Locking down a directory

[Matt]

I'm currently using my own login/session style access restriction system for
my application. What I'd like to do is restrict access for a certain
directory to registered users only. Is there is a quick-and-easy way to
lock this directory down without having to go to each page in the directory
and put:

if session("userloggedin") <> "" then
'do something
else
response.redirect("/login.aspx")
response.end()
end if

I've looked into Forms Authentication, but I'm not sure how to mesh it with
my current access restriction system.

Thanks.

Matt

 

[John Timney \(ASP.NET MVP\)]

The location tag in web.config is normally ideal for this type of thing if
your using the right approach to authentication, for something more custom
you could easily set an authentication flag in session and create an
ihttpmodule to deny or allow access at the request level based on the value
being set or not. That would save you all the code you suggest you would be
facing.

--
Regards

John Timney
ASP.NET MVP
Microsoft Regional Director

 

[Daniel Fisher\(lennybacon\)]

Use FormsAuthentication!!! If you have something like Session("UserName")
replace that with User.Identity.Name and lock dirs using the Web.Config -
the easy way.