
http://msmvps.com/gbvb
"Stu Lock" <s.****@cergis.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Hi,

Is there a way of requiring a log in for individual asp.net pages rather
than securing a entire directory. I have a web app where there are 100+
pages but only 2 need to be password protected. I am currently using forms
authentication to block the entire folder:

<authentication mode="Forms">
<forms name=".MYCOOKIE"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>

Thanks in advance,

Stu

Nov 18 '05 #2

P: n/a
> Can you put them in a sub directory and use <location> tag to do the
authentication?
I could but I was looking for a 'nicer' way to do it. The pages are part of
quite a large content management system with hierachical menus. I would have
preferred not having to mess about with changing the menu links to pages if
they are to be secured.

If I can't do it by configuring the web.config file I'll probably go with
something like this in the pageload area:

If Not IsNumeric(Page.User.Identity) Then
Response.Redirect("logon.aspx?ReturnUrl="MyPage.as px")

Thanks for the response anyway.

Stu
"Girish Bharadwaj" <gi*****@mvps.org> wrote in message
news:OG**************@TK2MSFTNGP15.phx.gbl... Can you put them in a sub directory and use <location> tag to do the
authentication?

--
Girish Bharadwaj
http://msmvps.com/gbvb
"Stu Lock" <s.****@cergis.com> wrote in message
news:%2****************@TK2MSFTNGP09.phx.gbl...
Hi,

Is there a way of requiring a log in for individual asp.net pages rather
than securing a entire directory. I have a web app where there are 100+
pages but only 2 need to be password protected. I am currently using
forms
authentication to block the entire folder:

<authentication mode="Forms">
<forms name=".MYCOOKIE"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>

Thanks in advance,

Stu


Nov 18 '05 #3

P: n/a
Would this work:

<authorization>
<allow users="*"/>
</authorization>

<location path="folder/filename1.aspx">
<system.web>
<authorization>
<allow roles="user"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="folder/filename2.aspx">
<system.web>
<authorization>
<allow roles="user"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

I hope that helps!

Charles

"Stu Lock" wrote:
Hi,

Is there a way of requiring a log in for individual asp.net pages rather
than securing a entire directory. I have a web app where there are 100+
pages but only 2 need to be password protected. I am currently using forms
authentication to block the entire folder:

<authentication mode="Forms">
<forms name=".MYCOOKIE"
loginUrl="login.aspx"
protection="All"
timeout="30"
path="/"/>
</authentication>
<authorization>
<deny users="?" />
</authorization>

Thanks in advance,

Stu

Nov 18 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.