Home About Us Yoga Contact Us
RSS Feed
RSS Feed
Search
AddThis Feed Button
Bookmark and Share


Categories
.NET Framework
ADO.NET
Architecture
ASP.NET
Book Reviews
Languages
Miscellaneous
Web Services
Windows Forms



<%@ Page %>

Applying Forms Authentication Selectively

Introduction

Forms authentication is common way to authenticate a user in interenet scenarios. Some times you require to selectively apply authentication. For example you may want that all the pages from Folder1 be accessible to all where as pages from Folder2 must be accessible to authenticated users. This article shows how to do that.

Create an ASP.NET application

  • Create an ASP.NET web application and add two folders to it - Folder1 and Folder2.
  • In Folder1 add a web form called publicform.aspx
  • In Folder2 add a web form called secureform.aspx.
  • In the root of the application add a web form called login.aspx

Add web.config file to the root

Next, add web.config file to the root folder with following markup: 
<authentication mode="Forms">
<forms name="myform" loginUrl="login.aspx"></forms>
</authentication>
<authorization>
	<allow users="*" />
</authorization>
This is normal markup for enabling forms authentication. Note that we have set authorization section to allow all users. Since web.config settings are inherited by sub folders above settings will be applied to Folder1 and Folder2. But our aim is to protect Folder2. We can accomplish this by two ways:
  • Adding another web.config in Folder2
  • Adding location section in web.config of the root folder.
We will use second option in our example

Adding location section in web.config

Add following markup in web.config of your web application: 
<configuration>
<location path="Folder2">
<system.web>
    <authorization>
        <deny users="?" />
        </authorization>
</system.web>        
</location>
...
Note that we have set the authorization section to deny ananomous users. This will force ASP.NET to display login page if somebody tries to access any page from Folder2 without authenticating.

Summary

In this article we saw how to apply forms authentication selectively to different folders of your web application. The flexible file based configuration system of ASP.NET makes it much easy for us. Using web.config location and authorization section you can easily achieve such selective security.


Posted On : 20 Jul 2002
Current Rating :
Rate This Article :

About the Author
Bipin Joshi
Bipin Joshi is a blogger and writes about Yoga, spirituality and technology. A former Software Consultant by profession he worked for many years with Microsoft technologies such as C, C++, C#, VB, ASP and ASP.NET. Bipin got selected as a Most Valuable Professional (MVP) by Microsoft for six consecutive years before he decided to take a back seat from the mainstream IT to continue his spiritual interests. More details about him can be read here.



Copyright (C) bipinjoshi.net. All rights reserved.
Contact Us
Read Terms Of Use
Hosted By DiscountASP