Correct base class for custom aspx page

Question

Hi,

I am building a WSS based application. The application has both Public (for anonymous users) as well as private content (for logged in users).
The application is developed as custom ASPX pages and ASCX templates. Instead of putting them in LAYOUTS folder, I am uploading these files into the SharePoint content database using a feature since I don’t want these pages visible to any other site.
The code-behind assembly is deployed into GAC.

Now from the following list I have to decide the base class to be used use to build the code-behind classes.

• LayoutsPageBase
• UnsecuredLayoutsPageBase
• ContentPage
• System.Web.UI.Page

Please help me to understand correct usage of these page classes.

Thank You,
-Arun

Answer 1

Hi,

I would use the System.Web.UI.Page and upload the ASPX page to a document library.  You shouldn't use the layouts page base and unsecured page base as they extend the ASPX page with functions that are typically used within the _layouts (for example: providing local web and site objects and security to check if the page should be accessed by a site administrator).

Here's some more info:

* Content Page http://msdn.microsoft.com/en-us/library/aa979501.aspx
* LayoutsPageBase http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.webcontrols.layoutspagebase.aspx typically used for standard pages within the _layouts (farm pages) which may need to be locked down by security.
* UnsecuredLayoutsPageBase http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.webcontrols.unsecuredlayoutspagebase.aspx typically used for anonymous farm pages such as login pages.

Hope this helps

Dave

---

My SharePoint Blog - http://www.davehunter.co.uk/blog

Answer 2

Hi Dave,

Thank you for your suggestions.
One thing I forgot to mention is the site I am building is for the internet with both public as well as private area. I do have a custom membership provider for authentication purpose.
What I am going to do is, I will use System.Web.UI.Page and write my own custom security check within it, for all the pages. I will be using a custom security context object initialized in my custom membership provider.

I hope this is fine and I am not breaking any rules.

-Arun

Answer 3

Hi Arun,

Do you have anonymous content and restricted content?  ie does a user need to login to view certain pages, can they also see content without logging in? 

You could use forms authentication in WSS with your custom membership provider and control the content that users can see without logging in by enabling anonymous and set the security on the sub sites instead of the pages.

---

My SharePoint Blog - http://www.davehunter.co.uk/blog

Answer 4

Hi Dave,

Yes. I have both anonymous and restricted content. Here is the requirement

There are certain pages that the user should be able to view without logging in and once logged in, he can see some more pages ie. restricted content
-Arun

Answer 5

Hi Arun,

I would organise your pages to have all the anonymous at the top level and any restricted content in sub sites.  This way you can control the secuirty at the site level.  If this isn't possible then go ahead and set the security in the ASPX pages.

---

My SharePoint Blog - http://www.davehunter.co.uk/blog

Answer 6

Hi Dave,

I think the second one is exactly what I am have to do.
Thank you for your valuable inputs.

-Arun