Securing a single aspx page

[Brian Simmons]

I'm hoping this is a really easy situation to solve. ASP.NET 2, C#

I've got these pages in a directory:
Default.aspx // I want this page to be accessible by anyone
EditGrid.aspx // I want this page to be accessible only after you've logged
in at Login.aspx
Login.aspx // This is the simple login page in order to access
EditGrid.aspx

Basically, Default.aspx is going to show a grid of data with no
editing/inserting/deleting capabilities and is viewable by anyone.
EditGrid.aspx is a page just for me (or other editors), and in order to get
to the page, you need to enter the appropriate credentials at Login.aspx.

Is there an easy way to set this up?

Thanks,
Brian

 

[John Timney \(MVP\)]

I would suggest you take a look at the login controls, specifically this
example of displaying different information to logged in and anonymous uers
via the login view control

http://msdn2.microsoft.com/en-us/library/ms178345.aspx

Regards

John Timney (MVP)
http://www.johntimney.com
http://www.johntimney.com/blog

 

[Steven Cheng[MSFT]]

Hi Brian,

Regarding on your current scenario, are you using the ASP.NET's built-in
forms authentication? Or have you also adopted the ASP.NET 2.0
membership/roleManager services? If so, I think it is quite convenient to
implement the security structure you want. Here is the steps for you to
configure them:

** Normally, forms authentication by default will allow everyone access
"login.aspx", this is the login entry. Therefore, you will not need to
apply particular secure setting on it

** For other aspx pages in your application, you can simply set them to
allow only authenticated users(who has login) by the following
authorization setting:
==================
<system.web>
...........
<authorization>
<deny users="*"/>
</authorization>
..........
============

** For the Default.aspx page, if you want to make it also available to all
<configuration>
<location path="default.aspx¡±>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
<<<<<<<<<<<<<<<<<<<<<<<<


You can also use this approach to provide customized authorization
setting(or some other setting that allow sub directory level) for a
particular page or sub directory in your ASP.NET application:

#HOW TO: Control Authorization Permissions in an ASP.NET Application
http://support.microsoft.com/kb/316871

#How To Make Application and Directory-Specific Configuration Settings in
an ASP.NET Application
http://support.microsoft.com/kb/815174

Hope this helps.


Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------

 

[Brian Simmons]

Thanks John & Steven, I've implemented a solution based on your suggestions.