how can I restrict access to all files in a folder without web.config
Question
I need to restric access to my admin folder to certain people. Those with no authentication ticket should be redirectered to a "not allowed page". How do I identify all pages in my admin folder. I have so far but is it OK?
If url.Contains("/admin") Then
'If authentication ticket incorrect then
`Response.Redirect("~/notallowed_admin.aspx")`
End If
And not, I cannot use my web.config for this particular issue.
Many thanks
2 answers
solution1
1 ACCPTED 2010-06-17 14:22:06
You should put the security check to Global.asax
Also, it would be wise to replace you condition with more precise match by regexp to avoid occasional mismatches.
protected override void Application_BeginRequest(Object sender, EventArgs e) {
if (Regex.IsMatch(Request.Url.ToString(),@".*/system\.aspx/admin.*\.aspx",RegexOptions.IgnoreCase)) {
Response.Redirect("~/AdminSecurityCheck.aspx");
return;
}
.......
}
solution2
0 2010-06-14 17:44:31
If url.contains("/admin") should be sufficient in most cases. Most programmers would find it to be a bit if a KLUDGE, though.
You could also write an abstract class to inherit from the Page class which contains the code to check the authorization and then redirect. Then, you could declare the classes for all the code-behind files in the admin folder to inherit the class.
I believe that yes, what you want to do is possible, though anything you do will be a bit of a KLUDGE form a .net point of view because web.config is what MS provides to specify how to do authorization.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.