Forms Auth. Question

  • Thread starter Thread starter V. Jenks
  • Start date Start date
V

V. Jenks

Using forms authentication, can I control which pages
and/or directories a user would have access to or is that
only available with Windows authentication?

Thanks!
 
Hi,

If you are using roles this is really fast to do. Put this in your
<system.web> section of your web.config file:


<authentication mode="Forms">
<forms loginUrl="Login.aspx"></forms>
</authentication>

<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>

Then at the top right under <configuration> put in something like below that
matches what you want to do:

<location path="Members/Administrator">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Members/Customer">
<system.web>
<authorization>
<allow roles="Customer"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

That gives Administrators access to the www.mysite.com/members/administrator
folder and Customers access to the www.mysite.com/members/customer folder.
If someone who isn't in the correct role tries to access any .aspx files in
those folders they are redirected to the login.aspx page. Good luck! Ken.
 
you can use security roles defined on daabase table and can check
wheather use has previlage to access to that page or module and redirect
to login page if not
 
By roles, do you mean roles in Windows? I'm not, I'm
asking in the context of forms authentication only, where
all users are listed in the web.config file.

As long as I can just rely on the application and not
Windows or some other form of authentication, then it's
what I'm looking for.

-----Original Message-----
Hi,

If you are using roles this is really fast to do. Put this in your
<system.web> section of your web.config file:


<authentication mode="Forms">
<forms loginUrl="Login.aspx"></forms>
</authentication>

<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>

Then at the top right under <configuration> put in something like below that
matches what you want to do:

<location path="Members/Administrator">
<system.web>
<authorization>
<allow roles="Administrator"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Members/Customer">
<system.web>
<authorization>
<allow roles="Customer"></allow>
<deny users="*"/>
</authorization>
</system.web>
</location>

That gives Administrators access to the www.mysite.com/members/administrator
folder and Customers access to the
Click to expand...
www.mysite.com/members/customer folder.
 
Hi,

With Forms authentication you have two database tables. All of your user
logins and all the roles each user is in. Check out this link:

http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=433

You can also do a search on "roles-based forms authentication". Forms
authentication is actually what you use when you don't want to use Windows
authentication. The link above will give you the code and the tags I posted
earlier for your web.config file will finish up the job and you'll be all
set to go. Good luck! Ken.
 
Hi,

By the way, the link I posted uses only one database table. You can do it
that way too. I prefer to use two, one for my login credentials and one for
my roles where each user/role combination is given a seperate row that I can
date/time stamp and etc. Ken.
 
Back
Top