Tuesday, 22 March 2011

HOW TO: Control Authorization Permissions in an ASP.NET Application

Configure Access to a Specific File and Folder


  1. Set up forms-based authentication.For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

  2. Request any page in your application to be redirected to Logon.aspx automatically.
  3. In the Web.config file, type or paste the following code.This code grants all users access to the Default1.aspx page and the Subdir1 folder.
    <configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="login.aspx" name=".ASPNETAUTH"
protection="None" path="/" timeout="20" >
</forms>
</authentication>
<!-- This section denies access to all files in this application
 except for those that you have not explicitly specified by using
another setting. -->
<authorization>
<deny users="?" />
</authorization>
</system.web>
<!-- This section gives the unauthenticated user access to
the Default1.aspx page only. It is located in the same folder
as this configuration file. -->
<location path="default1.aspx">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
<!-- This section gives the unauthenticated user access
to all of the files that are stored in the Subdir1 folder.  -->
<location path="subdir1">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>
</configuration>

    Users can open the Default1.aspx file or any other file saved in the Subdir1 folder in your application. They will not be redirected automatically to the Logon.aspx file for authentication.
  4. Repeat Step 3 to identify any other pages or folders for which you want to permit access by unauthenticated users.
Posted by Unknown at 05:42
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)