O'Reilly logo

ASP.NET 2.0 Cookbook, 2nd Edition by Geoffrey T. LeBlond, Michael A Kittel

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

9.1. Restricting Access to All Application Pages

Problem

You want to restrict access to the pages of your application to authorized users only.

Solution

Change the web.config settings of your application to specify Forms authentication, and create an .aspx login page to collect user credentials and complete the authentication check.

Modify web.config as follows:

  1. Set the mode attribute of the <authentication> element to Forms.

  2. Add a <forms> child element to the <authentication> element to specify key aspects of the Forms implementation:

    	<configuration>
    		<system.web>
    
    			…
    
    		<authentication mode="Forms">
    			<forms name=".ASPNETCookbookVBSecurity91"
    				loginUrl="Login.aspx"
    				protection="All"
    				timeout="30"
    				path="/">
    			</forms>
    		</authentication>
    		</system.web>
    	</configuration>
  3. Add <deny> and <allow> child elements to the <authorization> element to deny access to anonymous users and allow access to all who have been authenticated:

    	<configuration>
    		<system.web>
    
    			…
    
    		<authorization>
    			<deny users="?" /> <!-- Deny anonymous user -->
    			<allow users="*" /> <!-- Allow all authenticated users -->
    		</authorization>
    		</system.web>
    	</configuration>

In the .aspx file for the login page:

  1. Add a Login control.

  2. Customize the Login control as required by your application.

In the code-behind class for the login page, use the .NET language of your choice to:

  1. Use the Authenticate event handler of the Login control to verify the user credentials.

  2. If the user credentials are valid, create a Forms authentication cookie and add it to the cookie collection ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required