Hi Rory,
First, I'm glad that you've got custom membership provider working, great
progress :)
For the question here, let me confirm my understanding, you have multiple
pages which use membership and authentication, you're wondering how to make
some of those pages require user to logon/authenticated and some other
doesn't (allow unauthenticated/anonymous users), correct?
For Forms authentication and membershp service, they're actually two
separate things. Forms authentication starts at the begining of
ASP.NET(1.0,1.1..), while membership service start from ASP.NET 2.0.
Forms authentication is a authenticaiton schema(like windows
authenticaiton) which is used to provide security authorization (protect
pages or url resource in asp.net app). It can work without using membershp.
And for membership, it is a service which used to help easily build up a
user account system so that we can use standard API to manage user
account(such as validate a useraccount, change or update it .....). You can
also use membershp service without using Forms authentication.
Anyway, they are used together in most cases. Here are some good resource
for you to get more ideas on this.
#Explained: Forms Authentication in ASP.NET 2.0
http://msdn.microsoft.com/en-us/library/aa480476.aspx
#ASP.NET Forms Authentication - Part 1
http://www.ondotnet.com/pub/a/dotnet...rmsauthp1.html
#ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources
http://weblogs.asp.net/scottgu/archi...Membership_2C0
0_-Roles_2C00_-Forms-Authentication_2C00_-and-Security-Resources-.aspx
Now for the questions here, to make some pages require authetication while
some other not, the ASP.NET forms authentication has built-in support on
this. You can use <locationelement in web.config file to specify the
authorization setting for a particular url (such as a sub folder or a
parituclar page).
#How do I use Forms Authentication for only a portion of my site?
http://www.dnzone.com/ShowDetail.asp?NewsId=60
#location Element (ASP.NET Settings Schema)
http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx
another means is putting different pages into differnt sub directory and
you can put a web.config in sub directory to have its own <authorization>
setting.
Hope this helps.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
ms****@microsoft.com.
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Date: Wed, 16 Jul 2008 16:10:24 +0000 (UTC)
Message-ID: <3a**************************@news.microsoft.com >
From: Rory Becker <ro********@newsgroup.nospam>
Subject: Forms Authentication vs MembershipProvider
>The next stange is to move on to the creation of content which adjusts
based
>on the user.
I have several pages which require a user to be logged on and several
which
>do not. Prior to this point in time I have used 2 different master pages.
one with a control which checks a session variable to determine logged on
or not and another which does not.
Each page is pointed at the correct master page and away you go.
I have heard of forms authentication and the little I have read leads me
to believe that I could rearrange my pages in a hierarchy so that pages
requiring
>authentication were in one folder and pages not requiring authentication
were in another.
Can someone tell me...
1.what is the relationship between Forms Authentication and the Provider
model I am using?
2.Does Membership replace Authentication?
3.Does Roles replace Authorisation?
4.Can I use Authorisation with Membership?
5.Does any of what I'm saying make any sense?
Many thanks in advance.
--
Rory
>