Rick van den Bosch - Blog

... on .NET, software architecture, software development and whatnot

Recent Posts

Tags

News

  • Live space

    Photo blog

    Follow me at twitter

    Rick van den Bosch

    LinkedIn profile

    Add to Technorati Favorites

    Disclaimer
    The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Community

Email Notifications

Blogs I read

Interesting links

Archives

Configuring an ASP.Net app for multiple login locations with forms authentication

The title isn’t descriptive enough for this post, but it will have to do. Today I was trying to get an ASP.Net application to allow me to define two different login levels. What I was trying to do was the following:

 

There’s a main ASP.Net application, which is allowed to be accessed by anyone (<allow users=”*”>).(http://www.domain.com/)

There’s a customer part where a login is required. (http://www.domain.com/customers/)

There’s a maintenance part where a different login is required. (http://www.domain.com/maintenance/)

 

Because I didn’t want to share my DAL between two applications and I wanted to keep everything within one solution (one project even) I was searching for a way to make sure only the maintenance user would be able to login to the maintenance part but both the maintenance user as well as all the customers would be able to login to the customer part. Especially for these kind of wishes, the <location> element in web.config seems to have been invented. I finally solved the case by defining my web.config as follows:

 

<configuration>

  <!--Default settings for the application (snipped some stuff here)-->

  <system.web>

    <authentication mode="Forms">

        <forms name="UniqueCookieName" loginUrl="login.aspx" />

    </authentication>

    <authorization>

      <allow users="*" />

    </authorization>

  </system.web>

 

  <!--Settings for the maintenance part-->

  <location path="maintenance"> 

    <system.web>

      <authorization>

        <allow users="maintenance_user" />

        <deny users="*" />

      </authorization>

    </system.web>

  </location>

 

  <!--Settings for the customers part-->

  <location path="customers"> 

    <system.web>

      <authorization>

        <deny users="?" />

      </authorization>

    </system.web>

  </location>

 

</configuration>

 

As you can see, I’ve configured the application so that the maintenance-user is the only user that is allowed inside the ‘maintenance’ folder. All other users are denied access. By the way, allowing the maintenance user must happen before denying all the others, or else no-one has rights there.

 

Within the customers location, anyone who logs in is allowed. So everybody who’s unknown is not allowed to do anything.

 

This was my fairly simple solution to what I thought would be something of a challenge…
Posted: Apr 29 2005, 11:14 PM by Rick van den Bosch | with 1 comment(s)
Filed under:

Comments

Farhan Naeem said:

Can u help me out i am also making a website i have to do same thing in my website in url its my messenger id can u contact me there farhanaeem@hotmail.com or through emails i will be very glad full to u

# October 17, 2007 12:04 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)