Re: Help in forms authentication

From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 11/23/05

• Next message: Wizard!: "Passing user credentials to another server...?"
• Previous message: Dominick Baier [DevelopMentor]: "Re: Help in forms authentication"
• Maybe in reply to: Dominick Baier [DevelopMentor]: "Re: Help in forms authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 23 Nov 2005 08:39:57 -0800

Hello JessyEzzy,

do something like this:

<location path="SecuredPage.aspx">
  <system.web>
    <authorization>
      <allow user="Alice" />
      <deny users="*" />
    </authorization>
  </system.web>
</location>

Alice is not included in the ACLs for the rest your app..

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> Ok, but how will I specify that the user with the specific credentials
> will only have access to one page of the web site.
> ===========================================
>
> "Dominick Baier [DevelopMentor]" wrote:
>
>> Hello JessyEzzy,
>>
>> you could use the <credential> element (a child of <forms>)
>>
>> in this element you can put usernames and passwords (you should use
>> hashed passwords)
>>
>> also look at FormsAuthentication.HashPasswordForStoringInConfigFile
>> and FormsAuthentication.Authenticate
>>
>> ---------------------------------------
>> Dominick Baier - DevelopMentor
>> http://www.leastprivilege.com
>>> I am using forms authentication against a database
>>>
>>> <authentication mode="Forms">
>>> <forms name="MyFormsAuthentication" loginUrl="login.aspx" path="/"
>>> protection="All" timeout="20" />
>>> </authentication>
>>> <authorization>
>>> <deny users="?" />
>>> </authorization>
>>> I have a requirment for a type of login where the account info, will
>>> be hard coded and don't come from the database, and that specific
>>> account will have access to only one page and won't be able to
>>> access
>>> any other page, how can I implement that?
>>> Thanks in advance.
>>>

---

• Next message: Wizard!: "Passing user credentials to another server...?"
• Previous message: Dominick Baier [DevelopMentor]: "Re: Help in forms authentication"
• Maybe in reply to: Dominick Baier [DevelopMentor]: "Re: Help in forms authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: encrypting app.config with RSA ... OK - but the app is running in the security context of the user - so everyting ... Dominick Baier - DevelopMentor ... That means I have to use the RSA provider, but by default, it still ... (microsoft.public.dotnet.security) Re: How to Change MinRequiredNonAlphanumericCharacters in AspNetSq ... Dominick Baier - DevelopMentor ... The app is being deployed to a shared server, so I cannot do anything to the machine.config. ... My users will resist using extremely strong passwords. ... (microsoft.public.dotnet.framework.aspnet.security) Re: How to Change MinRequiredNonAlphanumericCharacters in AspNetSq ... Dominick Baier - DevelopMentor ... If I modify the existing provider in my app, do the changes apply only to my app? ... (microsoft.public.dotnet.framework.aspnet.security) Re: ASP.NET 2.0 forms auth: default user ... passwords are not encrypted but hashed - you can call the CreateUser SPROC as part of your DB setup. ... Dominick Baier - DevelopMentor ... I would like to deploy a web app which uses forms authentication. ... (microsoft.public.dotnet.framework.aspnet.security) Re: Authenticating Users on an Intranet ... app... ... maybe that gives you some hints ... Dominick Baier - DevelopMentor ... (microsoft.public.dotnet.framework.aspnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2005-11