Hi Brian,
Regarding on your current scenario, are you using the ASP.NET's built-in
forms authentication? Or have you also adopted the ASP.NET 2.0
membership/roleManager services? If so, I think it is quite convenient to
implement the security structure you want. Here is the steps for you to
configure them:
** Normally, forms authentication by default will allow everyone access
"login.aspx", this is the login entry. Therefore, you will not need to
apply particular secure setting on it
** For other aspx pages in your application, you can simply set them to
allow only authenticated users(who has login) by the following
authorization setting:
==================
<system.web>
...........
<authorization>
<deny users="*"/>
</authorization>
..........
============
** For the Default.aspx page, if you want to make it also available to all
<configuration>
<location path="default.aspx¡±>
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
<<<<<<<<<<<<<<<<<<<<<<<<
You can also use this approach to provide customized authorization
setting(or some other setting that allow sub directory level) for a
particular page or sub directory in your ASP.NET application:
#HOW TO: Control Authorization Permissions in an ASP.NET Application
http://support.microsoft.com/kb/316871
#How To Make Application and Directory-Specific Configuration Settings in
an ASP.NET Application
http://support.microsoft.com/kb/815174
Hope this helps.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------