Hi, I have an ASP.NET 2.0 web application(C#) where I wanted to enable Single Sign On. I want only certain users to have access to all the pages, but others to only see a few pages. What changes do I need to make to my Web.config file, and what code would I need in my code-behind for the pages?
Thank you
Hi,
Fortunately, ASP.NET was built with this exact kind of scenario in mind.
A quick example here would be the following project structure:
If I have understood you correctly, you can simply drop a 'web.config' file into the 'Protected' folder shown above. That web.config file should look like:
<system.web>
<authorization>
<allow users ="Bob, Jane, Mary" />
</authorization>
</system.web>
Read up on the <allow> and <deny> elements of <authorization>, because you can also use the 'roles' attribute instead of 'users' to specify groups of users who should have access, or be denied access.
You'll then need to modify the root web.config file to "turn on" forms authentication. Add something like:
<authentication mode="Forms" >
<forms loginUrl="LoginPage.aspx" name=".ASPNETAUTH" protection="All" path="~/" timeout="20">
</forms>
</authentication>
... to your <system.web> element.
Now, all you have to do is wire up your LoginPage.aspx to log the user in. You can use the standard ASP.NET Login control for this purpose, and if you want to use your own database for authentication/authorisation, you can intercept the login control's events to do whatever you need to.
For the quickest, most basic solution, check out the following video:
http://www.asp.net/learn/videos/video-45.aspx
Hope this helps
/Richard