forms based authentication feasable?

M

matthias s.

Hi there,

I'm creating a web app which consists of pages, that can seen by all (even
anonymous) users. For example, we have a messageboard. The individual
threads can be read by all users, but a new thread can only be added by a
registered member. Is forms based authentication feasable here? How would I
set it up? Put all the pages implementing "restricted" functionality into a
certain directory and set this up in the web.config?

Would I have access to User.IsAuthenticated even in the root directory of
the webapp (the one, where even anonymous users have access to)? I'd need it
in order to display the members menu.

Thanks in advance!

/matthias
 
B

Brock Allen

Yes, Forms would work great for this. You would need to configure the <authorization>
in web.config to indicate which pages are not allowed to those anonymous
users. The nice thing about the web.config model is that it's declarative
and you don't need to explicitly check in code for each page, unless you
have some finer grained access check that's necessary (like hide/show sections
of a page based upon who the user is).

As far code the "restricted" code organization, a sub directory can work,
or you can put them all in one directory and use the <location> elemenet
to control settings for individual pages.
 
?

=?ISO-8859-1?Q?=22Patrik_L=F6wendahl_=5BC=23_MVP=5

What Brock suggests is the first part of a nice solution, but you should
also explore what he calls "finer grained access" or roll based security
in your application.

While Web.Config is perfect to make sure that anonymous users don't
access pages, roll based is a good complement to make communicate to the
user what he/she is allowed to do.

You could as an example hide the post or reply buttons for non
authenticated users.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

What language should I learn to create an authentication website? 2
How to bypass forms-based authentication 0
Forms Authentication 0
Forms Authentication / Role based security 1
Forms authentication and membership 0
Forms-Based Authentication for only a subset of pages 2
Forms Authentication not Redirecting 1
Problem with ASP.NET 2.0 Location override of Forms Authentication settings 1

Members online

Total: 83 (members: 1, guests: 82)
Robots: 481

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,819
Latest member
masterdaster

Latest Threads

Top