Applying Forms Authentication Selectively

Home	About Us	ASP.NET Online Training	Yoga Articles	Contact Us

Online Training
ASP.NET Core
Angular
Design Patterns
Ajapa Dhyana

Online Training

ASP.NET Core

Angular

Design Patterns

Ajapa Dhyana

Categories
ASP.NET
ASP.NET MVC
ASP.NET Core
jQuery
HTML5
Web Services
Data Access
.Net Framework
Windows Forms
Book Reviews
Projects
Miscellaneous
Thoughts & Musings
Search Articles

Categories

ASP.NET

ASP.NET MVC

ASP.NET Core

jQuery

HTML5

Web Services

Data Access

.Net Framework

Windows Forms

Book Reviews

Projects

Miscellaneous

Thoughts & Musings

Search Articles

Article Updates
RSS Feed

Article Updates

RSS Feed

<%@ Page %>

Introduction

Forms authentication is common way to authenticate a user in interenet scenarios. Some times you require to selectively apply authentication. For example you may want that all the pages from Folder1 be accessible to all where as pages from Folder2 must be accessible to authenticated users. This article shows how to do that.

Create an ASP.NET application

Create an ASP.NET web application and add two folders to it - Folder1 and Folder2.
In Folder1 add a web form called publicform.aspx
In Folder2 add a web form called secureform.aspx.
In the root of the application add a web form called login.aspx

Add web.config file to the root

Next, add web.config file to the root folder with following markup:

<authentication mode="Forms">
<forms name="myform" loginUrl="login.aspx"></forms>
</authentication>
<authorization>
	<allow users="*" />
</authorization>

This is normal markup for enabling forms authentication. Note that we have set authorization section to allow all users. Since web.config settings are inherited by sub folders above settings will be applied to Folder1 and Folder2. But our aim is to protect Folder2. We can accomplish this by two ways:

Adding another web.config in Folder2
Adding location section in web.config of the root folder.

We will use second option in our example

Adding location section in web.config

Add following markup in web.config of your web application:

<configuration>
<location path="Folder2">
<system.web>
    <authorization>
        <deny users="?" />
        </authorization>
</system.web>        
</location>
...

Note that we have set the authorization section to deny ananomous users. This will force ASP.NET to display login page if somebody tries to access any page from Folder2 without authenticating.

Summary

In this article we saw how to apply forms authentication selectively to different folders of your web application. The flexible file based configuration system of ASP.NET makes it much easy for us. Using web.config location and authorization section you can easily achieve such selective security.

Bipin Joshi is a software consultant, trainer, author, yoga mentor, and spiritual guide having 24+ years of experience in software development, consulting, and training. He conducts instructor-led online training courses in ASP.NET Core, ASP.NET MVC, and Design Patterns for individuals and small groups. He is a published author and has authored or co-authored books for Apress and Wrox press. Having embraced the Yoga way of life he also teaches Ajapa Yoga to interested individuals. To know more about him click here.

Get article updates : Facebook Twitter LinkedIn

Posted On : 20 July 2002

Tags : ASP.NET Web Forms Security Configuration

Popular from this category
Passing Values between ASP.NET Web Forms
Creating DataGrid Templated Columns Dynamically - Part I
Creating Dialog Boxes using ASP.NET, JavaScript and IE
Creating DataGrid Programmatically
Quickly Adding A New Row In DataGrid
Using Radio Buttons To Select DataGrid Row
Confirming Deletes in ASP.NET DataGrid
Downloadable DataGrid samples for beginners
Creating Master-Detail Listings using ASP.NET controls
Displaying Two DataTables In One DatGrid