Monthly Archives: November 2010

Questions and Answers about ASP.NET

Standard

I have created an extension to my sitewww.12reach.com where I try to answer every possible questions and answers about ASP.NET
Frequently asked questions and answers about ASP.NET

Advertisements

How to set Roles and access to certain pages

Standard

In ASP.NET forum very often a question is asked. How to set Roles and accordingly restrict access to certain pages?

There are definitely various ways. But I prefer UserControl. Its advantage is you can drag it to the Masterpage and its functionality has been used all along your application.

Here the main problem is I can’t use the code so I upload codes as Images part by part.

Here is the code:

set Roles and access to certain pages

set Roles and access to certain pages

set Roles and access to certain pages

set Roles and access to certain pages

set Roles and access to certain pages

set Roles and access to certain pages

set Roles and access to certain pages

set Roles and access to certain pages

set Roles and access to certain pages

set Roles and access to certain pages

Here I used few controls like LoginView, LogInStatus and lastly in the Page_Load event handler I checked whether User.Identity.IsAuthenticated. It can be used as User.IsInRole also to check the user belongs to a certain Role or not.

In this way, one can check whether a user belongs to the Role Administrator or Member, if he/she is Administrator can go to CatalogAdmin.aspx and if he/she belongs to the Role of  Member, then he/she might have access to Member_1.aspx page.

Modifying the forms authentication behavior

Standard

You can modify the behavior of the forms-based authentication by defining that behavior within a forms section in the web.config file.

See how it happens:

forms authentication

forms authentication

I specifically want to point out this part :

cookieless: Specifies how the cookies are handled by ASP.NET. The possible values include UseDeviceProfile, UseCookies, AutoDetect, and UseUri. The default value is UseDevice-Profile. This value detects whether to use cookies based on the user agent of the device.
UseCookies requires that all requests have the credentials stored in a cookie. AutoDetect auto-determines whether the details are stored in a cookie on the client or within the URI (this is done by sending a test cookie first). Finally, UseUri forces ASP.NET to store the details within the URI on all instances.

Questions and Answers on ASP.NET

Standard

There are many questions that I answer in asp.net forum. Here is/are some of them.

Q :

I have a page which can only be seen by the members…no guest can Access tht page …m using asp.net wid c# can i get an basic idea how do i redirect tht person to login page if they r not logged…and wid a condition tht if they r loggin already thn no need to show the loggin page they can directly access to the private page

A:

Suppose you want restriction to the Page Member.aspx. In that case all you need to do to redirect the guest is : using a simple Authorization Rule in your web.config like this:
In such case, you compel your members to view the private page. There are several other options but it is one of the basica. Best of luck.

Q:

Require https to safeguard Windows Authentication credentials?

A:

Basically the diffrence is in the usage of port. HTTP uses port 80 and when it is secured HTTP (HTTPS), the port is changed to 443. In case of Forms authentication there is an attribute called “requireSSL” which specifies whether Forms authentication should happen in a secure HTTPS. You may keep it true or false. See below:

It is strongly recommended that the loginUrl should be an SSL URL (https://) to keep secure credentials secure from prying eyes.

But all these things are applicable when it is only Forms authentication, The Windows operating system has a role system built into it. This Windows security group system is an ideal system to use when you are working with intranet-based applications where you might have all users already in defined roles. This, of course, works best if you have anonymous authentication turned off for your ASP.NET application, and you have configured your application to use Windows Authentication.

Best of luck.

ASP.NET, HTTP and HTTPS

Standard

HTTP is a communication through text messages from client to server and back using port 80, and when it is secured ie; using port 443, it is secured HTTP (HTTPS).
I’m learning. But I do injustice to this blog site. I should write regularly. I am probably too lazy!
Started a new story : Shankhachurni!
Sent a mail to Scott Hanselman. Would he respond?