Professional Web Applications Themes

user access to only selected pages - ASP.NET General

Some time ago I set up an ASP application that used a login page which checked a username and password against a database to determine a users authorization to access certain pages on the site. This was done by setting a session variable within the application if the user was authorized and using code one each page for which protection was required to check for the status of the session variable. Now I am aware of the various techniques that ASP.NET provides to allow or preclude access to asp.net apps but frankly I really liked that other one because it ...

  1. #1

    Default user access to only selected pages

    Some time ago I set up an ASP application that used a login page which
    checked a username and password against a database to determine a users
    authorization to access certain pages on the site. This was done by setting
    a session variable within the application if the user was authorized and
    using code one each page for which protection was required to check for the
    status of the session variable.

    Now I am aware of the various techniques that ASP.NET provides to allow or
    preclude access to asp.net apps but frankly I really liked that other one
    because it didn't use cookies which many users are a bit afraid of.

    My problem is this....I can't remember how I set it up and I don't know
    where to look. I think I found the technique in an old ASP book (vs
    asp.net).

    Does anyone know where I can look to find this technique in the form of
    sample code or a tutorial?

    and

    Is this a viable technique to use in ASP.Net?


    Thanks in advance


    joe Guest

  2. #2

    Default Re: user access to only selected pages

    You can put each group of files into their own subfolders under your root
    web application, and then create a web.config for each subfolder with the
    appropriate settings in it.
    You could alternately do this with a single web.config file by using the
    <location> tag.
    Here's more info on that and an example:
    [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]

    --
    I hope this helps,
    Steve C. Orr, MCSD
    [url]http://Steve.Orr.net[/url]


    "joe" <contact_by_Newsgroup_only.please> wrote in message
    news:u$wvWU1QDHA.2832TK2MSFTNGP10.phx.gbl...
    > Some time ago I set up an ASP application that used a login page which
    > checked a username and password against a database to determine a users
    > authorization to access certain pages on the site. This was done by
    setting
    > a session variable within the application if the user was authorized and
    > using code one each page for which protection was required to check for
    the
    > status of the session variable.
    >
    > Now I am aware of the various techniques that ASP.NET provides to allow or
    > preclude access to asp.net apps but frankly I really liked that other one
    > because it didn't use cookies which many users are a bit afraid of.
    >
    > My problem is this....I can't remember how I set it up and I don't know
    > where to look. I think I found the technique in an old ASP book (vs
    > asp.net).
    >
    > Does anyone know where I can look to find this technique in the form of
    > sample code or a tutorial?
    >
    > and
    >
    > Is this a viable technique to use in ASP.Net?
    >
    >
    > Thanks in advance
    >
    >

    Steve C. Orr, MCSD Guest

  3. #3

    Default Re: user access to only selected pages

    Thanks Steve I've read that but call me dumb but I don't see how it works.
    Perhaps I'm missing something, I don't see the way it :

    1) determines which users to permit access to

    nor

    2) how it maintains the users status once authorized should the user request
    additional pages in the protected folder.


    Is that done in the web.config file? I don't see any instructions at that
    link on how to accomplish this whithout using cookies.






    "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    news:evYTDo1QDHA.3700tk2msftngp13.phx.gbl...
    > You can put each group of files into their own subfolders under your root
    > web application, and then create a web.config for each subfolder with the
    > appropriate settings in it.
    > You could alternately do this with a single web.config file by using the
    > <location> tag.
    > Here's more info on that and an example:
    > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD
    > [url]http://Steve.Orr.net[/url]
    >
    >
    > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > news:u$wvWU1QDHA.2832TK2MSFTNGP10.phx.gbl...
    > > Some time ago I set up an ASP application that used a login page which
    > > checked a username and password against a database to determine a users
    > > authorization to access certain pages on the site. This was done by
    > setting
    > > a session variable within the application if the user was authorized and
    > > using code one each page for which protection was required to check for
    > the
    > > status of the session variable.
    > >
    > > Now I am aware of the various techniques that ASP.NET provides to allow
    or
    > > preclude access to asp.net apps but frankly I really liked that other
    one
    > > because it didn't use cookies which many users are a bit afraid of.
    > >
    > > My problem is this....I can't remember how I set it up and I don't know
    > > where to look. I think I found the technique in an old ASP book (vs
    > > asp.net).
    > >
    > > Does anyone know where I can look to find this technique in the form of
    > > sample code or a tutorial?
    > >
    > > and
    > >
    > > Is this a viable technique to use in ASP.Net?
    > >
    > >
    > > Thanks in advance
    > >
    > >
    >
    >

    joe Guest

  4. #4

    Default Re: user access to only selected pages

    It uses forms authentication, which uses cookies.
    Here's more info on basic forms authentication:
    [url]http://www.dotnetbips.com/displayarticle.aspx?id=9[/url]

    Of course you can also set Forms Authentication to work if the user has
    cookies turned off by setting the cookieless="true" in your web.config.
    Then it will munge the session id into the URL automatically.
    You can specify which files and folders to allow to to which users in your
    web.config file.
    There is a link to sample code that you can download and play with.
    [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]

    --
    I hope this helps,
    Steve C. Orr, MCSD
    [url]http://Steve.Orr.net[/url]



    "joe" <contact_by_Newsgroup_only.please> wrote in message
    news:u4AXzv1QDHA.304tk2msftngp13.phx.gbl...
    > Thanks Steve I've read that but call me dumb but I don't see how it works.
    > Perhaps I'm missing something, I don't see the way it :
    >
    > 1) determines which users to permit access to
    >
    > nor
    >
    > 2) how it maintains the users status once authorized should the user
    request
    > additional pages in the protected folder.
    >
    >
    > Is that done in the web.config file? I don't see any instructions at that
    > link on how to accomplish this whithout using cookies.
    >
    >
    >
    >
    >
    >
    > "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    > news:evYTDo1QDHA.3700tk2msftngp13.phx.gbl...
    > > You can put each group of files into their own subfolders under your
    root
    > > web application, and then create a web.config for each subfolder with
    the
    > > appropriate settings in it.
    > > You could alternately do this with a single web.config file by using the
    > > <location> tag.
    > > Here's more info on that and an example:
    > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    > >
    > > --
    > > I hope this helps,
    > > Steve C. Orr, MCSD
    > > [url]http://Steve.Orr.net[/url]
    > >
    > >
    > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > news:u$wvWU1QDHA.2832TK2MSFTNGP10.phx.gbl...
    > > > Some time ago I set up an ASP application that used a login page which
    > > > checked a username and password against a database to determine a
    users
    > > > authorization to access certain pages on the site. This was done by
    > > setting
    > > > a session variable within the application if the user was authorized
    and
    > > > using code one each page for which protection was required to check
    for
    > > the
    > > > status of the session variable.
    > > >
    > > > Now I am aware of the various techniques that ASP.NET provides to
    allow
    > or
    > > > preclude access to asp.net apps but frankly I really liked that other
    > one
    > > > because it didn't use cookies which many users are a bit afraid of.
    > > >
    > > > My problem is this....I can't remember how I set it up and I don't
    know
    > > > where to look. I think I found the technique in an old ASP book (vs
    > > > asp.net).
    > > >
    > > > Does anyone know where I can look to find this technique in the form
    of
    > > > sample code or a tutorial?
    > > >
    > > > and
    > > >
    > > > Is this a viable technique to use in ASP.Net?
    > > >
    > > >
    > > > Thanks in advance
    > > >
    > > >
    > >
    > >
    >
    >

    Steve C. Orr, MCSD Guest

  5. #5

    Default Re: user access to only selected pages

    Thanks Steve...I'll check it out.


    "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    news:OkPIQ31QDHA.1988TK2MSFTNGP12.phx.gbl...
    > It uses forms authentication, which uses cookies.
    > Here's more info on basic forms authentication:
    > [url]http://www.dotnetbips.com/displayarticle.aspx?id=9[/url]
    >
    > Of course you can also set Forms Authentication to work if the user has
    > cookies turned off by setting the cookieless="true" in your web.config.
    > Then it will munge the session id into the URL automatically.
    > You can specify which files and folders to allow to to which users in your
    > web.config file.
    > There is a link to sample code that you can download and play with.
    > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD
    > [url]http://Steve.Orr.net[/url]
    >
    >
    >
    > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > news:u4AXzv1QDHA.304tk2msftngp13.phx.gbl...
    > > Thanks Steve I've read that but call me dumb but I don't see how it
    works.
    > > Perhaps I'm missing something, I don't see the way it :
    > >
    > > 1) determines which users to permit access to
    > >
    > > nor
    > >
    > > 2) how it maintains the users status once authorized should the user
    > request
    > > additional pages in the protected folder.
    > >
    > >
    > > Is that done in the web.config file? I don't see any instructions at
    that
    > > link on how to accomplish this whithout using cookies.
    > >
    > >
    > >
    > >
    > >
    > >
    > > "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    > > news:evYTDo1QDHA.3700tk2msftngp13.phx.gbl...
    > > > You can put each group of files into their own subfolders under your
    > root
    > > > web application, and then create a web.config for each subfolder with
    > the
    > > > appropriate settings in it.
    > > > You could alternately do this with a single web.config file by using
    the
    > > > <location> tag.
    > > > Here's more info on that and an example:
    > > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    > > >
    > > > --
    > > > I hope this helps,
    > > > Steve C. Orr, MCSD
    > > > [url]http://Steve.Orr.net[/url]
    > > >
    > > >
    > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > news:u$wvWU1QDHA.2832TK2MSFTNGP10.phx.gbl...
    > > > > Some time ago I set up an ASP application that used a login page
    which
    > > > > checked a username and password against a database to determine a
    > users
    > > > > authorization to access certain pages on the site. This was done by
    > > > setting
    > > > > a session variable within the application if the user was authorized
    > and
    > > > > using code one each page for which protection was required to check
    > for
    > > > the
    > > > > status of the session variable.
    > > > >
    > > > > Now I am aware of the various techniques that ASP.NET provides to
    > allow
    > > or
    > > > > preclude access to asp.net apps but frankly I really liked that
    other
    > > one
    > > > > because it didn't use cookies which many users are a bit afraid of.
    > > > >
    > > > > My problem is this....I can't remember how I set it up and I don't
    > know
    > > > > where to look. I think I found the technique in an old ASP book (vs
    > > > > asp.net).
    > > > >
    > > > > Does anyone know where I can look to find this technique in the form
    > of
    > > > > sample code or a tutorial?
    > > > >
    > > > > and
    > > > >
    > > > > Is this a viable technique to use in ASP.Net?
    > > > >
    > > > >
    > > > > Thanks in advance
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >

    joe Guest

  6. #6

    Default Re: user access to only selected pages

    I see they have put the user names and passwords in the login.vb file. Isn't
    this (hard coding) a potential security problem?

    I realize it is not presented in the HTML on the client and the server does
    all the work but it just makes me a bit uncomfortable.

    Or am I wrong?




    "joe" <contact_by_Newsgroup_only.please> wrote in message
    news:eFxu791QDHA.3700tk2msftngp13.phx.gbl...
    > Thanks Steve...I'll check it out.
    >
    >
    > "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    > news:OkPIQ31QDHA.1988TK2MSFTNGP12.phx.gbl...
    > > It uses forms authentication, which uses cookies.
    > > Here's more info on basic forms authentication:
    > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=9[/url]
    > >
    > > Of course you can also set Forms Authentication to work if the user has
    > > cookies turned off by setting the cookieless="true" in your web.config.
    > > Then it will munge the session id into the URL automatically.
    > > You can specify which files and folders to allow to to which users in
    your
    > > web.config file.
    > > There is a link to sample code that you can download and play with.
    > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    > >
    > > --
    > > I hope this helps,
    > > Steve C. Orr, MCSD
    > > [url]http://Steve.Orr.net[/url]
    > >
    > >
    > >
    > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > news:u4AXzv1QDHA.304tk2msftngp13.phx.gbl...
    > > > Thanks Steve I've read that but call me dumb but I don't see how it
    > works.
    > > > Perhaps I'm missing something, I don't see the way it :
    > > >
    > > > 1) determines which users to permit access to
    > > >
    > > > nor
    > > >
    > > > 2) how it maintains the users status once authorized should the user
    > > request
    > > > additional pages in the protected folder.
    > > >
    > > >
    > > > Is that done in the web.config file? I don't see any instructions at
    > that
    > > > link on how to accomplish this whithout using cookies.
    > > >
    > > >
    > > >
    > > >
    > > >
    > > >
    > > > "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    > > > news:evYTDo1QDHA.3700tk2msftngp13.phx.gbl...
    > > > > You can put each group of files into their own subfolders under your
    > > root
    > > > > web application, and then create a web.config for each subfolder
    with
    > > the
    > > > > appropriate settings in it.
    > > > > You could alternately do this with a single web.config file by using
    > the
    > > > > <location> tag.
    > > > > Here's more info on that and an example:
    > > > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    > > > >
    > > > > --
    > > > > I hope this helps,
    > > > > Steve C. Orr, MCSD
    > > > > [url]http://Steve.Orr.net[/url]
    > > > >
    > > > >
    > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > news:u$wvWU1QDHA.2832TK2MSFTNGP10.phx.gbl...
    > > > > > Some time ago I set up an ASP application that used a login page
    > which
    > > > > > checked a username and password against a database to determine a
    > > users
    > > > > > authorization to access certain pages on the site. This was done
    by
    > > > > setting
    > > > > > a session variable within the application if the user was
    authorized
    > > and
    > > > > > using code one each page for which protection was required to
    check
    > > for
    > > > > the
    > > > > > status of the session variable.
    > > > > >
    > > > > > Now I am aware of the various techniques that ASP.NET provides to
    > > allow
    > > > or
    > > > > > preclude access to asp.net apps but frankly I really liked that
    > other
    > > > one
    > > > > > because it didn't use cookies which many users are a bit afraid
    of.
    > > > > >
    > > > > > My problem is this....I can't remember how I set it up and I don't
    > > know
    > > > > > where to look. I think I found the technique in an old ASP book
    (vs
    > > > > > asp.net).
    > > > > >
    > > > > > Does anyone know where I can look to find this technique in the
    form
    > > of
    > > > > > sample code or a tutorial?
    > > > > >
    > > > > > and
    > > > > >
    > > > > > Is this a viable technique to use in ASP.Net?
    > > > > >
    > > > > >
    > > > > > Thanks in advance
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >

    joe Guest

  7. #7

    Default Re: user access to only selected pages

    you should buy a book it would save time posting


    "joe" <contact_by_Newsgroup_only.please> wrote in message
    news:#LPVhI2QDHA.1560TK2MSFTNGP12.phx.gbl...
    > I see they have put the user names and passwords in the login.vb file.
    Isn't
    > this (hard coding) a potential security problem?
    >
    > I realize it is not presented in the HTML on the client and the server
    does
    > all the work but it just makes me a bit uncomfortable.
    >
    > Or am I wrong?
    >
    >
    >
    >
    > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > news:eFxu791QDHA.3700tk2msftngp13.phx.gbl...
    > > Thanks Steve...I'll check it out.
    > >
    > >
    > > "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    > > news:OkPIQ31QDHA.1988TK2MSFTNGP12.phx.gbl...
    > > > It uses forms authentication, which uses cookies.
    > > > Here's more info on basic forms authentication:
    > > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=9[/url]
    > > >
    > > > Of course you can also set Forms Authentication to work if the user
    has
    > > > cookies turned off by setting the cookieless="true" in your
    web.config.
    > > > Then it will munge the session id into the URL automatically.
    > > > You can specify which files and folders to allow to to which users in
    > your
    > > > web.config file.
    > > > There is a link to sample code that you can download and play with.
    > > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    > > >
    > > > --
    > > > I hope this helps,
    > > > Steve C. Orr, MCSD
    > > > [url]http://Steve.Orr.net[/url]
    > > >
    > > >
    > > >
    > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > news:u4AXzv1QDHA.304tk2msftngp13.phx.gbl...
    > > > > Thanks Steve I've read that but call me dumb but I don't see how it
    > > works.
    > > > > Perhaps I'm missing something, I don't see the way it :
    > > > >
    > > > > 1) determines which users to permit access to
    > > > >
    > > > > nor
    > > > >
    > > > > 2) how it maintains the users status once authorized should the user
    > > > request
    > > > > additional pages in the protected folder.
    > > > >
    > > > >
    > > > > Is that done in the web.config file? I don't see any instructions
    at
    > > that
    > > > > link on how to accomplish this whithout using cookies.
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > >
    > > > > "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    > > > > news:evYTDo1QDHA.3700tk2msftngp13.phx.gbl...
    > > > > > You can put each group of files into their own subfolders under
    your
    > > > root
    > > > > > web application, and then create a web.config for each subfolder
    > with
    > > > the
    > > > > > appropriate settings in it.
    > > > > > You could alternately do this with a single web.config file by
    using
    > > the
    > > > > > <location> tag.
    > > > > > Here's more info on that and an example:
    > > > > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    > > > > >
    > > > > > --
    > > > > > I hope this helps,
    > > > > > Steve C. Orr, MCSD
    > > > > > [url]http://Steve.Orr.net[/url]
    > > > > >
    > > > > >
    > > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > > news:u$wvWU1QDHA.2832TK2MSFTNGP10.phx.gbl...
    > > > > > > Some time ago I set up an ASP application that used a login page
    > > which
    > > > > > > checked a username and password against a database to determine
    a
    > > > users
    > > > > > > authorization to access certain pages on the site. This was done
    > by
    > > > > > setting
    > > > > > > a session variable within the application if the user was
    > authorized
    > > > and
    > > > > > > using code one each page for which protection was required to
    > check
    > > > for
    > > > > > the
    > > > > > > status of the session variable.
    > > > > > >
    > > > > > > Now I am aware of the various techniques that ASP.NET provides
    to
    > > > allow
    > > > > or
    > > > > > > preclude access to asp.net apps but frankly I really liked that
    > > other
    > > > > one
    > > > > > > because it didn't use cookies which many users are a bit afraid
    > of.
    > > > > > >
    > > > > > > My problem is this....I can't remember how I set it up and I
    don't
    > > > know
    > > > > > > where to look. I think I found the technique in an old ASP book
    > (vs
    > > > > > > asp.net).
    > > > > > >
    > > > > > > Does anyone know where I can look to find this technique in the
    > form
    > > > of
    > > > > > > sample code or a tutorial?
    > > > > > >
    > > > > > > and
    > > > > > >
    > > > > > > Is this a viable technique to use in ASP.Net?
    > > > > > >
    > > > > > >
    > > > > > > Thanks in advance
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >

    Vincent V Guest

  8. #8

    Default Re: user access to only selected pages

    I don't mind taking the time posting but I do understand that for some
    reading is a bit more difficult than it is for others.


    "Vincent V" <vincentv-n0-5pam-optushome.com.au> wrote in message
    news:O2kefR2QDHA.3880tk2msftngp13.phx.gbl...
    > you should buy a book it would save time posting
    >
    >
    > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > news:#LPVhI2QDHA.1560TK2MSFTNGP12.phx.gbl...
    > > I see they have put the user names and passwords in the login.vb file.
    > Isn't
    > > this (hard coding) a potential security problem?
    > >
    > > I realize it is not presented in the HTML on the client and the server
    > does
    > > all the work but it just makes me a bit uncomfortable.
    > >
    > > Or am I wrong?
    > >
    > >
    > >
    > >
    > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > news:eFxu791QDHA.3700tk2msftngp13.phx.gbl...
    > > > Thanks Steve...I'll check it out.
    > > >
    > > >
    > > > "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    > > > news:OkPIQ31QDHA.1988TK2MSFTNGP12.phx.gbl...
    > > > > It uses forms authentication, which uses cookies.
    > > > > Here's more info on basic forms authentication:
    > > > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=9[/url]
    > > > >
    > > > > Of course you can also set Forms Authentication to work if the user
    > has
    > > > > cookies turned off by setting the cookieless="true" in your
    > web.config.
    > > > > Then it will munge the session id into the URL automatically.
    > > > > You can specify which files and folders to allow to to which users
    in
    > > your
    > > > > web.config file.
    > > > > There is a link to sample code that you can download and play with.
    > > > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    > > > >
    > > > > --
    > > > > I hope this helps,
    > > > > Steve C. Orr, MCSD
    > > > > [url]http://Steve.Orr.net[/url]
    > > > >
    > > > >
    > > > >
    > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > news:u4AXzv1QDHA.304tk2msftngp13.phx.gbl...
    > > > > > Thanks Steve I've read that but call me dumb but I don't see how
    it
    > > > works.
    > > > > > Perhaps I'm missing something, I don't see the way it :
    > > > > >
    > > > > > 1) determines which users to permit access to
    > > > > >
    > > > > > nor
    > > > > >
    > > > > > 2) how it maintains the users status once authorized should the
    user
    > > > > request
    > > > > > additional pages in the protected folder.
    > > > > >
    > > > > >
    > > > > > Is that done in the web.config file? I don't see any instructions
    > at
    > > > that
    > > > > > link on how to accomplish this whithout using cookies.
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > > "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    > > > > > news:evYTDo1QDHA.3700tk2msftngp13.phx.gbl...
    > > > > > > You can put each group of files into their own subfolders under
    > your
    > > > > root
    > > > > > > web application, and then create a web.config for each subfolder
    > > with
    > > > > the
    > > > > > > appropriate settings in it.
    > > > > > > You could alternately do this with a single web.config file by
    > using
    > > > the
    > > > > > > <location> tag.
    > > > > > > Here's more info on that and an example:
    > > > > > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    > > > > > >
    > > > > > > --
    > > > > > > I hope this helps,
    > > > > > > Steve C. Orr, MCSD
    > > > > > > [url]http://Steve.Orr.net[/url]
    > > > > > >
    > > > > > >
    > > > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > > > news:u$wvWU1QDHA.2832TK2MSFTNGP10.phx.gbl...
    > > > > > > > Some time ago I set up an ASP application that used a login
    page
    > > > which
    > > > > > > > checked a username and password against a database to
    determine
    > a
    > > > > users
    > > > > > > > authorization to access certain pages on the site. This was
    done
    > > by
    > > > > > > setting
    > > > > > > > a session variable within the application if the user was
    > > authorized
    > > > > and
    > > > > > > > using code one each page for which protection was required to
    > > check
    > > > > for
    > > > > > > the
    > > > > > > > status of the session variable.
    > > > > > > >
    > > > > > > > Now I am aware of the various techniques that ASP.NET provides
    > to
    > > > > allow
    > > > > > or
    > > > > > > > preclude access to asp.net apps but frankly I really liked
    that
    > > > other
    > > > > > one
    > > > > > > > because it didn't use cookies which many users are a bit
    afraid
    > > of.
    > > > > > > >
    > > > > > > > My problem is this....I can't remember how I set it up and I
    > don't
    > > > > know
    > > > > > > > where to look. I think I found the technique in an old ASP
    book
    > > (vs
    > > > > > > > asp.net).
    > > > > > > >
    > > > > > > > Does anyone know where I can look to find this technique in
    the
    > > form
    > > > > of
    > > > > > > > sample code or a tutorial?
    > > > > > > >
    > > > > > > > and
    > > > > > > >
    > > > > > > > Is this a viable technique to use in ASP.Net?
    > > > > > > >
    > > > > > > >
    > > > > > > > Thanks in advance
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >

    joe Guest

  9. #9

    Default Re: user access to only selected pages

    Thanks again Steve.


    "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    news:O$h5cU2QDHA.2636TK2MSFTNGP10.phx.gbl...
    > You can use a database for this if you prefer.
    > Here are some examples:
    >
    [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT03.asp[/url]
    > [url]http://www.4guysfromrolla.com/webtech/121901-1.shtml[/url]
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD
    > [url]http://Steve.Orr.net[/url]
    >
    >
    > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > news:%23LPVhI2QDHA.1560TK2MSFTNGP12.phx.gbl...
    > > I see they have put the user names and passwords in the login.vb file.
    > Isn't
    > > this (hard coding) a potential security problem?
    > >
    > > I realize it is not presented in the HTML on the client and the server
    > does
    > > all the work but it just makes me a bit uncomfortable.
    > >
    > > Or am I wrong?
    > >
    > >
    > >
    > >
    > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > news:eFxu791QDHA.3700tk2msftngp13.phx.gbl...
    > > > Thanks Steve...I'll check it out.
    > > >
    > > >
    > > > "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    > > > news:OkPIQ31QDHA.1988TK2MSFTNGP12.phx.gbl...
    > > > > It uses forms authentication, which uses cookies.
    > > > > Here's more info on basic forms authentication:
    > > > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=9[/url]
    > > > >
    > > > > Of course you can also set Forms Authentication to work if the user
    > has
    > > > > cookies turned off by setting the cookieless="true" in your
    > web.config.
    > > > > Then it will munge the session id into the URL automatically.
    > > > > You can specify which files and folders to allow to to which users
    in
    > > your
    > > > > web.config file.
    > > > > There is a link to sample code that you can download and play with.
    > > > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    > > > >
    > > > > --
    > > > > I hope this helps,
    > > > > Steve C. Orr, MCSD
    > > > > [url]http://Steve.Orr.net[/url]
    > > > >
    > > > >
    > > > >
    > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > news:u4AXzv1QDHA.304tk2msftngp13.phx.gbl...
    > > > > > Thanks Steve I've read that but call me dumb but I don't see how
    it
    > > > works.
    > > > > > Perhaps I'm missing something, I don't see the way it :
    > > > > >
    > > > > > 1) determines which users to permit access to
    > > > > >
    > > > > > nor
    > > > > >
    > > > > > 2) how it maintains the users status once authorized should the
    user
    > > > > request
    > > > > > additional pages in the protected folder.
    > > > > >
    > > > > >
    > > > > > Is that done in the web.config file? I don't see any instructions
    > at
    > > > that
    > > > > > link on how to accomplish this whithout using cookies.
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > >
    > > > > > "Steve C. Orr, MCSD" <SteveOrr.net> wrote in message
    > > > > > news:evYTDo1QDHA.3700tk2msftngp13.phx.gbl...
    > > > > > > You can put each group of files into their own subfolders under
    > your
    > > > > root
    > > > > > > web application, and then create a web.config for each subfolder
    > > with
    > > > > the
    > > > > > > appropriate settings in it.
    > > > > > > You could alternately do this with a single web.config file by
    > using
    > > > the
    > > > > > > <location> tag.
    > > > > > > Here's more info on that and an example:
    > > > > > > [url]http://www.dotnetbips.com/displayarticle.aspx?id=117[/url]
    > > > > > >
    > > > > > > --
    > > > > > > I hope this helps,
    > > > > > > Steve C. Orr, MCSD
    > > > > > > [url]http://Steve.Orr.net[/url]
    > > > > > >
    > > > > > >
    > > > > > > "joe" <contact_by_Newsgroup_only.please> wrote in message
    > > > > > > news:u$wvWU1QDHA.2832TK2MSFTNGP10.phx.gbl...
    > > > > > > > Some time ago I set up an ASP application that used a login
    page
    > > > which
    > > > > > > > checked a username and password against a database to
    determine
    > a
    > > > > users
    > > > > > > > authorization to access certain pages on the site. This was
    done
    > > by
    > > > > > > setting
    > > > > > > > a session variable within the application if the user was
    > > authorized
    > > > > and
    > > > > > > > using code one each page for which protection was required to
    > > check
    > > > > for
    > > > > > > the
    > > > > > > > status of the session variable.
    > > > > > > >
    > > > > > > > Now I am aware of the various techniques that ASP.NET provides
    > to
    > > > > allow
    > > > > > or
    > > > > > > > preclude access to asp.net apps but frankly I really liked
    that
    > > > other
    > > > > > one
    > > > > > > > because it didn't use cookies which many users are a bit
    afraid
    > > of.
    > > > > > > >
    > > > > > > > My problem is this....I can't remember how I set it up and I
    > don't
    > > > > know
    > > > > > > > where to look. I think I found the technique in an old ASP
    book
    > > (vs
    > > > > > > > asp.net).
    > > > > > > >
    > > > > > > > Does anyone know where I can look to find this technique in
    the
    > > form
    > > > > of
    > > > > > > > sample code or a tutorial?
    > > > > > > >
    > > > > > > > and
    > > > > > > >
    > > > > > > > Is this a viable technique to use in ASP.Net?
    > > > > > > >
    > > > > > > >
    > > > > > > > Thanks in advance
    > > > > > > >
    > > > > > > >
    > > > > > >
    > > > > > >
    > > > > >
    > > > > >
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >

    joe Guest

Similar Threads

  1. Publisher users can't access pages because "user is editing it" - but they aren't! wtf?
    By tradmusic.com in forum Macromedia Contribute Connection Administrtion
    Replies: 3
    Last Post: April 4th, 05:34 AM
  2. How to get user selected text?
    By interactiveBoy in forum Macromedia Flash Actionscript
    Replies: 3
    Last Post: March 2nd, 09:03 PM
  3. Help for new user-no pixels selected pop-up
    By maryellen in forum Adobe Photoshop Elements
    Replies: 1
    Last Post: August 26th, 08:31 PM
  4. Datagrid: get value from the row selected by user
    By Northern in forum ASP.NET General
    Replies: 1
    Last Post: July 22nd, 08:59 PM
  5. Replies: 0
    Last Post: July 6th, 12:38 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139