By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,679 Members | 2,469 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,679 IT Pros & Developers. It's quick & easy.

IIS 6/ASP.NET Website Forms Authentication and Access Control Question

P: n/a
A web site that will run on Windows Server 2003 and IIS 6.0 needs to provide
three levels of access, one for the public and two others for two levels of
subscribers. This is a port of a prior site that runs on an old version of
the Netscape Web server (which manages user authentication and access). The
three levels of access are currently served up by three different versions
of an ISAPI DLL, written in C++, also managed by the Netscape web server.
The DLL responds to inquiries against a SQL database and directly outputs
formatted Web pages. It is not practical to re-write the DLL.

So the challenge is to figure out how best to handle user authentication and
access control in the new environment. I have got it to the point where the
site works as it should by putting the three different versions of the DLL
(which three Netscape managed out of a directory of its own) directly into
the three main directories associated with the three different levels of
access, but with only a placeholder page for user authentication and, as
yet, no access control whatsoever. I have simple replaced the former user
login (CGI) page with links to the main pages in the directories for the two
subscriber levels.

The main question then is: How best to manage user authentication and
access?

It looks like this should be possible using ASP.NET forms authentication,
handling user authentication via a newly written logon page written in C#,
but I am having a hard time figuring out exactly how to configure the web
site to do that. I have been experimenting with the forms authentication
examples in Chapter 8 of Jeff Webb's MCAD/MCSD Self-Paced Training Kit book
"Developing Web Applications with Microsoft Visual Basic.NET and Visual
C#.NET" but have not yet been able to tweak things properly to get it
working in the new site context.

Secondary questions that have emerged in my process or trial and error
include:

How to configure NTFS file settings and IIS 6.0 directory security
settings when using ASP.NET forms authentication?
What, if any, settings are required regarding the three different
versions of the ISAPI DLL?
How, exactly to, configure the WEB.CONFIG files in the relevant
directories?

Any suggestions or pointers to good sources of information would be most
appreciated.

All the best,

will

William F. Zachmann, President
Canopus Research Inc.
http://www.canopusresearch.com

Nov 19 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.