O'Reilly logo

Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB by Stefan Schackow, Bilal Haidar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

7.8. Authorizing Classic ASP with ASP.NET

You have seen that forms authentication is already working with classic ASP application, in part because there is a URL authorization rule that denies access to anonymous users. In effect, you already have the basics of authorization working. The sample application, though, can be modified a bit more to include more extensive authorization rules.

For example, let's say there is an administrative folder for the ASP application that should only grant access to users that are in the "Administrators" role. You can create a URL authorization rule that protects the ASP subdirectory.

<location path="ASPAdminPages">
     <system.web>
          <authorization>
               <allow roles="Administrators"/>
               <deny users="*"/>
          </authorization>
     </system.web>
</location>

Now, whenever an attempt is made to access a classic ASP page in the ASPAdminPages subdirectory, ASP.NET's URL authorization will enforce this rule. Using the ASP.NET Configuration tool available from inside of Visual Studio, you can enable the Role Manager feature, create a new role called "Administrators" and add a user to the new role. The only change that occurs in configuration is the addition of the <roleManager /> element (by default Role Manager is not enabled, hence the need to turn it on):

<roleManager enabled="true" />

As with the Membership feature, the default Role Manager provider uses the LocalSqlServer connection string. Because this was changed earlier, Role Manager will automatically associate ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required