Thursday, March 29, 2012

manually determine secure pages?

You can declare 'secured' pages in Web.Config, pages that is only accessible for privileged uses. A sample of how the code in Web.Config should be, is showed in the following code:

<location path="manage.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location
As seen in the code above, the file 'manage.aspx' is only accessible for some users. However, is it possible to determine which pages are secure, via the ASP.NET application itself? I would like to build a tool, which can also determine pages that should only be accessible for privileged users... The solution that is most likely is to edit the 'Web.Config' file via the ASP.NET application. How can I do this? If it is not possible to change this file, is there another solution to handle this problem ?

I hope someone can help. Thanks!Instead of


<deny users="?" />

You can


<allow users="Lisa,Liza,Lize" />
<deny users="*" />

This will explicitly allow Lisa, Liza and Lize to access this file. All other users will be denied access, even if they are authenticated.

If access if linked to specific User Roles, you need to consider Role Based Authentication. This is not addressed in web.config, you have to develop code to handle this. There is heaps of info on Google and MSDN about this.

Posted by femalewers at 5:24 AM
Labels: , , , , , , , , , , , , ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)