Class Notes (1,100,000)
CA (620,000)
UofM (6,000)
COMP (100)
Lecture

COMP 1020 Lecture Notes - Asp.Net, Common Application


Department
Computer Science
Course Code
COMP 1020
Professor
Pourang Irani

This preview shows half of the first page. to view the full 2 pages of the document.
A common application design is to place files that require authentication in a separate directory.
With
ASP.NET configuration files, this approach is easy. Just leave the default <authorization>
settings in the
normal parent directory, and add a web.config file that specifies stricter settings in the secured
directory.
This web.config simply needs to deny anonymous users (all other settings and configuration
sections
can be omitted).
<!-- This web.config file is in a subfolder. -->
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
Generally, setting file access permissions by directory is the cleanest and easiest approach.
However, you
also have the option of restricting specific files by adding <location> tags to your web.config
file.
The location tags sit outside the main <system.web> tag and are nested directly in the base
<configuration> tag, as shown here:
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="~/Login.aspx" />
</authentication>
<authorization>
<allow users="*" />
</authorization>
...
</system.web>
<location path="SecuredPage.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="AnotherSecuredPage.aspx">
<system.web>
<authorization>
<deny users="?" />
You're Reading a Preview

Unlock to view full version