What's the easiest way to secure a web folder?

set the role required for the admin pages via the locations section in the
web.config

<location path="admin">
<system.web>
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
</location>

--
Misbah Arefin

"gnewsgroup" wrote:

I have a membership web application. A user is either an
administrator or a regular user (only 2 roles)

I have an admin folder in this application. I want only
administrators to be able to access that folder.

I am not using the .net member/role/profile framework. What's the
easiest way to secure that admin folder?

Thanks.

re:
!set the role required for the admin pages via the locations section in the web.config

The OP specifically stated that he is *not* using the "member/role/profile framework"

So, the easiest way to secure that admin folder is to *implement membership and roles*,
and *then* secure the folder as you describe in your answer.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"Misbah Arefin" <Mi**********@discussions.microsoft.comwrote in message
news:A9**********************************@microsof t.com...

set the role required for the admin pages via the locations section in the
web.config

<location path="admin">
<system.web>
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
</location>

--
Misbah Arefin

"gnewsgroup" wrote:

>I have a membership web application. A user is either an
administrator or a regular user (only 2 roles)

I have an admin folder in this application. I want only
administrators to be able to access that folder.

I am not using the .net member/role/profile framework. What's the
easiest way to secure that admin folder?

Thanks.

On Jan 15, 6:07 am, "Juan T. Llibre" <nomailrepl...@nowhere.com>
wrote:

re:
!set the role required for the admin pages via the locations section in the web.config

The OP specifically stated that he is *not* using the "member/role/profileframework"

So, the easiest way to secure that admin folder is to *implement membership and roles*,
and *then* secure the folder as you describe in your answer.

Juan T. Llibre, asp.net MVP
asp.net faq :http://asp.net.do/faq/
foros de asp.net, en español :http://asp.net.do/foros/

Haha, that's a good answer. I may look into it and implement a very
basic membership provider. Thx.

re:
!Haha, that's a good answer.

<chuckle>

re:
!I may look into it and implement a very basic membership provider.

That will, certainly, do it for you.

re:
!Thx.

You're quite welcome.
If you run into any problems implementing the membership provider or the roles, post again.

Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
"gnewsgroup" <gn********@gmail.comwrote in message
news:14**********************************@e23g2000 prf.googlegroups.com...
On Jan 15, 6:07 am, "Juan T. Llibre" <nomailrepl...@nowhere.com>
wrote:

re:
!set the role required for the admin pages via the locations section in the web.config

The OP specifically stated that he is *not* using the "member/role/profile framework"

So, the easiest way to secure that admin folder is to *implement membership and roles*,
and *then* secure the folder as you describe in your answer.

Juan T. Llibre, asp.net MVP
asp.net faq :http://asp.net.do/faq/
foros de asp.net, en español :http://asp.net.do/foros/

Haha, that's a good answer. I may look into it and implement a very
basic membership provider. Thx.