Forms Authentication Question

[Samuel Shulman]

Using FormsAuthentication I would like to protect to folders 1 for admin and
one for the clients, obviously clients who are authenticated can't have
access to the admin folder

Can anyone tell me what is the general approach to achieve that?

Thank you,
Samuel

 

[PeterKellner]

Using FormsAuthentication I would like to protect to folders 1 for admin and
one for the clients, obviously clients who are authenticated can't have
access to the admin folder

Can anyone tell me what is the general approach to achieve that?

Thank you,
Samuel

you can allow access to directories by roles in the system.web section
of your web.config

The below would allow just the role "admin" into the directory
admindir/files.

<location path="admindir/files" >
<system.web>
<authorization >
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

Good Luck
Peter Kellner
http://peterkellner.net

 

[Samuel Shulman]

And how do I set the role of the user?

Thanks,
Samuel

 

[Brock Allen]

And how do I set the role of the user?

Are you using ASP.NET 1.1 or 2.0?

 

[Samuel Shulman]

1.1

Thank you,
Samuel

Are you using ASP.NET 1.1 or 2.0?

 

[Brock Allen]

Ok, since you're using 1.1 you should handle the HttpApplication.AuthenticateRequest
event (in global.asax will work) and in there determine the roles for your
user and then assign a GenericPrincipal to HttpContext.Current.User that
is initialized with your roles.

This link goes into a lot more detail, including caching roles in the forms
authr cookie:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT04.asp