Hi there,
I'm creating a web app which consists of pages, that can seen by all (even
anonymous) users. For example, we have a messageboard. The individual
threads can be read by all users, but a new thread can only be added by a
registered member. Is forms based authentication feasable here? How would I
set it up? Put all the pages implementing "restricted" functionality into a
certain directory and set this up in the web.config?
Would I have access to User.IsAuthenticated even in the root directory of
the webapp (the one, where even anonymous users have access to)? I'd need it
in order to display the members menu.
Thanks in advance!
/matthias
4  1207 
Yes, Forms would work great for this. You would need to configure the <authorization>
in web.config to indicate which pages are not allowed to those anonymous
users. The nice thing about the web.config model is that it's declarative
and you don't need to explicitly check in code for each page, unless you
have some finer grained access check that's necessary (like hide/show sections
of a page based upon who the user is).
As far code the "restricted" code organization, a sub directory can work,
or you can put them all in one directory and use the <location> elemenet
to control settings for individual pages.
-Brock
DevelopMentor http://staff.develop.com/ballen Hi there,
I'm creating a web app which consists of pages, that can seen by all
(even anonymous) users. For example, we have a messageboard. The
individual threads can be read by all users, but a new thread can only
be added by a registered member. Is forms based authentication
feasable here? How would I set it up? Put all the pages implementing
"restricted" functionality into a certain directory and set this up in
the web.config?
Would I have access to User.IsAuthenticated even in the root directory
of the webapp (the one, where even anonymous users have access to)?
I'd need it in order to display the members menu.
Thanks in advance!
/matthias
What Brock suggests is the first part of a nice solution, but you should
also explore what he calls "finer grained access" or roll based security
in your application.
While Web.Config is perfect to make sure that anonymous users don't
access pages, roll based is a good complement to make communicate to the
user what he/she is allowed to do.
You could as an example hide the post or reply buttons for non
authenticated users.
--
Patrik Löwendahl [C# MVP] http://www.lowendahl.net/ || http://www.cshrp.net
Please reply only to the newsgroup.
Brock Allen wrote: Yes, Forms would work great for this. You would need to configure the
<authorization> in web.config to indicate which pages are not allowed to
those anonymous users. The nice thing about the web.config model is that
it's declarative and you don't need to explicitly check in code for each
page, unless you have some finer grained access check that's necessary
(like hide/show sections of a page based upon who the user is).
As far code the "restricted" code organization, a sub directory can
work, or you can put them all in one directory and use the <location>
elemenet to control settings for individual pages.
-Brock
DevelopMentor
http://staff.develop.com/ballen
Hi there,
I'm creating a web app which consists of pages, that can seen by all
(even anonymous) users. For example, we have a messageboard. The
individual threads can be read by all users, but a new thread can only
be added by a registered member. Is forms based authentication
feasable here? How would I set it up? Put all the pages implementing
"restricted" functionality into a certain directory and set this up in
the web.config?
Would I have access to User.IsAuthenticated even in the root directory
of the webapp (the one, where even anonymous users have access to)?
I'd need it in order to display the members menu.
Thanks in advance!
/matthias
Hi Brook,
thanks a heap for your help!
/matthias
"Brock Allen" <ba****@NOSPAMdevelop.com> schrieb im Newsbeitrag
news:92**********************@msnews.microsoft.com ... Yes, Forms would work great for this. You would need to configure the
<authorization> in web.config to indicate which pages are not allowed to those anonymous
users. The nice thing about the web.config model is that it's declarative
and you don't need to explicitly check in code for each page, unless you
have some finer grained access check that's necessary (like hide/show
sections of a page based upon who the user is).
As far code the "restricted" code organization, a sub directory can work,
or you can put them all in one directory and use the <location> elemenet
to control settings for individual pages.
-Brock
DevelopMentor
http://staff.develop.com/ballen
Hi there,
I'm creating a web app which consists of pages, that can seen by all
(even anonymous) users. For example, we have a messageboard. The
individual threads can be read by all users, but a new thread can only
be added by a registered member. Is forms based authentication
feasable here? How would I set it up? Put all the pages implementing
"restricted" functionality into a certain directory and set this up in
the web.config?
Would I have access to User.IsAuthenticated even in the root directory
of the webapp (the one, where even anonymous users have access to)?
I'd need it in order to display the members menu.
Thanks in advance!
/matthias
This tutorial should get you started : http://samples.gotdotnet.com/quickst...orization.aspx
Some more good links : http://www.google.com/search?hl=en&q...torial&spell=1
Let me know if you have any more questions..
Cheers,
Tom Pester Hi there,
I'm creating a web app which consists of pages, that can seen by all
(even anonymous) users. For example, we have a messageboard. The
individual threads can be read by all users, but a new thread can only
be added by a registered member. Is forms based authentication
feasable here? How would I set it up? Put all the pages implementing
"restricted" functionality into a certain directory and set this up in
the web.config?
Would I have access to User.IsAuthenticated even in the root directory
of the webapp (the one, where even anonymous users have access to)?
I'd need it in order to display the members menu.
Thanks in advance!
/matthias This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Greg Burns |
last post by:
I have built a web app that uses forms authentication. There isn't a
"remember me" feature (i.e. the authentication cookie is not permanent).
When you close the browser, and open a new one, you...
|
by: Rob |
last post by:
I have an ASP.NET application that uses forms-based
authentication. A user wishes to be able to run multiple
sessions of this application simultaneously from the
user's client machine.
The...
|
by: Anonieko Ramos |
last post by:
ASP.NET Forms Authentication Best Practices
Dr. Dobb's Journal February 2004
Protecting user information is critical
By Douglas Reilly
Douglas is the author of Designing Microsoft ASP.NET...
|
by: - Steve - |
last post by:
I have forms based authentication working, using my Active Directory for
authentication.
I have a web page that creates a user in active directory. When I was using
IIS authentication it worked...
|
by: Brian Shannon |
last post by:
I have an intranet site I created when I first began .NET and it is very
basic. Now that I have developed my skills I am looking to revamp the old
with something new. I really like the idea of...
|
by: Andrew Robinson |
last post by:
Is there any way to dynamically set the timeout while using forms based
authentication? I want to change this value depending on the type of user
that logs into my system. I understand that this...
|
by: Nalaka |
last post by:
Hi,
I have a asp.net application with forms authentication enabled.
Users create private (database driven) messages (pages; like a message
board) that is only viewed by logged in users.
Now I...
|
by: =?Utf-8?B?R3V1czEyMw==?= |
last post by:
Hi,
I created a web site on a remote server. To logon the user must enter a user
id and password. The site is uses Forms Authentication.
The web config file looks as follows:
...
|
by: Rory Becker |
last post by:
Having now created a Custom MembershipProvider that seems to work correctly
with my Logon and ChangePassword controls, I am, as they say, a happy bunny.
The next stange is to move on to the...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
