Secure folders in virtual directory

OB1Canobie
OB1Canobie used Ask the Experts™
on
I have a website built for asp.net using vb.net. I have some folders that hold sensitive data and I need to secure the information in the folder. Only those who login should even be able to read contents in the folders. I believe locking the folders down using a webconfig for each folder might do the trick. Currently, my login information is stored in a session variable as well as their role and access. Can anyone give me some guideance with an example?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
1.In the security wizard of the Web Site Administration Tool, click Next.

Step 6: Add New Access Rules displays a page where you can create rules that determine which roles (or users) can gain access to the pages in your Web site.

2.Under Select a directory for this rule, expand the root node, and then click GuestPages.

3.Under Rule applies to, select Anonymous Users.

4.Under Permission, select Deny.

The rule you are creating denies access to anonymous users — that is, users who have not logged in.

5.Click Add This Rule.

The new rule is displayed in the grid at the bottom of the page. When users request a page from the GuestPages directory, the rules are checked in order, from top to bottom, to determine whether the user is allowed access to the page. If the user is not logged in, the pages in this folder will not be displayed.

6.Under Select a directory for this rule, click MemberPages.

7.Under Rule applies to, select Role, and then in the drop-down list, click members.

8.Under Permission, select Allow.

The rule you are creating grants access permissions for the MemberPages folder to anyone in the members role.

9.Click Add This Rule.

10.Under Select a directory for this rule, click MemberPages.

11.Under Rule applies to, select All Users.

12.Under Permission, select Deny.

13.Click Add This Rule.

The second rule for the MemberPages folder makes sure that no one except users in the members role can gain access to the folder. The rules are processed in order, from top to bottom, as you see them in the grid.

The first rule (Allow) grants access to users in the role named members. The second rule (Deny) denies access to all other users. You can create as many Allow or Deny rules as you need for your application. When users request a page from the MemberPages directory, the rules are applied in order, from top to bottom, to determine whether the user is allowed access to the page.

14.Click Finish to return to the Security tab.

Full article on: http://msdn.microsoft.com/en-us/library/t32yf0a9(VS.80).aspx

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial