All geek questions in one place

Program page authentication based on web.config settings

I would like to know if there is a way to check if the page is requesting authentication based on the web.config settings. Basically, if there is a node like this

<location path="account"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location>

then I would like to check any page if it requires authentication or not, and return true if it is in the account directory. Is it possible?

+4
source share
3 answers

The solution is to create an anonymous identifier (principal) and pass it to the CheckUrlAccessForPrincipal method. It will determine if the page is publicly available or if authentication is required.

See the code below:

 var principal = new GenericPrincipal(new GenericIdentity(String.Empty, String.Empty), new string[]{}); bool requiredAuthentication = UrlAuthorizationModule.CheckUrlAccessForPrincipal(Page.AppRelativeVirtualPath, principal, Request.HttpMethod);
+6
source

Are you checking the page requested by the user? It is unlikely, since the request will never reach the page. Check URL authorization workflow.

enter image description here

http://www.asp.net/web-forms/tutorials/security/membership/user-based-authorization-cs

+4
source

I'm a little confused about what you are asking for sure, but in order to use your web.config to provide authentication on the page for the page, you need something like this:

  <location path="Forms/Administration/Default.aspx"> <system.web> <authorization> <allow roles="Administrator, User, AdditionalUser" /> </authorization> </system.web> </location>

If you need to be more detailed, you need to add logic to the middle tier, and then check the page load or URL request (if MVC).

0
source

Source: https://habr.com/ru/post/1388394/

More articles:


All Articles