Making a site secure in ASP.NET is very easy. In the web.config file add the following section inside the <CONFIGURATION> tag.
<AUTHENTICATION mode="Forms">
<FORMS name="appNameAuth" timeout="30" protection="All" loginUrl="/admin/login.aspx" path="/admin">
<CREDENTIALS passwordFormat="Clear">
<USER name="reading" password="berkshire" />
<USER name="southampton" password="hampshire" />
<USER name="highwycombe" password="buckinghamshire" />
</CREDENTIALS>
</FORMS>
</AUTHENTICATION>
It is possible to place a web.config file in any directory of a web site. Therefore, we are able to make most of a web site public, whilst providing authentication on, say, one directory.
As an alternative to creating a web.config file in each directory it is possible to assign the properties for either directories or individual files in the 'master' web.config file at the root directory using the <LOCATION> tag.
<LOCATION path="EventCalendar.htm">
<SYSTEM.WEB>
<AUTHORIZATION>
<DENY users="?" />
</AUTHORIZATION>
</SYSTEM.WEB>
</LOCATION>
NAT July 2005 (Revised)
| This article viewed: 1088 times | Back |
Copyright © 2004-2007 Janet Systems Ltd.