What's the easiest way to secure a web folder?

G

gnewsgroup

I have a membership web application. A user is either an
administrator or a regular user (only 2 roles)

I have an admin folder in this application. I want only
administrators to be able to access that folder.

I am not using the .net member/role/profile framework. What's the
easiest way to secure that admin folder?

Thanks.
 
M

Misbah Arefin

set the role required for the admin pages via the locations section in the
web.config

<location path="admin">
<system.web>
<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
 
J

Juan T. Llibre

re:
!> set the role required for the admin pages via the locations section in the web.config

The OP specifically stated that he is *not* using the "member/role/profile framework"

So, the easiest way to secure that admin folder is to *implement membership and roles*,
and *then* secure the folder as you describe in your answer.




Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
 
G

gnewsgroup

re:
!> set the role required for the admin pages via the locations section in the web.config

The OP specifically stated that he is *not* using the "member/role/profileframework"

So, the easiest way to secure that admin folder is to *implement membership and roles*,
and *then* secure the folder as you describe in your answer.

Juan T. Llibre, asp.net MVP
asp.net faq :http://asp.net.do/faq/
foros de asp.net, en español :http://asp.net.do/foros/
Click to expand...

Haha, that's a good answer. I may look into it and implement a very
basic membership provider. Thx.
 
J

Juan T. Llibre

re:
!> Haha, that's a good answer.

<chuckle>

re:
!> I may look into it and implement a very basic membership provider.

That will, certainly, do it for you.

re:
!> Thx.

You're quite welcome.
If you run into any problems implementing the membership provider or the roles, post again.



Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en español : http://asp.net.do/foros/
======================================
re:
!> set the role required for the admin pages via the locations section in the web.config

The OP specifically stated that he is *not* using the "member/role/profile framework"

So, the easiest way to secure that admin folder is to *implement membership and roles*,
and *then* secure the folder as you describe in your answer.

Juan T. Llibre, asp.net MVP
asp.net faq :http://asp.net.do/faq/
foros de asp.net, en español :http://asp.net.do/foros/
Click to expand...

Haha, that's a good answer. I may look into it and implement a very
basic membership provider. Thx.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Should I use .net's membership, role systems for authentication andauthorization? 2
Membership Provider: how to create initial user acct. after deploy 6
Passing UserGUID to the Custom Role Provider 1
What's the easiest way to secure a page? 2
Blocking Direct URL Access through web config 1
What's the best practice in adjusting web interface according tomembership? 4
Secure Folders 2
Role authorization, if denied access, how NOT to kick back to login? 7

Top