Share This!

Sunday, February 17, 2008

Permissions...

This article is about setting up private, member-only areas of your website that are either for admins or clients to access. The .net framework gives several easy ways to set this up with a minimal amount of coding.

Assuming you already have a website, and wat to add a restricted zone, do this:

First, enable permissions for your website

WebSite->ASP.NET Configuration
Browse to the security tab.

There are essentially 3 things to configure: Users, Roles, and Access. By default this data is stored in a MSSQL database in your website's folder structure.

I like to enable roles first, creating roles like client, admin, mod, or whatever. This process is easy enough. For this tutorial, create a user, and give it the admin role. Now before we can add access, we'll close the config screen and return to our project.

Create a folder



Add any html or aspx web page to the new folder. Add a link to the new page to your main website.

If you run the website now, you get free access to the new page (we haven't limited access yet).

Return to the ASP.NET Configuration and on the security tab, click Manage Access Rules.

Click on the new admin directory and then add allow permission for admin role. Then add deny permission for all.

The way this works is that this list is accessed from top to bottom, looking for a permission to apply. The first match that is found is applied. Therefore if we gave the deny - all permission first, then nobody would have any access to the folder.

The Login Page

By default, the login page is named login.aspx. This page will load any time that the client doesn't have sufficient privileges to access the page asked for. It must be in the unprotected part of your website.

So create a new page named login.aspx. Add in a login and password recovery gizmo from the login tab of the toolbox. Click on the gizmos and use the Auto Format function from the pop-out box to select the perfect style.

That's it.

Now anytime the user tries to access a page that he's not logged in for, he first gets the login screen. If he is already logged in, he gets the screen he asked for without interruption.

It's cool. I know.

No comments:

Post a Comment

Contact Us

Name

Email *

Message *