aspnet Framework 1.1 Multiple Authentication?

I have a web site with forms authentication and a single logon page. I have 4 subdirectories, each that should be protected by a different username/password combination. For testing purposes, the username/password are hardcoded into the code-behind C# code. How can I write my web.config to make this happen? Thanks.

Xenophon try looking through this article at:- http://aspalliance.com/articleViewer.aspx?aId=501&pId=1 It should guide you. Patrick "xenophon" <xenophon@online.nospam> wrote in message news:4p68m1pt3quak4sku7uaci988r9hif6qss@4ax.com...

Thanks for Gaurav and Patrick's informative inputs. Hi xenophon, For providing separate authorization schema for mutiple sub dirs in asp.net web application, generally we have the following two options: 1. Put a separate web.config in each sub dir which need formsauthentication protection. And override the <authorization> section in that web.config. Thus, all the pages in that sub dir is protected to that <authorization > setting. 2. Use the <location> element as Gaurav has mentioned, this can help us put the configuration for sub dir in the main web.config so as to avoid put multiple sub web.config in each sub dir. http://msdn.microsoft.com/library/en-us/cpguide/html/cpconconfigurationlocat ionsettings.asp?frame=true Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- microsoft.public.dotnet.framework.aspnet:134781

Thanks to you and Gustav and Patrick. I am using cookieless sessions and cannot use cookies at all for my clients. How will Forms auth work in that case? n Mon, 31 Oct 2005 04:15:24 GMT, stcheng@online.microsoft.com (Steven Cheng[MSFT]) wrote:

Thanks for your response Xenophon, Unfortunately to hear that you're using cookieless session state which means using cookie is not possible in your web application. Because the ASP.NET webapplicaiton's forms authentication support only cookie based authenticate ticket, if our web application does not use cookie, I'm afraid we have to build our own form based autentication module which will store and retrieve authenticate ticket from session state( this is what we used to do in some classic ASP app...), we store a identify in session state after user login and then check that variable in each page's request to validate user..... Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- <OG8xkEP3FHA.1476@TK2MSFTNGP10.phx.gbl> <DRgWDHd3FHA.1144@TK2MSFTNGXA01.phx.gbl> sv3-bew6JhvVx9oLcRhELIGxliI1rf7309fefGlkpCqU8WZfMYNi5BiJcihbRIcASjA9j6mDUzTi x0i5nwl!Puz0JJTJHTGqofprR1TopTbQjY+PIurZ+0secGlEzsfUJvilAg/AurXLOOBGBArZbNfg 2g== complaint properly TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan ews.com!local01.nntp.dca.giganews.com!news.giganews.com.POSTED!not-for-mail microsoft.public.dotnet.framework.aspnet:135314 asp.net formsauthentication put t I

Hi xenophon, How are you doing on this issue, have you got any further ideas? If there're anything else we can help, please feel free to post here. Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- <OG8xkEP3FHA.1476@TK2MSFTNGP10.phx.gbl> <DRgWDHd3FHA.1144@TK2MSFTNGXA01.phx.gbl> <8pdfm1liof2btkarricbogsdj0jm5drag4@4ax.com> microsoft.public.dotnet.framework.aspnet:135429 afraid sv3-bew6JhvVx9oLcRhELIGxliI1rf7309fefGlkpCqU8WZfMYNi5BiJcihbRIcASjA9j6mDUzTi x0i5nwl!Puz0JJTJHTGqofprR1TopTbQjY+PIurZ+0secGlEzsfUJvilAg/AurXLOOBGBArZbNfg TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan ews.com!local01.nntp.dca.giganews.com!news.giganews.com.POSTED!not-for-mail web.config. <authorization us put 58.105.58.245 page.

Could you show a sample of "our own form based authentication module"? I think that is what I really need to do. I must rely on cookieless sessions. Thanks. On Wed, 02 Nov 2005 06:42:14 GMT, stcheng@online.microsoft.com (Steven Cheng[MSFT]) wrote:

Hi Xenophon, So for your scenario, a quick idea come to my mind is building a custom HttpModule to handle such authentication task. Assume that we manually do the Forms Authenticaiton and after user login, we store the encrypted authentication ticket in the URL(since the clients are cookieless....). And in our custom HttpModule, we intercept the "AuthenticateRequest" event where we parse the URL string and validating the encrypted ticket in the url's querystring.... If invalid, end this request or redirect to a login page.... In fact, the buildin ASP.NET FormsAuthentiation and Session State just use a HttpModule to do the work for each comming asp.net request... Here are some reference on creating custom HttpModule: http://support.microsoft.com/default.aspx?scid=kb;en-us;307985 http://msdn.microsoft.com/library/en-us/cpguide/html/cpconcustomhttpmodules. asp?frame=true Hope helps. Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- <OG8xkEP3FHA.1476@TK2MSFTNGP10.phx.gbl> <DRgWDHd3FHA.1144@TK2MSFTNGXA01.phx.gbl> <8pdfm1liof2btkarricbogsdj0jm5drag4@4ax.com> <Q#KGdi33FHA.3220@TK2MSFTNGXA01.phx.gbl> sv3-abxqkl0KV3/vSuR2YN6CNZj1xPMByI27kIYQQqrnXqYXKD50VuYWq/QmArYhf2RwKhX7pEn0 QPmeID6!Y2HkzHZz7i6EerZ+HMBwwxHaje4i6s/4KgD4MAIYCnDDHcP2Gi7P0cw6Crtrtdvojb2d //k= complaint properly TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli ne.de!border2.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.gigan ews.com!local01.nntp.dca.giganews.com!news.giganews.com.POSTED!not-for-mail microsoft.public.dotnet.framework.aspnet:356646 afraid store used

Thanks for the help. I have writen HttpModules before, but not as you say. Could you show the "skeleton code" with events and methods to use/override for the module? Thanks. On Thu, 10 Nov 2005 09:43:59 GMT, stcheng@online.microsoft.com (Steven Cheng[MSFT]) wrote:

Hi Xenophon, Genearlly, we just need to register the event handler for whatever events we want to intercept in our custom HttpModule, e.g: ========================= public class CustomAuthModule : IHttpModule { public CustomAuthModule() {} public void Dispose() { } public void Init(HttpApplication context) { context.AuthenticateRequest += new EventHandler(Auth_Request); } protected void Auth_Request(object sender, EventArgs e) { HttpApplication app = sender as HttpApplication; HttpContext context = app.Context; HttpRequest req = context.Request; HttpResponse rep = context.Response; string url = req.RawUrl; //do string parsing to retrieve the //authentication ticket from the url string } } =========================== We can retreive the request' URL string and parse the authentication ticket in the url string. Also, this is based on that each request after the client user login through the login page should contains the authentication ticket in URL string (just like cookieless session....). This is also a problem since we need to adjust each linked page's url (of the same application...) which should be protected by our custom authentication... Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- <OG8xkEP3FHA.1476@TK2MSFTNGP10.phx.gbl> <DRgWDHd3FHA.1144@TK2MSFTNGXA01.phx.gbl> <8pdfm1liof2btkarricbogsdj0jm5drag4@4ax.com> <Q#KGdi33FHA.3220@TK2MSFTNGXA01.phx.gbl> <vdv3n15v6l5ndgnqg7f6tpjrbmuga212it@4ax.com> <GZ4VQtd5FHA.1120@TK2MSFTNGXA02.phx.gbl> sv3-K5GqfXvTKiZclM3pezkCfGerkK4GFXSoTiHsjfbPQC5jJpBDsN1Srg7MgUr5WKIqzEJg95gh R9HfVSE!AN4Y6xQrW/MlIyDOfdgHyoxl79BAkoOC7dVckUwOU/zTbUk3NJZWCGmTQiVYnjGXDktS qGY= complaint properly TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli ne.de!news.glorb.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local01 .nntp.dca.giganews.com!news.giganews.com.POSTED!not-for-mail microsoft.public.dotnet.framework.aspnet:357680 do And login Session

Hi Xenophon, Does the further things I mentioend helps some? If there're anything else we can help, please don't hesitate to post here. Thanks, Steven Cheng Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- <OG8xkEP3FHA.1476@TK2MSFTNGP10.phx.gbl> <DRgWDHd3FHA.1144@TK2MSFTNGXA01.phx.gbl> <8pdfm1liof2btkarricbogsdj0jm5drag4@4ax.com> <Q#KGdi33FHA.3220@TK2MSFTNGXA01.phx.gbl> <vdv3n15v6l5ndgnqg7f6tpjrbmuga212it@4ax.com> <GZ4VQtd5FHA.1120@TK2MSFTNGXA02.phx.gbl> <b88dn199fi2iqf87e9cigp71f0q0288jt0@4ax.com> microsoft.public.dotnet.framework.aspnet:357906 ticket authentication sv3-K5GqfXvTKiZclM3pezkCfGerkK4GFXSoTiHsjfbPQC5jJpBDsN1Srg7MgUr5WKIqzEJg95gh R9HfVSE!AN4Y6xQrW/MlIyDOfdgHyoxl79BAkoOC7dVckUwOU/zTbUk3NJZWCGmTQiVYnjGXDktS TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli ne.de!news.glorb.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local01 custom cookieless....). the


Pete's Blog	Pete's Resume	Robbe's Blog	Robbe's Resume	ASP.NET Resources	Archive #2	Archive #3
All Categories	.NET	BizTalk	Exchange	IIS	IE	ISA Server	Misc
Networking	SharePoint	SQL Server	Sys Mgmt Server	Win32	Mobile Dev	MSN	WinFX
Windows 2003	Windows Media	Windows NT	Windows Vista	Windows XP	XmlPitStop	Recent	DotNetSlackers

ASP.NET, SQL Server, WPF, C#, VB.NET

Search

Navigation

Feeds