Re: Controlling Page Access in .aspx page

From: Geir Aamodt ("Geir)
Date: 02/23/05 

Date: Wed, 23 Feb 2005 14:56:26 +0100

Looks like I forgot to replace my "todo" with the link to
the page containing the snippet.

Sorry about that, here are the link:
http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh19.asp 

-- 
Best regards,
Geir Aamodt
geir.aamodt(AT)bekk.no
"Geir Aamodt" <geir.aamodt(AT)bekk.no> wrote in message 
news:OizPoIEGFHA.3472@TK2MSFTNGP09.phx.gbl...
> Shawn,
>
> not quite what you are asking about, but check out, todo, and
> see the snippet below. It migth help you out.
>
> -- 
>
> Best regards,
> Geir Aamodt
> geir.aamodt(AT)bekk.no
>
> --------- Snippet start--------- 
> Partition Your Web Site
> Separate the public and restricted access areas of your Web site. Place 
> your application's logon page and other pages and resources that should 
> only be accessed by authentication users in a separate folder from the 
> public access areas. Protect the restricted subfolders by configuring them 
> in IIS to require SSL access, and then use <authorization> elements to 
> restrict access and force a login. For example, the following Web.config 
> configuration allows anyone to access the current directory (this provides 
> public access), but prevents unauthenticated users from accessing the 
> restricted sub folder. Any attempt to do so forces a Forms login.
>
> <system.web>
>  <!-- The virtual directory root folder contains general pages.
>       Unauthenticated users can view them and they do not need
>       to be secured with SSL. -->
>  <authorization>
>    <allow users="*" />
>  </authorization>
> </system.web>
>
> <!-- The restricted folder is for authenticated and SSL access only. -->
> <location path="Restricted" >
>  <system.web>
>    <authorization>
>      <deny users="?" />
>    </authorization>
>  </system.web>
> </location>
> --------- Snippet end--------- 
>
> "Shawn Berg" <ShawnBerg@discussions.microsoft.com> wrote in message 
> news:9E9ACD0E-5C66-421A-B00A-28A622783EDA@microsoft.com...
>>I am building some .NET classes and pages that will be part of an existing
>> classic ASP app. The ASP app uses cookies to store login information for
>> administrators. I have one include file that checks to see if the user is 
>> a
>> logged in administrator, and if not, redirects to a login page. I then
>> include this file in all ASP pages I do not want non-administrators to be
>> able to access.
>>
>> I want to be able to do the same type of thing with .ASPX pages. I know I
>> could easily do this with a base page and by setting a property
>> "LoginRequired" or something of the like, and then checking a cookie and
>> redirecting in the BasePage class, but I do not want this to be something
>> that is in the code-behind. I'd like to be able to set some sort of value 
>> on
>> the actual .ASPX page and have the BasePage class check that instead. 
>> This
>> way I can make changes on the fly if need be without having to recompile 
>> code.
>>
>> Any ideas?
>
>