Forms based security

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Charlie Dison - 19 Jun 2004 20:45 GMT

Hi there,
In forms based security do I have to arrange pages into subdirectories
in order to secure them? I want the public to access my home page and
public content but want to restrict other content only to those for whom
I've granted a userid. Seems like I must organize all the private content
into one or more subdirectories. My problem is that I have some content
that should be accessible to both and I hate to have to specify directory
names when redirecting. Is there something that I can place in the load
event of each page that checks to see if the user has been authenticated
(checks for the cookie that would have been created)

Reply to this Message

[MSFT] - 21 Jun 2004 04:30 GMT

Hi Charlie,

To get the form authentication cookie, you may get the cookie name from:

FormsAuthentication.FormsCookieName

However, the cookie is encrypted, and we cannot get its actual value.

Regarding the issue, since the content are accessible to both of
Authenticated user and others, you can just leave the content public. Is
this right?

If you have private and public content on a same web form, you may consider
following work around:

When perform form authentication, you can add a cookie by yourself,
indcating the user has been authenticated. And then, arrange pages based
on this cookie value.

Hope this help,

Luke
Microsoft Online Support

Signature

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Reply to this Message

Charlie Dison - 26 Jun 2004 21:54 GMT

Ok. that helps. Thanks

> Hi Charlie,
>
[quoted text clipped - 23 lines]
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)

Reply to this Message

ranganh - 21 Jun 2004 07:43 GMT

Dear Charlie,

You don't need to arrange the authenticated pages inside a folder. You can specify the pages (say if they are minimum 5 pages etc.,) using location path. in that, you can also specify to allow the users, for whom you gave an userid. the following illustration shows the same:-

<location path="ProtectedPage1.aspx">
<system.web>
<authorization>
<allow users="UserId" />
<deny users="*" />
</authorization>
</system.web>
</location>

the above, would allow users with the above userid (whatever you give) and will deny all other users (anonymous and logged in).

however, in case you want to allow users with above userid as well as their own userid (logged in), change the <deny users="?" />. this will restrict only people
who are not logged in.

To check whether the user is logged in, use

if(User.Identity.IsAuthenticated)
{

}

to get the User's Id, use

User.Identity.Name

hope it helps.

> Hi there,
> In forms based security do I have to arrange pages into subdirectories
[quoted text clipped - 6 lines]
> event of each page that checks to see if the user has been authenticated
> (checks for the cookie that would have been created)

Reply to this Message

Charlie Dison - 26 Jun 2004 21:54 GMT

Ok. that helps. Thanks

> Dear Charlie,
>
> You don't need to arrange the authenticated pages inside a folder. You can specify the pages (say if they are minimum 5 pages etc.,) using location

path. in that, you can also specify to allow the users, for whom you gave
an userid. the following illustration shows the same:-

> <location path="ProtectedPage1.aspx">
> <system.web>
[quoted text clipped - 8 lines]
>
> however, in case you want to allow users with above userid as well as their own userid (logged in), change the <deny users="?" />. this will

restrict only people

> who are not logged in.
>
[quoted text clipped - 21 lines]
> > event of each page that checks to see if the user has been authenticated
> > (checks for the cookie that would have been created)

Reply to this Message

Forms based security

Free Magazines