Forms auth for directory

[Guest]

Hi guys

Ok, I have a website which has an "Artists Only" section, for which you have
to login for. This section is contained within its own directory on the
server "/aonly".

I want to make people login before they can access this directory, with a
User control on each page for logging in. I'd like to use Forms auth and sql
server (i know how to check that against the entered details).

I also want a login.aspx page so that if their session expires, it's easy to
log back in.

Question is.. how do I create the forms auth and make it protect the
"/aonly" directory, and can I make the user control authenticate the user,
and then forward to the protected directory?

HOpe that makes sense!

Cheers


Dan

 

[Brock Allen]

You should enable forms authentication in your root web.config (root of you
application, that is). For the subdirectory, you should then set the authorization
to not allow anonymous users. I presume the rest of the site is accessible
to anonymous users?

Here are the docs for configuring forms authentication:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfforms.asp

And here's how you'd set the authorization:

http://msdn.microsoft.com/library/d...html/gngrfauthorizationsection.asp?frame=true

Now since you're looking to control authorization on a subdirectory, the
authorization could go into an independant web.config in the child directory
you want to contol access to.

 

[Guest]

Thanks Brock,

That seems to have got all the security stuff setup. I'm assuming I put the
code to authenticate against SQL in a function called by the clicking of my
signup button, is that right?

In which case, when I've authenticated a user, what do I need to set in
order for Forms authentication to let them in?

Cheers


Dan

 

[k]

You want to do something like this

public void Login_Click(Object sender, EventArgs E)
{

_UserName = UserName.Value;
_Password = UserPass.Value;

if (CheckUserAndPassword (_ServerName, _DatabaseName,_UserName
,_Password))
{


System.Web.Security.FormsAuthentication.RedirectFromLoginPage(UserName.Value,false);
}
else
{
Msg.Text = "Invalid Credentials: Please try again";
}
}


which puts them back to the originally requested URL.

Kirsty

 

[Brock Allen]

That seems to have got all the security stuff setup. I'm assuming I

put the code to authenticate against SQL in a function called by the
clicking of my signup button, is that right?

Right - you'll have to write the code to do the actual authentication against
your database of usernames/passwords.

In which case, when I've authenticated a user, what do I need to set
in order for Forms authentication to let them in?

So once you know the user has provided valid credntials, you use FormsAuthentication.RedirectFromLoginPage("TheirUsername",
false) or FormsAuthentication.SetAuthCookie to tell ASP.NET that they're
logged in.