Support us .Net Basics C# SQL ASP.NET Aarvi MVC Slides C# Programs Subscribe Download

Windows authentication and folder level authorization - Part 89

Suggested Videos
Part 86 - Anonymous authentication and asp.net impersonation
Part 87 - Windows authentication
Part 88 - Windows authentication and authorization

Please watch Parts 87 and 88, before proceeding. In this video we will discuss about folder level authorization, with an example. Consider the project structure, shown in the solution explorer below.
Folder level authorization



Only administrators should be able to access the pages in "Admin" folder. The rest of the pages can be accessed by anyone. To achieve this, add another web.config file to the "Admin" folder and include the following authorization element.
<authorization>
  <allow roles="Administrators" />
  <deny users="*" />
</authorization>

Application root level web.config file. This allows access to all authenticated users. 
<authorization>
  <deny users="?"/> 
</authorization>



A very common asp.net interview question:
Is it possible to have more than one web.config file? If yes, when and why would you use more than one web.config file. 
This is one of the classic examples, where we need more than one web.config files.

If you want to execute the application code, using the logged in Administrator account, then enable impersonation, in the web.config file of the Admin folder. With this setting in place, all the pages in the Admin folder are executed using the logged in user account, where as the pages outside of the folder are executed using the identity of the application pool.
<system.web>
  <authorization>
    <allow roles="Administrators" />
    <deny users="*" />
  </authorization>
  <identity impersonate="true"/>
</system.web>

It is also possible to impersonate, with a specific user name and password. With this setting, whenever any user belonging to the "Administrators" group requests a page from the Admin folder, the code will be executed using "Venkat" account.
<system.web>
  <authorization>
    <allow roles="Administrators" />
    <deny users="*" />
  </authorization>
  <identity impersonate="true" userName="Venkat" password="test"/>
</system.web>

2 comments:

  1. how to login based on roles assigned like admin, public and developers with use of database records

    ReplyDelete
  2. Which Web.config file execute first

    ReplyDelete

It would be great if you can help share these free resources