[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

anonymous users page access

Posted on 2009-04-30
6
Medium Priority
?
252 Views
Last Modified: 2012-05-06
Anonymous users should not have the ability to access 3 out of 10 pages in my website.  If they do happen to find the page they need to get immediately booted out to the login screen.

What do I need to do in order to protect these three page from anonymous users and boot them to the login screen if they try to access them?
0
Comment
Question by:cdemott33
  • 3
  • 3
6 Comments
 
LVL 9

Expert Comment

by:peterdungan
ID: 24271600
Put them in a different folder. In the same folder have a web.config file with the following content:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <system.web>
        <authorization>
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>
0
 
LVL 9

Expert Comment

by:peterdungan
ID: 24271616
Put the web.config in the same folder as the pages you want to restrict access to I mean (reading back over it I'm not sure if I made that clear.)
0
 

Author Comment

by:cdemott33
ID: 24272116
My concern regarding moving admin pages to a specified folder is that some FUTURE pages will be visable by both admin and general users.  These types of pages would have features shut down and or appear based on their role.  In otherwords, admins may have a particular button appear for them that that a general user will not see?  

Is there any way to do this without having to group all admin pages in a specific folder and creating separate web.config files?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 9

Expert Comment

by:peterdungan
ID: 24272436
use a loginview in the page. You can set that to display different content depending on the role etc
0
 

Author Comment

by:cdemott33
ID: 24274066
I'm fimilar with the LoginView.  That's not what I was shooting for.  I just want to prevent anonymous users from access three specific pages.  Only administrators should have access to them.

After doing some digging around google I found a solution that worked.  You just add this into your web.config file?  What do you think?  Is this a good way to do it?
    <location allowOverride="false" path="specialPageOne.aspx">
        <system.web>
            <authorization>
                <allow users ="administrators" />
                <deny users="*"/>
            </authorization>
        </system.web>
    </location>

Open in new window

0
 

Accepted Solution

by:
cdemott33 earned 0 total points
ID: 24295181
Actually in should be a "?" for the deny users rather than a "*", so the correct code is...
    <location allowOverride="false" path="specialPageOne.aspx">
        <system.web>
            <authorization>
                <allow users ="administrators" />
                <deny users="?"/>
            </authorization>
        </system.web>
    </location>

Open in new window

0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses
Course of the Month18 days, 4 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question