RE: Forms based security

From: ranganh (
Date: 06/21/04

  • Next message: Plamen Doykov: "Sessions expire too soon"
    Date: Sun, 20 Jun 2004 23:43:01 -0700

    Dear Charlie,

    You don't need to arrange the authenticated pages inside a folder. You can specify the pages (say if they are minimum 5 pages etc.,) using location path. in that, you can also specify to allow the users, for whom you gave an userid. the following illustration shows the same:-

    <location path="ProtectedPage1.aspx">
                    <allow users="UserId" />
            <deny users="*" />

    the above, would allow users with the above userid (whatever you give) and will deny all other users (anonymous and logged in).

    however, in case you want to allow users with above userid as well as their own userid (logged in), change the <deny users="?" />. this will restrict only people
    who are not logged in.

    To check whether the user is logged in, use



    to get the User's Id, use


    hope it helps.

    "Charlie Dison" wrote:

    > Hi there,
    > In forms based security do I have to arrange pages into subdirectories
    > in order to secure them? I want the public to access my home page and
    > public content but want to restrict other content only to those for whom
    > I've granted a userid. Seems like I must organize all the private content
    > into one or more subdirectories. My problem is that I have some content
    > that should be accessible to both and I hate to have to specify directory
    > names when redirecting. Is there something that I can place in the load
    > event of each page that checks to see if the user has been authenticated
    > (checks for the cookie that would have been created)

  • Next message: Plamen Doykov: "Sessions expire too soon"