3

I have set up member folders in c# asp.net webforms before to only allow certain users and to redirect if the user is not authenticated. I am wondering is this possible / how would I implement the authentication based on weather a Session variable is present(filled with a value) or not authenticate if the Session is null.

I was hoping that something like this would be possible similar to how you can set permissions in we.config for entire folder.

Brian Rasmussen
  • 114,645
  • 34
  • 221
  • 317
Scott Selby
  • 9,420
  • 12
  • 57
  • 96
  • Have you considered using a custom role provider instead? http://msdn.microsoft.com/en-us/library/8fw7xh74.aspx – Adam Jul 25 '12 at 21:15
  • that's just what I thought , I really would like to find a way to verify user with session , if that is possible it would save a lot of work – Scott Selby Jul 25 '12 at 21:32
  • http://stackoverflow.com/questions/10123143/asp-net-mvc-3-dealing-with-session-variables Check this out. Its similar to what you are looking for. – cshemby Jul 25 '12 at 21:48

1 Answers1

2

It can be done with help of standart asp.net features. I will try to advice one possible solution for it. First you need to setup "web form authentication" ASP.NET Authentication, you should modify your web.config.

<system.web>
   <authentication mode="Forms">
      <forms name="Custom" loginUrl="/login.aspx" />       
   </authentication>
</system.web>

Then you need to specify members locations in the web.config also ASP.NET Authorization. 

<location path="folders/memberN">
   <system.web>
      <authorization>
         <allow roles="memberN"/>
         <deny users="*"/>
      </authorization>
   </system.web>
</location>

This will allow all users in group "memberN" to work under "folders/memberN" path.

Next we need to add membership and role providers to your web.config. Membership and role providerse configured based on sql server provider. 

<configuration>
    <connectionStrings>
        <add name="SqlServices" 
             connectionString="Data Source=MySqlServer;Integrated Security=SSPI;Initial 
             Catalog=aspnetdb;" />
    </connectionStrings>
    <system.web>
        <roleManager defaultProvider="SqlProvider" 
          enabled="true"
          cacheRolesInCookie="true"
          cookieName=".ASPROLES"
          cookieTimeout="30"
          cookiePath="/">
          <providers>
            <add
              name="SqlProvider"
              type="System.Web.Security.SqlRoleProvider"
              connectionStringName="SqlServices" 
              applicationName="SampleApplication" />
          </providers>
        </roleManager>
        <membership 
             defaultProvider="SqlProvider"
             userIsOnlineTimeWindow="20">
             <providers>
                <remove name="AspNetSqlProvider" />
                <add name="SqlProvider"
                    type="System.Web.Security.SqlMembershipProvider"
                    connectionStringName="SqlServices"
                    applicationName="/" />
            </providers>
        </membership>
    </system.web>
</configuration>

Finnaly we need to create special tabels in the database (more details).

%WINDOWS%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe -S <server> -E -d <database> -A all
user854301
  • 5,383
  • 3
  • 28
  • 37