17.6. Applying Roles and Security

The security requirements for the updated Small Business Starter Kit site allow only registered users to view the catalog pages and the staff personnel pages. Additionally, only members in the Administrators role enter the Admin folder. This section demonstrates two ways to apply security.

17.6.1. Securing the Admin folder with roles

The Web Site Administration tool provides a graphical interface for configuring permissions. Follow these steps to allow access to the Admin folder only to members with the Administrators role:

  1. Open the Web Site Administration tool (WebsiteASP.NET Configuration) and navigate to the Security tab.

  2. In the Access Rules box (lower right of the page), click Create Access Rules.

    The Add New Access Rule page appears.

  3. Using the treeview on the left, select the Admin folder, as shown in Figure 17-10.

    Figure 17-10. Allowing the Administrators role to access the Admin folder.

  4. In the Rule Applies To area, select the Role radio button and from the drop-down list, choose Administrators.

  5. In the Permission area, select the Allow radio button and then click OK.

    The view returns to the Security tab.

  6. Click Create Access Rules again and select the Admin folder.

  7. In the Rule Applies To column, select the All Users radio button.

  8. In the Permission ...

Get ASP.NET 3.5 For Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial