Directory based authentication

[Saravana]

You can go for form authentication or windows authentication, then use
location tag or create web.config (in that folder) to specify particular
permission for specific folder using role based authorization. For example
to set permission to particular folder using location tag,
<location path="<foldername>">
<system.web>
<autorization>
<allow users="Admin">
<deny users="*">
</autorization>
</system.web>
</location>


--
Saravana
Microsoft India Community Star,
MCAD,SE,SD,DBA.


"See Sharp" <smitha@inapp.com> wrote in message
news:#Ud$xI1TDHA.2188@TK2MSFTNGP11.phx.gbl...

> Hello all,
>
> I have a set of admin pages which are put in a subfolder called admin

inside

> my application folder.
> I want to limit access to these admin pages.
> How can I do this?
>
> In Linux, I can password protect the directory, so that whenever a page
> within the admin subfolder is accessed for the first time, an

authentication

> window pops up asking for username-password. How can I implement the same
> in IIS ?
>
> This way I can avoid having to programmatically implement login feature.
>
> Can anyone please throw light on this ?
>
> Thanks
> SeeSharp.
>
>

[Saravana]

Have set integrated authentication or basic authentication in IIS. So first
set its authentication mode in IIS,then enable impersonation in web.config.
Then try, it should work.

--
Saravana
Microsoft India Community Star,
MCAD,SE,SD,DBA.


"See Sharp" <smitha@inapp.com> wrote in message
news:e9fX152TDHA.2228@tk2msftngp13.phx.gbl...

> Thanks Saravana,
>
> But I still get problems. Its shows an access denied problem.
> I have a parent directory called app. I configured it as a virtual
> directory.
> I use the IIS configuration tool from control panel, right click app ->

all

> tasks -> permission wizard -> select new security settings -> public
> website.
> Now I can access the pages in app folder as

[url]http://localhost/app/index1.aspx[/url]

> In the web.config of the app folder I have the following data:
> ************************************************** ********
> <?xml version="1.0" encoding="utf-8" ?>
> <configuration>
> <system.web>
>
> <compilation defaultLanguage="c#" debug="true" />
> <customErrors mode="RemoteOnly" />
> <authentication mode="Windows" />
> <trace enabled="false" requestLimit="10" pageOutput="false"
> traceMode="SortByTime" localOnly="true" />
> <sessionState mode="InProc"

stateConnectionString="tcpip=127.0.0.1:42424"

> sqlConnectionString="data source=127.0.0.1;user id=sa;password="
> cookieless="false" timeout="20" />
> <globalization requestEncoding="utf-8" responseEncoding="utf-8" />
> </system.web>
> <location path="admin">
> <system.web>
> <authorization>
> <allow users="abcd" />
> <deny users="*" />
> </authorization>
> </system.web>
> </location>
> </configuration>
> ****************************
>
> I have a subfolder admin in my app folder.
> Actually I made it as another application and copied the application's
> folder as a subfolder called admin in my app folder.
> The admin folder therefore has a web.config too.
> But I deleted it so that there is no ambiguity.
> I have not made the admin subfolder as a virtual directory.
>
> Now with the above security settings, I should get the the files in the
> admin folder as [url]http://localhost/app/admin/index1.aspx[/url]
> It should ask for authentication and when I enter the username password of
> user abcd, it should let me in.
> But This does not happen.
> I get an error.
> I tried making the admin subfolder as a virtual directory.
> I even tried to retain its web.config and place this within it:
> <authorization>
> <allow users="abcd" />
> <deny users="*" />
> </authorization>
> In that case it works, but it allows all users in.
> Not abcd alone.
>
> Can you please throw light on this ?
> Thanks a lot
> SeeSharp.
>
> "Saravana" <saravank@sct.co.in> wrote in message
> news:OcoqLV1TDHA.1664@TK2MSFTNGP11.phx.gbl...

> > You can go for form authentication or windows authentication, then use
> > location tag or create web.config (in that folder) to specify

particular

> > permission for specific folder using role based authorization. For

example

> > to set permission to particular folder using location tag,
> > <location path="<foldername>">
> > <system.web>
> > <autorization>
> > <allow users="Admin">
> > <deny users="*">
> > </autorization>
> > </system.web>
> > </location>
> >
> >
> > --
> > Saravana
> > Microsoft India Community Star,
> > MCAD,SE,SD,DBA.
> >
> >
> > "See Sharp" <smitha@inapp.com> wrote in message
> > news:#Ud$xI1TDHA.2188@TK2MSFTNGP11.phx.gbl...

> > > Hello all,
> > >
> > > I have a set of admin pages which are put in a subfolder called admin

> > inside

> > > my application folder.
> > > I want to limit access to these admin pages.
> > > How can I do this?
> > >
> > > In Linux, I can password protect the directory, so that whenever a

page

> > > within the admin subfolder is accessed for the first time, an

> > authentication

> > > window pops up asking for username-password. How can I implement the

> same

> > > in IIS ?
> > >
> > > This way I can avoid having to programmatically implement login

feature.

> > >
> > > Can anyone please throw light on this ?
> > >
> > > Thanks
> > > SeeSharp.
> > >
> > >

> >
> >

>
>

[Steve C. Orr, MCSD]

Please fix the date on your computer.

[See Sharp]

Yup. I did that. I am sorry. I used the calendar to choose a relieving date
[ I am planning to resign from my job next month].
And I accidently clicked OK :">

SeeSharp

"Steve C. Orr, MCSD" <Steve@Orr.net> wrote in message
news:ugC$HmLUDHA.1740@TK2MSFTNGP12.phx.gbl...

> Please fix the date on your computer.
>
>

[Paul Hobbs]

Hi SeeSharp,

I am an application that does EXACTLY the same as you - an admin folder with
admin pages that is restricted to a select few. Have you managed to get
your application to work as you wanted? If so, I would be very interested
to know how you did it. Authentication is something I have not yet
mastered.

Cheers,

Paul Hobbs



"See Sharp" <smitha@inapp.com> wrote in message
news:#Ud$xI1TDHA.2188@TK2MSFTNGP11.phx.gbl...

> Hello all,
>
> I have a set of admin pages which are put in a subfolder called admin

inside

> my application folder.
> I want to limit access to these admin pages.
> How can I do this?
>
> In Linux, I can password protect the directory, so that whenever a page
> within the admin subfolder is accessed for the first time, an

authentication

> window pops up asking for username-password. How can I implement the same
> in IIS ?
>
> This way I can avoid having to programmatically implement login feature.
>
> Can anyone please throw light on this ?
>
> Thanks
> SeeSharp.
>
>

[See Sharp]

Hi Paul

I disabled anonymous logon to my admin directory. In the access control
list, I add each member whom I want to deny [including anonymous] and deny
all rights to them. The everyone user has all "required" permissions.

SeeSharp

"Paul Hobbs" <paul@mobius.net.au> wrote in message
news:#RHABFtUDHA.2328@TK2MSFTNGP12.phx.gbl...

> Hi SeeSharp,
>
> I am an application that does EXACTLY the same as you - an admin folder

with

> admin pages that is restricted to a select few. Have you managed to get
> your application to work as you wanted? If so, I would be very interested
> to know how you did it. Authentication is something I have not yet
> mastered.
>
> Cheers,
>
> Paul Hobbs
>
>
>
> "See Sharp" <smitha@inapp.com> wrote in message
> news:#Ud$xI1TDHA.2188@TK2MSFTNGP11.phx.gbl...

> > Hello all,
> >
> > I have a set of admin pages which are put in a subfolder called admin

> inside

> > my application folder.
> > I want to limit access to these admin pages.
> > How can I do this?
> >
> > In Linux, I can password protect the directory, so that whenever a page
> > within the admin subfolder is accessed for the first time, an

> authentication

> > window pops up asking for username-password. How can I implement the

same

> > in IIS ?
> >
> > This way I can avoid having to programmatically implement login feature.
> >
> > Can anyone please throw light on this ?
> >
> > Thanks
> > SeeSharp.
> >
> >

>
>

[Scott Scott]

AuthentiX passwords protects directories and files.

[url]http://www.flicks.com/prod.htm#authnx[/url]




*** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
Don't just participate in USENET...get rewarded for it!

[VB Programmer]

What sets the current "user"? For example how do I know if the person is
"Admin"? Where is that set?

"Saravana" <saravank@sct.co.in> wrote in message
news:OcoqLV1TDHA.1664@TK2MSFTNGP11.phx.gbl...

> You can go for form authentication or windows authentication, then use
> location tag or create web.config (in that folder) to specify particular
> permission for specific folder using role based authorization. For example
> to set permission to particular folder using location tag,
> <location path="<foldername>">
> <system.web>
> <autorization>
> <allow users="Admin">
> <deny users="*">
> </autorization>
> </system.web>
> </location>
>
>
> --
> Saravana
> Microsoft India Community Star,
> MCAD,SE,SD,DBA.
>
>
> "See Sharp" <smitha@inapp.com> wrote in message
> news:#Ud$xI1TDHA.2188@TK2MSFTNGP11.phx.gbl...

> > Hello all,
> >
> > I have a set of admin pages which are put in a subfolder called admin

> inside

> > my application folder.
> > I want to limit access to these admin pages.
> > How can I do this?
> >
> > In Linux, I can password protect the directory, so that whenever a page
> > within the admin subfolder is accessed for the first time, an

> authentication

> > window pops up asking for username-password. How can I implement the

same

> > in IIS ?
> >
> > This way I can avoid having to programmatically implement login feature.
> >
> > Can anyone please throw light on this ?
> >
> > Thanks
> > SeeSharp.
> >
> >

>
>

[John Knoop]

You assign roles to each user. This has to be done on each request. You set
Context.User to a new GenericPrincipal, and assign roles at the same time.
Then you can check using User.IsInRole.

The downside is, obviousely, that you must create a new user on each
request. A better way would be to save all this information in the Session
object. But unfortunately that data isn't accessible from within any of the
Application_Request* events in global.asax. So you basically need to include
a file for checking in every page.

/john

"VB Programmer" <growNO-SPAM@go-intech.com> wrote in message
news:uyn1$M5WDHA.2388@TK2MSFTNGP11.phx.gbl...

> What sets the current "user"? For example how do I know if the person is
> "Admin"? Where is that set?
>
> "Saravana" <saravank@sct.co.in> wrote in message
> news:OcoqLV1TDHA.1664@TK2MSFTNGP11.phx.gbl...

> > You can go for form authentication or windows authentication, then use
> > location tag or create web.config (in that folder) to specify

particular

> > permission for specific folder using role based authorization. For

example

> > to set permission to particular folder using location tag,
> > <location path="<foldername>">
> > <system.web>
> > <autorization>
> > <allow users="Admin">
> > <deny users="*">
> > </autorization>
> > </system.web>
> > </location>
> >
> >
> > --
> > Saravana
> > Microsoft India Community Star,
> > MCAD,SE,SD,DBA.
> >
> >
> > "See Sharp" <smitha@inapp.com> wrote in message
> > news:#Ud$xI1TDHA.2188@TK2MSFTNGP11.phx.gbl...

> > > Hello all,
> > >
> > > I have a set of admin pages which are put in a subfolder called admin

> > inside

> > > my application folder.
> > > I want to limit access to these admin pages.
> > > How can I do this?
> > >
> > > In Linux, I can password protect the directory, so that whenever a

page

> > > within the admin subfolder is accessed for the first time, an

> > authentication

> > > window pops up asking for username-password. How can I implement the

> same

> > > in IIS ?
> > >
> > > This way I can avoid having to programmatically implement login

feature.

> > >
> > > Can anyone please throw light on this ?
> > >
> > > Thanks
> > > SeeSharp.
> > >
> > >

> >
> >

>
>

[See Sharp]

Hello all,

I have a set of admin pages which are put in a subfolder called admin inside
my application folder.
I want to limit access to these admin pages.
How can I do this?

In Linux, I can password protect the directory, so that whenever a page
within the admin subfolder is accessed for the first time, an authentication
window pops up asking for username-password. How can I implement the same
in IIS ?

This way I can avoid having to programmatically implement login feature.

Can anyone please throw light on this ?

Thanks
SeeSharp.

[See Sharp]

Thanks Saravana,

But I still get problems. Its shows an access denied problem.
I have a parent directory called app. I configured it as a virtual
directory.
I use the IIS configuration tool from control panel, right click app -> all
tasks -> permission wizard -> select new security settings -> public
website.
Now I can access the pages in app folder as [url]http://localhost/app/index1.aspx[/url]
In the web.config of the app folder I have the following data:
************************************************** ********
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>

<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="RemoteOnly" />
<authentication mode="Windows" />
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
<location path="admin">
<system.web>
<authorization>
<allow users="abcd" />
<deny users="*" />
</authorization>
</system.web>
</location>
</configuration>
****************************

I have a subfolder admin in my app folder.
Actually I made it as another application and copied the application's
folder as a subfolder called admin in my app folder.
The admin folder therefore has a web.config too.
But I deleted it so that there is no ambiguity.
I have not made the admin subfolder as a virtual directory.

Now with the above security settings, I should get the the files in the
admin folder as [url]http://localhost/app/admin/index1.aspx[/url]
It should ask for authentication and when I enter the username password of
user abcd, it should let me in.
But This does not happen.
I get an error.
I tried making the admin subfolder as a virtual directory.
I even tried to retain its web.config and place this within it:
<authorization>
<allow users="abcd" />
<deny users="*" />
</authorization>
In that case it works, but it allows all users in.
Not abcd alone.

Can you please throw light on this ?
Thanks a lot
SeeSharp.

"Saravana" <saravank@sct.co.in> wrote in message
news:OcoqLV1TDHA.1664@TK2MSFTNGP11.phx.gbl...

> You can go for form authentication or windows authentication, then use
> location tag or create web.config (in that folder) to specify particular
> permission for specific folder using role based authorization. For example
> to set permission to particular folder using location tag,
> <location path="<foldername>">
> <system.web>
> <autorization>
> <allow users="Admin">
> <deny users="*">
> </autorization>
> </system.web>
> </location>
>
>
> --
> Saravana
> Microsoft India Community Star,
> MCAD,SE,SD,DBA.
>
>
> "See Sharp" <smitha@inapp.com> wrote in message
> news:#Ud$xI1TDHA.2188@TK2MSFTNGP11.phx.gbl...

> > Hello all,
> >
> > I have a set of admin pages which are put in a subfolder called admin

> inside

> > my application folder.
> > I want to limit access to these admin pages.
> > How can I do this?
> >
> > In Linux, I can password protect the directory, so that whenever a page
> > within the admin subfolder is accessed for the first time, an

> authentication

> > window pops up asking for username-password. How can I implement the

same

> > in IIS ?
> >
> > This way I can avoid having to programmatically implement login feature.
> >
> > Can anyone please throw light on this ?
> >
> > Thanks
> > SeeSharp.
> >
> >

>
>