By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,665 Members | 1,927 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,665 IT Pros & Developers. It's quick & easy.

Forms Auth. Question

P: n/a
Using forms authentication, can I control which pages
and/or directories a user would have access to or is that
only available with Windows authentication?

Thanks!
Nov 19 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
Hi,

If you are using roles this is really fast to do. Put this in your
<system.web> section of your web.config file:
<authentication mode="Forms">
<forms loginUrl="Login.aspx"></forms>
</authentication>

<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>

Then at the top right under <configuration> put in something like below that
matches what you want to do:

<location path="Members/Administrator">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Members/Customer">
<system.web>
<authorization>
<allow roles="Customer"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

That gives Administrators access to the www.mysite.com/members/administrator
folder and Customers access to the www.mysite.com/members/customer folder.
If someone who isn't in the correct role tries to access any .aspx files in
those folders they are redirected to the login.aspx page. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

"V. Jenks" <an*******@discussions.microsoft.com> wrote in message
news:07****************************@phx.gbl...
Using forms authentication, can I control which pages
and/or directories a user would have access to or is that
only available with Windows authentication?

Thanks!

Nov 19 '05 #2

P: n/a
you can use security roles defined on daabase table and can check
wheather use has previlage to access to that page or module and redirect
to login page if not

--
rajagopal

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Nov 19 '05 #3

P: n/a
By roles, do you mean roles in Windows? I'm not, I'm
asking in the context of forms authentication only, where
all users are listed in the web.config file.

As long as I can just rely on the application and not
Windows or some other form of authentication, then it's
what I'm looking for.

-----Original Message-----
Hi,

If you are using roles this is really fast to do. Put this in your<system.web> section of your web.config file:
<authentication mode="Forms">
<forms loginUrl="Login.aspx"></forms>
</authentication>

<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>

Then at the top right under <configuration> put in something like below thatmatches what you want to do:

<location path="Members/Administrator">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Members/Customer">
<system.web>
<authorization>
<allow roles="Customer"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

That gives Administrators access to the www.mysite.com/members/administratorfolder and Customers access to the www.mysite.com/members/customer folder.If someone who isn't in the correct role tries to access any .aspx files inthose folders they are redirected to the login.aspx page. Good luck! Ken.
--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

"V. Jenks" <an*******@discussions.microsoft.com> wrote in messagenews:07****************************@phx.gbl...
Using forms authentication, can I control which pages
and/or directories a user would have access to or is that
only available with Windows authentication?

Thanks!

.

Nov 19 '05 #4

P: n/a
Hi,

With Forms authentication you have two database tables. All of your user
logins and all the roles each user is in. Check out this link:

http://www.devhood.com/tutorials/tut...utorial_id=433

You can also do a search on "roles-based forms authentication". Forms
authentication is actually what you use when you don't want to use Windows
authentication. The link above will give you the code and the tags I posted
earlier for your web.config file will finish up the job and you'll be all
set to go. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

"V. Jenks" <an*******@discussions.microsoft.com> wrote in message
news:13****************************@phx.gbl...
By roles, do you mean roles in Windows? I'm not, I'm
asking in the context of forms authentication only, where
all users are listed in the web.config file.

As long as I can just rely on the application and not
Windows or some other form of authentication, then it's
what I'm looking for.

-----Original Message-----
Hi,

If you are using roles this is really fast to do. Put

this in your
<system.web> section of your web.config file:
<authentication mode="Forms">
<forms loginUrl="Login.aspx"></forms>
</authentication>

<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>

Then at the top right under <configuration> put in

something like below that
matches what you want to do:

<location path="Members/Administrator">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Members/Customer">
<system.web>
<authorization>
<allow roles="Customer"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

That gives Administrators access to the

www.mysite.com/members/administrator
folder and Customers access to the

www.mysite.com/members/customer folder.
If someone who isn't in the correct role tries to access

any .aspx files in
those folders they are redirected to the login.aspx page.

Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

"V. Jenks" <an*******@discussions.microsoft.com> wrote in

message
news:07****************************@phx.gbl...
Using forms authentication, can I control which pages
and/or directories a user would have access to or is that
only available with Windows authentication?

Thanks!

.

Nov 19 '05 #5

P: n/a
Hi,

By the way, the link I posted uses only one database table. You can do it
that way too. I prefer to use two, one for my login credentials and one for
my roles where each user/role combination is given a seperate row that I can
date/time stamp and etc. Ken.

"Ken Dopierala Jr." <kd*********@wi.rr.com> wrote in message
news:u0**************@TK2MSFTNGP10.phx.gbl...
Hi,

With Forms authentication you have two database tables. All of your user
logins and all the roles each user is in. Check out this link:

http://www.devhood.com/tutorials/tut...utorial_id=433

You can also do a search on "roles-based forms authentication". Forms
authentication is actually what you use when you don't want to use Windows
authentication. The link above will give you the code and the tags I posted earlier for your web.config file will finish up the job and you'll be all
set to go. Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

"V. Jenks" <an*******@discussions.microsoft.com> wrote in message
news:13****************************@phx.gbl...
By roles, do you mean roles in Windows? I'm not, I'm
asking in the context of forms authentication only, where
all users are listed in the web.config file.

As long as I can just rely on the application and not
Windows or some other form of authentication, then it's
what I'm looking for.

-----Original Message-----
Hi,

If you are using roles this is really fast to do. Put

this in your
<system.web> section of your web.config file:
<authentication mode="Forms">
<forms loginUrl="Login.aspx"></forms>
</authentication>

<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>

Then at the top right under <configuration> put in

something like below that
matches what you want to do:

<location path="Members/Administrator">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Members/Customer">
<system.web>
<authorization>
<allow roles="Customer"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

That gives Administrators access to the

www.mysite.com/members/administrator
folder and Customers access to the

www.mysite.com/members/customer folder.
If someone who isn't in the correct role tries to access

any .aspx files in
those folders they are redirected to the login.aspx page.

Good luck! Ken.

--
Ken Dopierala Jr.
For great ASP.Net web hosting try:
http://www.webhost4life.com/default.asp?refid=Spinlight
If you sign up under me and need help, email me.

"V. Jenks" <an*******@discussions.microsoft.com> wrote in

message
news:07****************************@phx.gbl...
> Using forms authentication, can I control which pages
> and/or directories a user would have access to or is that
> only available with Windows authentication?
>
> Thanks!
.


Nov 19 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.