RE: Authentication to specific files/pages

From: David Coe, MCP (dhc0e_at_aol.com)
Date: 02/12/04 

Date: Thu, 12 Feb 2004 12:51:08 -0800

ET -

You have some very valid questions, and I will try to make sense of what you are asking.

Yes, you can use the windows domain accounts instead of a database to authenticate your users. You will need to enable IIS for Windows authentication, and then in the web.config file, use <authentication mode="Windows" /> and <authorization><allow users="*" /><!-- Allow all users --><!-- <allow users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/><deny users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
            --></authorization> ... you can either list all of the users you want to allow/deny access to, or you can list specific roles that you want to allow access to (ie, administrator).

You have a few options when it comes to configuring access for each directory. You can either put a web.config file in each directory, or in your top-level web.config file you can add a <location> element and specify the directories that you want to allow/deny access to. For instance:

<!--close the system.web element></system.web><location path="folder_or_file_name"><system.web><authorization><allow users="*" /><!-- Allow all users --><!-- <allow users="[comma separated list of users]"
                                                             roles="[comma separated list of roles]"/><deny users="[comma separated list of users]"
                                                            roles="[comma separated list of roles]"/>
                                                     --></authorization></system.web></location>

Loading