By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,760 Members | 1,630 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,760 IT Pros & Developers. It's quick & easy.

Web.Config and Authentication

P: n/a
Hello,

I am creating a web site with a Content Management System.

The web site doesn't have any restricted area.
The CMS has a login page and all pages in it need the user to be
authenticated.

I am following this tutorial in MSDN:
http://support.microsoft.com/kb/308157/EN-US/

I am having a few problems the moment I start to make changes in
<authorization> in my web config file.

Should I use 2 web.cofig files? One for the web site pages and other for
the CMS pages. Well, I don't know if this is even possible.

And how can I set that pages A and B need authentication and pages C, D
and E don't need authentication.

Can someone give me some help and guidance on this?

Thanks,
Miguel

Nov 19 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Depending on the number of non-secure pages, you have two options.

1. Create two apps, one secure and one not. You can have the secure app
inside the non-secure so they appear the same to the user. If you do not
store anything in the Session object, you can also institute single sign on
for any number of apps by using the same session cookie name and
encrypt/decrypt keys.

2. Set up exclusions for the files you wish the user to hit (with 1.1, I
believe each file has to be excluded individually, whether config or
programatic).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
"Shapper" wrote:
Hello,

I am creating a web site with a Content Management System.

The web site doesn't have any restricted area.
The CMS has a login page and all pages in it need the user to be
authenticated.

I am following this tutorial in MSDN:
http://support.microsoft.com/kb/308157/EN-US/

I am having a few problems the moment I start to make changes in
<authorization> in my web config file.

Should I use 2 web.cofig files? One for the web site pages and other for
the CMS pages. Well, I don't know if this is even possible.

And how can I set that pages A and B need authentication and pages C, D
and E don't need authentication.

Can someone give me some help and guidance on this?

Thanks,
Miguel

Nov 19 '05 #2

P: n/a
Hello,

My plan is as follows:

1. Redirect the user to login.aspx when the user visits a protected page
and it is not login yet.

2. After login 2 information need to be available:
a) User has Login
b) User Access Level

3. In each protected page I need to be able to:
a) Check if user has login
b) Check what is the user access level.

Can someone help me out with this?
I have been reading an but I got completely lost about it as it just
simulates a simple login with no access level and no public and
protected pages.

Thanks,
Miguel

"Cowboy (Gregory A. Beamer) - MVP" <No************@comcast.netNoSpamM>
wrote in message news:No************@comcast.netNoSpamM:
Depending on the number of non-secure pages, you have two options.

1. Create two apps, one secure and one not. You can have the secure app
inside the non-secure so they appear the same to the user. If you do not
store anything in the Session object, you can also institute single sign on
for any number of apps by using the same session cookie name and
encrypt/decrypt keys.

2. Set up exclusions for the files you wish the user to hit (with 1.1, I
believe each file has to be excluded individually, whether config or
programatic).

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
"Shapper" wrote:

Hello,

I am creating a web site with a Content Management System.

The web site doesn't have any restricted area.
The CMS has a login page and all pages in it need the user to be
authenticated.

I am following this tutorial in MSDN:
http://support.microsoft.com/kb/308157/EN-US/

I am having a few problems the moment I start to make changes in
<authorization> in my web config file.

Should I use 2 web.cofig files? One for the web site pages and other for
the CMS pages. Well, I don't know if this is even possible.

And how can I set that pages A and B need authentication and pages C, D
and E don't need authentication.

Can someone give me some help and guidance on this?

Thanks,
Miguel


Nov 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.