using web.config file

aadz5 · April 12th, 2004, 05:51 PM

Hi,

I was wondering if you can use a web.config file within a folder so that the authorization section only effects the files within that folder?? I only want perticular people to access those files.

Any ideas

Adz - The World is not enough

melvik · April 12th, 2004, 11:17 PM

As I know web.config is not accisible by HTTP. so ur users wont be able to see it.! ONLY FTP users can see & Edit it. Have u tried that yet?!

Always:),
Hovik Melkomian.

stu9820 · April 13th, 2004, 07:28 AM

Yes you can. But the web.config file only deals with asp.net files. Any html, asp, and other files not associated with asp.net will still be served.

planoie · April 13th, 2004, 12:18 PM

What you are looking for is not entirely obvious from what's in the default web.config file. You can specify a <location> node that defines configuration details for one part of an application. Normally the <system.web> node falls immediately under the <configuration> node. However, you can add a <location> none and provide it the path you wish to make settings for. The settings within <system.web> will apply to all pages in the web, while the settings in the location node will apply to only those pages that live under the folder specified in the path. The location node path can even be set to one particular page.

<configuration>
   <system.web>
      ...
   </system.web>
   <location path="protectedFolderName/">
      <system.web>
         <authorization>
            <allow users="?"/>
         </authorization>
      </system.web>
   </location>
</configuration>

Peter
-------------------------
Work smarter, not harder

aadz5 · April 14th, 2004, 08:49 AM

Thanks guys,

I want to redirect a user to the registration page if they cannot login, how would I go about doing that. I tried with this code but it does not work: -

private void DoLogin(Object objSender, EventArgs objArgs)
{
    string CONNSTR = "Provider=Microsoft.Jet.OleDb.4.0.; data source=\\\\premfs3\\sites\\premium8\\adnanarab66\\ database\\House.mdb;";
    bool result=false;

    string Password = txtPassword.Text;

    string hashedTestPwd = FormsAuthentication.HashPasswordForStoringInConfig File(Password,"SHA1");
    OleDbConnection objConnection = new OleDbConnection(CONNSTR);
    objConnection.Open();
    OleDbCommand cm = new OleDbCommand("SELECT UserName, UserPassword FROM Users WHERE UserName= ? AND UserPassword = ?", objConnection);//'" + UserName + "'", conn);

    cm.Parameters.Add("UserName", OleDbType.VarChar, 32, "UserName");
    cm.Parameters.Add("UserPassword", OleDbType.VarChar, 32, "UserPassword");

    cm.Parameters["UserName"].Value = txtUserName.Text;
    cm.Parameters["UserPassword"].Value = hashedTestPwd;

    OleDbDataReader dr = cm.ExecuteReader();
    if (dr.HasRows)
    {
        FormsAuthentication.RedirectFromLoginPage(txtUserN ame.Text, chkPersist.Checked);
    }
    else
    {
         Response.Redirect("register.aspx");
    }
    txtPassword.Text = "";
    txtUserName.Text = "";
    dr.Close();
    objConnection.Close();
}

any ideas??

Adz - The World is not enough

stu9820 · April 14th, 2004, 09:03 AM

What I ended up doing was creating a link when the username was not found and simply stated "invalid username and password. if you are not a member and would like to join please Register."

aadz5 · April 15th, 2004, 05:35 AM

Nice one stu,

yeah did that man,

Easy now!

Adz - The World is not enough