spacer
Yehuda Shiran October 2, 2002
IBuySpy's Authorization and Authentication
Tips: October 2002

Yehuda Shiran, Ph.D.
Doc JavaScript

Developer News
News Flash: Adobe Has iPhone Workaround
Adobe's Flash 10.1 Goes Mobile (Minus iPhone)
A Salute to Visionary CEOs

 The file Web.config is used for setting parameters that you don't want to set in your JScript .NET code. You want to keep your code as flexible as possible, and set frequently-changed values outside your code. In this way, you can change the behavior of the application without recompilation of your code. You can deploy your code to your target machine and leave some options open for change at the last minute, just by changing a single file, Web.config.

Web.config is an XML file. The outer tag is <configuration>. Several tags can go inside the <configuration> statement. IBuySpy Store uses <appSettings>, <authentication>, <customErrors>, <sessionState>, and <authorization>. The <appSettings> statement defines keys for the application. You can define arbitrary keys in your JScript .NET code and set their values in Web.config. IBuySpy Store uses the connectionString key, and this is how its value is set:

  <appSettings>
     <add key="ConnectionString" 
          value="server=HAW2L1800\NetSDK;Trusted_Connection=true;database=StoreDOCJS" />
  </appSettings>
The <authentication> tag defines the ASP.NET page that is used for authentication. The specified page will pop up whenever the user tries to load a page that requires authorization. Below, we show you how to specify a page that needs authorization. This is how you define the page that will pop up for authentication, login.aspx:

  <authentication mode="Forms">
     <forms name="IBuySpyStoreAuth" loginUrl="login.aspx" protection="All" path="/" />
  </authentication>
The <customErrors> tag specifies the page that will pop up whenever there is an error in your code and will apologize to the user, ErrorPage.aspx:

  <customErrors mode="RemoteOnly" defaultRedirect="ErrorPage.aspx" />
We also want to turn off session mode, so users will always get in through the main page when they come in to the store:

  <sessionState mode="Off" />
The last three statements, <authentication>, <customErrors>, and <sessionState> all relate to the whole Web site, and therefore are inside the <system.web> tag:

  <system.web>
    <authentication mode="Forms">
      <forms name="IBuySpyStoreAuth" loginUrl="login.aspx" protection="All" path="/" />
    </authentication>
    <customErrors mode="RemoteOnly" defaultRedirect="ErrorPage.aspx" />
    <sessionState mode="Off" />
  </system.web>
When you want certain pages to have limited access to authorized users only, you use the <authorization> tag within the <system.web> tag within the <location > tag. The following code snippet denies unauthorized users from entering the Checkout.aspx ASP.NET page:

  <location path="Checkout.aspx">
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>
IBuySpy Store requires authorization before loading Checkout.aspx, OrderList.aspx, and OrderDetails.aspx. Here is the full Web.config file:

  <?xml version="1.0" encoding="utf-8" ?>
  <configuration>
    <!-- application specific settings -->
    <appSettings>
      <add key="ConnectionString" 
         value="server=HAW2L1800\NetSDK;Trusted_Connection=true;database=StoreDOCJS" />
    </appSettings>
    <!-- forms based authentication -->
    <system.web>
      <!-- enable Forms authentication -->
      <authentication mode="Forms">
        <forms name="IBuySpyStoreAuth" loginUrl="login.aspx" protection="All" path="/" />
      </authentication>
      <!-- enable custom errors for the application -->
      <customErrors mode="RemoteOnly" defaultRedirect="ErrorPage.aspx" />
      <!-- disable session state for application -->
      <sessionState mode="Off" />
    </system.web>
      <!-- set secure paths -->
    <location path="Checkout.aspx">
      <system.web>
        <authorization>
          <deny users="?" />
        </authorization>
      </system.web>
    </location>
    <location path="OrderList.aspx">
      <system.web>
        <authorization>
          <deny users="?" />
        </authorization>
      </system.web>
    </location>
    <location path="OrderDetails.aspx">
      <system.web>
        <authorization>
          <deny users="?" />
        </authorization>
      </system.web>
    </location>
  </configuration>

People who read this tip also read these tips:

Look for similar tips by subject:

internet.commediabistro.comJusttechjobs.comGraphics.com

Search:

WebMediaBrands Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs

Solutions

Whitepapers and eBooks

Adobe Article: Adobe Helps PHP Developers Create Rich Internet Applications
Adobe Article: Java Developers Finding a Home at Adobe Flex
IBM Articles: A Smarter Business Needs Smarter Technology
Intel Xeon Processor Increases Server Efficiency and Capabilities
Intel Tech Brief: Automated Energy Efficiency for the Intelligent Enterprise
Oracle Whitepaper: Using Oracle In-Memory Database Cache to Accelerate the Oracle Database
Oracle Whitepapers - Innovation for IT Leaders
Avaya Article: Communication-Enabled Mashups--Empowering Both Business Owners and IT
 Internet.com eBook: IT Manager's Guide to Social Networking
Internet.com eBook: Get Ready for Windows 7
Microsoft Article: Expression Web 3--New Features for PHP Developers
Whitepapers: Manage Your Business Infrastracture with IBM
Whitepaper: Maximize Your Storage Investment with HP
Internet.com eBook: Becoming a Better Project Manager
Microsoft Article: Stress Free and Efficient Designer/Developer Collaboration
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Microsoft Partner Program Benefits
Video: Windows Azure Debugging Tips
SAP BusinessObjects Webcast: Unlock the Power of Reporting with Crystal Reports
 IBM Webcast: Speed Business Innovation with Reduced Cost and Risk
Video: Deploy Applications on Windows Azure
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Downloads & Free Trials: Microsoft's New Efficiency Resource Center
Get the Windows 7 SDK
Free Trial: Red Gate SQL Backup Pro 6
 Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Virtual Lab: Migrating PHP Applications
Enabling Web Slices and Accelerators with a PHP Site
Internet.com Hot List: Get the Inside Scoop on the Hottest IT and Developer Products
 All About Botnets
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES
webref The latest from WebReference.com Browse >
Building a Banking Application Home Page with OOP · Mixing Scripting Languages · Review: phpFox, a Social Networking CMS with all the Bells and Whistles
Sitemap · Experts · Tools · Services · Email a Colleague · Contact FREE Newsletters 
 The latest from internet.com
Enterprise 2.0: Social Networking in the Cloud · BroadSoft Marketplace Hastens Pace of Telephony Innovation · Review: HTC Hero for Sprint