8.1. Restricting Access to All Application Pages
Problem
You want to restrict access to the pages of your application to authorized users only.
Solution
Change the web.config
settings of your
application to specify Forms authentication, and then create an
.aspx
login page to collect user credentials and
complete the authentication check.
Modify web.config as follows:
Set the
mode
attribute of the<authentication>
element toForms
.Add a
<forms>
child element to the<authentication>
element to specify key aspects of the Forms implementation:<authentication mode="Forms">
<forms name=".ASPNETCookbook"
loginUrl="Login.aspx"
protection="All"
timeout="30"
path="/">
</forms>
</authentication>Add
<deny>
and<allow>
child elements to the<authorization>
element to deny access to anonymous users and allow access to all who have been authenticated:<authorization>
<deny users="?" /> <!-- Deny anonymous users -->
<allow users="*" /> <!-- Allow all authenticated users -->
</authorization>
In the .aspx
file for the login page:
Add the fields required to collect the data the application needs to authenticate the user. Most applications require, at a minimum, a user login ID and password, but you can specify whatever your application requires.
Add a Login button.
(Optional) Include a checkbox for users to indicate that they want to be remembered between sessions. (You will need to add some code to the code-behind class to persist the authentication cookie on the client machine.)
In the code-behind class ...
Get ASP.NET Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.