Ask a Question related to ASP.NET Security, Design and Development.
-
Shawn Berg #1
Controlling Page Access in .aspx page
I am building some .NET classes and pages that will be part of an existing
classic ASP app. The ASP app uses cookies to store login information for
administrators. I have one include file that checks to see if the user is a
logged in administrator, and if not, redirects to a login page. I then
include this file in all ASP pages I do not want non-administrators to be
able to access.
I want to be able to do the same type of thing with .ASPX pages. I know I
could easily do this with a base page and by setting a property
"LoginRequired" or something of the like, and then checking a cookie and
redirecting in the BasePage class, but I do not want this to be something
that is in the code-behind. I'd like to be able to set some sort of value on
the actual .ASPX page and have the BasePage class check that instead. This
way I can make changes on the fly if need be without having to recompile code.
Any ideas?
Shawn Berg Guest
-
Accessing a aspx page using HttpWebRequest from another aspx page on the same webapp
Did you have any luck on this as I have the same problem. Maybe you can help me out of you solved your problem. -
Transfer from an ASP Page to an ASPX Page
You can not use ASP session in ASP.NET and vice versa. Submit all the session values in ASP as a querystring to the ASPX page. This is the only... -
problems to access an aspx page in intranet
> people i have a litte problem with my .NET web proyect. (watch the wrapping)... -
redirecting from .aspx page to .asp page
There is no great way to share session state between ASP and ASP.NET. But that doesn't mean you don't have options. Here are some common ways:... -
how to interact client script within aspx page to other page functions, etc.? PLEASE!!!
Hi, I've spent all day trying to find some info on this...please help! I have an aspx page with an xmlDocument (not dataset/relational db) with... -
Geir Aamodt #2 Re: Controlling Page Access in .aspx page
Shawn,
not quite what you are asking about, but check out, todo, and
see the snippet below. It migth help you out.
--
Best regards,
Geir Aamodt
geir.aamodt(AT)bekk.no
--------- Snippet start---------
Partition Your Web Site
Separate the public and restricted access areas of your Web site. Place your
application's logon page and other pages and resources that should only be
accessed by authentication users in a separate folder from the public access
areas. Protect the restricted subfolders by configuring them in IIS to
require SSL access, and then use <authorization> elements to restrict access
and force a login. For example, the following Web.config configuration
allows anyone to access the current directory (this provides public access),
but prevents unauthenticated users from accessing the restricted sub folder.
Any attempt to do so forces a Forms login.
<system.web>
<!-- The virtual directory root folder contains general pages.
Unauthenticated users can view them and they do not need
to be secured with SSL. -->
<authorization>
<allow users="*" />
</authorization>
</system.web>
<!-- The restricted folder is for authenticated and SSL access only. -->
<location path="Restricted" >
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
--------- Snippet end---------
"Shawn Berg" <ShawnBerg@discussions.microsoft.com> wrote in message
news:9E9ACD0E-5C66-421A-B00A-28A622783EDA@microsoft.com...>I am building some .NET classes and pages that will be part of an existing
> classic ASP app. The ASP app uses cookies to store login information for
> administrators. I have one include file that checks to see if the user is
> a
> logged in administrator, and if not, redirects to a login page. I then
> include this file in all ASP pages I do not want non-administrators to be
> able to access.
>
> I want to be able to do the same type of thing with .ASPX pages. I know I
> could easily do this with a base page and by setting a property
> "LoginRequired" or something of the like, and then checking a cookie and
> redirecting in the BasePage class, but I do not want this to be something
> that is in the code-behind. I'd like to be able to set some sort of value
> on
> the actual .ASPX page and have the BasePage class check that instead. This
> way I can make changes on the fly if need be without having to recompile
> code.
>
> Any ideas?
Geir Aamodt Guest
-
Geir Aamodt #3 Re: Controlling Page Access in .aspx page
Looks like I forgot to replace my "todo" with the link to
the page containing the snippet.
Sorry about that, here are the link:
[url]http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh19.asp[/url]
--
Best regards,
Geir Aamodt
geir.aamodt(AT)bekk.no
"Geir Aamodt" <geir.aamodt(AT)bekk.no> wrote in message
news:OizPoIEGFHA.3472@TK2MSFTNGP09.phx.gbl...> Shawn,
>
> not quite what you are asking about, but check out, todo, and
> see the snippet below. It migth help you out.
>
> --
>
> Best regards,
> Geir Aamodt
> geir.aamodt(AT)bekk.no
>
> --------- Snippet start---------
> Partition Your Web Site
> Separate the public and restricted access areas of your Web site. Place
> your application's logon page and other pages and resources that should
> only be accessed by authentication users in a separate folder from the
> public access areas. Protect the restricted subfolders by configuring them
> in IIS to require SSL access, and then use <authorization> elements to
> restrict access and force a login. For example, the following Web.config
> configuration allows anyone to access the current directory (this provides
> public access), but prevents unauthenticated users from accessing the
> restricted sub folder. Any attempt to do so forces a Forms login.
>
> <system.web>
> <!-- The virtual directory root folder contains general pages.
> Unauthenticated users can view them and they do not need
> to be secured with SSL. -->
> <authorization>
> <allow users="*" />
> </authorization>
> </system.web>
>
> <!-- The restricted folder is for authenticated and SSL access only. -->
> <location path="Restricted" >
> <system.web>
> <authorization>
> <deny users="?" />
> </authorization>
> </system.web>
> </location>
> --------- Snippet end---------
>
> "Shawn Berg" <ShawnBerg@discussions.microsoft.com> wrote in message
> news:9E9ACD0E-5C66-421A-B00A-28A622783EDA@microsoft.com...>>>I am building some .NET classes and pages that will be part of an existing
>> classic ASP app. The ASP app uses cookies to store login information for
>> administrators. I have one include file that checks to see if the user is
>> a
>> logged in administrator, and if not, redirects to a login page. I then
>> include this file in all ASP pages I do not want non-administrators to be
>> able to access.
>>
>> I want to be able to do the same type of thing with .ASPX pages. I know I
>> could easily do this with a base page and by setting a property
>> "LoginRequired" or something of the like, and then checking a cookie and
>> redirecting in the BasePage class, but I do not want this to be something
>> that is in the code-behind. I'd like to be able to set some sort of value
>> on
>> the actual .ASPX page and have the BasePage class check that instead.
>> This
>> way I can make changes on the fly if need be without having to recompile
>> code.
>>
>> Any ideas?
>
Geir Aamodt Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
