O'Reilly logo

ASP.NET Cookbook by Geoffrey T. LeBlond, Michael A Kittel

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

8.2. Restricting Access to Selected Application Pages

Problem

You want to restrict access to many, but not all, of the pages in your application (i.e., you want to make some pages accessible to the public).

Solution

Implement the solution described in Recipe 8.1 and then modify the contents of the web.config file to list the pages that allow public access and those that require authentication.

Modify web.config as follows:

  1. Change the <deny> child element of the <authorization> element to <deny users="*"/> and delete the <allow> child element to deny access to all users.

  2. Add a <location> element to the configuration level for each application page to specify whether it is available to the public or only to authenticated users.

Example 8-5 shows how we have implemented this solution with some sample web.config entries. We begin by adding settings that deny access to all users. We then add settings that allow public access to PublicPage.aspx but restrict access to Home.aspx only to authenticated users.

Discussion

The approach we advocate for this recipe is the same as for Recipe 8.1, except for certain aspects of the web.config file configuration.

The <authentication> element and its <forms> child are the same as in Recipe 8.1.

We have modified the <authorization> element that we used in Recipe 8.1 to deny access to all users. By denying authorization to all users at the application level, elements can be added to authorize access to particular pages.

Access to the individual pages in the application ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required