Role base Form Authentication

[Guest]

Hi,

I want to configure the web.config for the Role base Form Authentication. I
forget now but I red somewhere that I should use 3 *.config file as:

- Manager manager.config
- User user.config
- Admin admin.config

But I don't know how to set up the appsetting for specific role.

http://localhost/GC/default.aspx is the main entry point. when user clicks
the Enter button they goto http://localhost/GC/login.aspx

If the user cardinal in database is the Manager then login page redirect
them to
http://localhost/GC/manager/mmain.aspx

If the user cardinal in database is the User then login page redirect them to
http://localhost/GC/user/umain.aspx

and

If the user cardinal in database is the Admin then login page redirect them to
http://localhost/GC/manager/amain.aspx

The SQL Server only holds the user tables as well as secure AS400 Connection
string.

User name and password store in SQL Server as varbinary and I am using kind
of MD5 / 3DES algorithm. I also use the AS400 connection string in same way.

Proxy server is configure to accept the communication with only the
branches. (But I will post another question later for that.)

My problem is how to configure the web.config file(s) as well as how to
protect my files not to downloaded from user.

Does anyone have any idea for that?

Thank you for your kind understanding to helping me out.

Rgds,
GC

 

[Patrick.O.Ige]

Niyazi what do you need 3 config files for..
Try going through :-
http://www.howtodothings.com/ViewArticle.aspx?Article=31
Hope that helps
Patrick

 

[Guest]

Hi Patric,

I will try to implement the solution you provided withe this link.
I am glad you are helping me out.

Thank you.

Rgds,
GC

 

[Guest]

Hi Patric

I don't know the C Sharp, I am coding with VB.NET. When I convert to the
VB.NET
the line that has name Cache couldn't be reqognize by VB.NET.

Here is the code:
-----------------------------------------------------------------------------------------------
Protected Sub Application_AuthenticateRequest(ByVal sender As [Object],
ByVal e As EventArgs)
If Not (HttpContext.Current.User Is Nothing) Then
If ((HttpContext.Current.User.Identity.AuthenticationType <> "Forms")) Then
Throw New Exception("Only forms authentication is supported, not" +
HttpContext.Current.User.Identity.AuthenticationType) '
End If

Dim userId As System.Security.Principal.IIdentity =
HttpContext.Current.User.Identity

'Do we have some roles to retrive? If so, replace the user object
If ((Not (Application(userId.Name) Is Nothing))) Then
HttpContext.Current.User = New
System.Security.Principal.GenericPrincipal(userId, CType(Cache(userId.Name),
String())) '
End If
End If 'user != null
End Sub
-----------------------------------------------------------------------------------------------

I pasted in Global.asax page and I deleted the orginal one that used only
Sub keyword not the Protected Sub.


Here is my web.config that I place the information you provided in your
article under the <configuration>

</configuration>

<location path="Admin">
<system.web>
<authorization>
<allow roles="Admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="Member">
<system.web>
<authorization>
<allow roles="Member"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

<location path="User">
<system.web>
<authorization>
<allow roles="User"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

----------------------------------------------------------------------------------------------

And here is the authentication section

<authentication mode="Forms" />
<forms
name="MYINTRANET"
loginUrl="/Login.aspx"
protection="All"
timeout="60"
/>
</authentication>
-----------------------------------------------------------------------------------------------

Is it everything okay to me to proceed?

Please enlighten me, becuase I am very new into this.

Thank you.
Rgds,
GC