locked
Authentication for root files as well as files in subfolder RRS feed

  • Question

  • User1940824251 posted

    Hi,

         i have users login page ,users home page and web.config file in root directory. unless the users got sign-in they should not  access home page of users. And the other thing is i have Admin folder that contains admin login page and other admin pages. Admin login page is different in design from user login page. Could anyone help me in authenticating & authorizing  admin as well as users.

    Thanks

    Praveen.K

    Wednesday, June 8, 2011 5:35 AM

Answers

  • User-693248168 posted

    Create separate web.config file for each folder.

    In Admin's web.config file, you need to only authenticate admin users. 

    Ask us if you need code help.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 8, 2011 5:42 AM
  • User-29804325 posted

    Hi,

    You can first create two roles, Users and Admin.

    In root web.config. Use:

    <authorization>
          <deny users="?"/>
    </authorization>

    to prohibits the anonymous users.

    And then in Admin folder, use sub web.config:

    <system.web>
        <authorization>
          <allow roles="Admin"/>
          <deny users="*"/>
        </authorization>
      </system.web>

    to allow roles of admin accessing only.

    More information you can check these link:

    http://www.asp.net/security/tutorials/user-based-authorization-cs

    http://www.codeproject.com/KB/web-security/formsroleauth.aspx

    Hope this can help you.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, June 12, 2011 11:00 PM

All replies

  • User-693248168 posted

    Create separate web.config file for each folder.

    In Admin's web.config file, you need to only authenticate admin users. 

    Ask us if you need code help.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, June 8, 2011 5:42 AM
  • User1940824251 posted

    Create separate web.config file for each folder.

    In Admin's web.config file, you need to only authenticate admin users. 

    Ask us if you need code help.

    Hi Lateef,

                  Could you send me code for admin's web.config file and also for root web.config file.

    Thanks

    Praveen

    Wednesday, June 8, 2011 5:53 AM
  • User-29804325 posted

    Hi,

    You can first create two roles, Users and Admin.

    In root web.config. Use:

    <authorization>
          <deny users="?"/>
    </authorization>

    to prohibits the anonymous users.

    And then in Admin folder, use sub web.config:

    <system.web>
        <authorization>
          <allow roles="Admin"/>
          <deny users="*"/>
        </authorization>
      </system.web>

    to allow roles of admin accessing only.

    More information you can check these link:

    http://www.asp.net/security/tutorials/user-based-authorization-cs

    http://www.codeproject.com/KB/web-security/formsroleauth.aspx

    Hope this can help you.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, June 12, 2011 11:00 PM