Support us .Net Basics C# SQL ASP.NET ADO.NET MVC Slides C# Programs Subscribe Buy DVD

Windows authentication and folder level authorization - Part 89

Suggested Videos
Part 86 - Anonymous authentication and asp.net impersonation
Part 87 - Windows authentication
Part 88 - Windows authentication and authorization

Please watch Parts 87 and 88, before proceeding. In this video we will discuss about folder level authorization, with an example. Consider the project structure, shown in the solution explorer below.
Folder level authorization



Only administrators should be able to access the pages in "Admin" folder. The rest of the pages can be accessed by anyone. To achieve this, add another web.config file to the "Admin" folder and include the following authorization element.
<authorization>
  <allow roles="Administrators" />
  <deny users="*" />
</authorization>

Application root level web.config file. This allows access to all authenticated users. 
<authorization>
  <deny users="?"/> 
</authorization>



A very common asp.net interview question:
Is it possible to have more than one web.config file? If yes, when and why would you use more than one web.config file. 
This is one of the classic examples, where we need more than one web.config files.

If you want to execute the application code, using the logged in Administrator account, then enable impersonation, in the web.config file of the Admin folder. With this setting in place, all the pages in the Admin folder are executed using the logged in user account, where as the pages outside of the folder are executed using the identity of the application pool.
<system.web>
  <authorization>
    <allow roles="Administrators" />
    <deny users="*" />
  </authorization>
  <identity impersonate="true"/>
</system.web>

It is also possible to impersonate, with a specific user name and password. With this setting, whenever any user belonging to the "Administrators" group requests a page from the Admin folder, the code will be executed using "Venkat" account.
<system.web>
  <authorization>
    <allow roles="Administrators" />
    <deny users="*" />
  </authorization>
  <identity impersonate="true" userName="Venkat" password="test"/>
</system.web>

No comments:

Post a Comment

If you like this website, please share with your friends on facebook and Google+ and recommend us on google using the g+1 button on the top right hand corner.