Authentication for root files as well as files in subfolder

Question

User1940824251 posted

Hi,

     i have users login page ,users home page and web.config file in root directory. unless the users got sign-in they should not  access home page of users. And the other thing is i have Admin folder that contains admin login page and other admin pages. Admin login page is different in design from user login page. Could anyone help me in authenticating & authorizing  admin as well as users.

Thanks

Praveen.K

Answer 1

User-693248168 posted

Create separate web.config file for each folder.

In Admin's web.config file, you need to only authenticate admin users. 

Ask us if you need code help.

Answer 2

User1940824251 posted

Create separate web.config file for each folder.

In Admin's web.config file, you need to only authenticate admin users. 

Ask us if you need code help.

Hi Lateef,

              Could you send me code for admin's web.config file and also for root web.config file.

Thanks

Praveen

Answer 3

User-29804325 posted

Hi,

You can first create two roles, Users and Admin.

In root web.config. Use:

<authorization>
      <deny users="?"/>
</authorization>

to prohibits the anonymous users.

And then in Admin folder, use sub web.config:

<system.web>
    <authorization>
      <allow roles="Admin"/>
      <deny users="*"/>
    </authorization>
  </system.web>

to allow roles of admin accessing only.

More information you can check these link:

http://www.asp.net/security/tutorials/user-based-authorization-cs

http://www.codeproject.com/KB/web-security/formsroleauth.aspx

Hope this can help you.