web.config and authentification, authorization, location
Question
I'm looking to create a web.config file and I'm a little confused about which order do which tags go. I have 2 roles: testers and previewers.
Here's what I'm looking to do:
1) use the forms authentification tag with url "Login.aspx"
2) use the location tag to say that the directories /AppPages and /AppServices are only accessible to testers (ie. deny *, ?, previewers and allow authentificated testers only, deny everyone else)
3) use the location tag to say that the directories /Scripts and /Styles is only accessible to testers and previewers and deny everyone else
4) how do I make it so that all previewers who attempt to look into the /AppPages or /AppServices pages get rerouted to a custom page.
I have the following web.config file:
<system.web>
<connectionStrings>
...............
</connectionStrings>
<roleManager enabled="true"/>
<authentication mode="Forms">
<forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
<location path="AppPages"> //same for AppServices
<system.web>
<authorization>
<deny users="*" />
<deny users="?"/>
<allow roles="tester" />
<deny roles="previewers" />
</authorization>
</system.web
</location>
<location path="Scripts"> //same for Styles
<system.web>
<authorization>
<allow roles="previewers" />
<allow roles="tester" />
<deny users="?"/>
</authorization>
</system.web>
</location>
</system.web>
What I'm looking to do is have all users be redirected to the preview page and if the user is logged in as a tester then he'll be able to move on to the app pages while previewers will not.
Thanks for your suggestions.
1 answers
solution1
2 ACCPTED 2011-10-24 04:19:53
About different login pages... As far as I know there's not a direct simple way to do this in asp.net.. There's just a variety of paths you can take to achieve it :-) Here's a post that outlines a fairly simple solution.. http://forums.asp.net/t/1348477.aspx
as far as the authorization rules it's kind of like a switch statement with breaks.. The first rule that applies to a current users state when accessing the site is the one applied and it stops processing any more... So for example this
<deny users="*" />
<deny users="?"/>
<allow roles="tester" />
<deny roles="previewers" />
should probably go
<deny users="?"/>
<allow roles="tester" />
<deny users="*" />
otherwise that first line will just deny everyone no matter what.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.