لطفا منتظر باشید ...
ASP.NET 2.0: A Developer''''s NotebookBy
Table of Contents
| Index
| Errata
When ASP.NET hit the street a couple of years ago, it was a
real eye-opener. Microsoft''''s tool for creating dynamic,
server side web applications introduced Web Forms, a feature
with the same rapid drag and drop convenience enjoyed by
Visual Basic developers, along with a method for creating
XML-based web services. ASP.NET was more than an upgrade of
Active Server Pages it was a quantum leap ahead.
Now Microsoft has a new version of ASP.NET as part of its
upcoming next generation release of the Visual Studio .NET
development platform. ASP.NET 2.0 is already available in
beta release, and web developers are anxious to get a good
look at it. That''''s exactly what our new Developer''''s Notebook
allows you to do.
More than just an introduction to ASP.NET 2.0, this
practical guide acquaints you with all of the new features
through nearly 50 hands-on projects. Each one places
emphasis on changes in the new release that can increase
productivity, simplify programming tasks, and help you add
functionality to your applications. For example, ASP.NET 2.0
includes master pages, themes, and skins so you can build
applications with a consistent page layout and design. Other
changes allow for the automatic creation of web pages for
use on mobile devices, while wizards and controls allow you
to perform frequent tasks (like data access) without having
to write a single line of code.
ASP.NET 2.0: A Developer''''s Notebook
also includes suggestions for further experimentation, links
to on-line documentation, and practical notes and warnings
from the author regarding changes to the new version.
The new Developer''''s Notebooks series from O''''Reilly offers an
in-depth first look at important new tools for software
developers. Emphasizing example over explanation and
practice over theory, they focus on learning by doing you''''ll
get the goods straight from the masters, in an informal and
code-intensive style. If you want to get up to speed on
ASP.NET 2.0 before its official release, this all lab, no
lecture book will get you there.
5.3. Restrict Unauthorized Access to Pages
Note: The Login controls are useful only if you restrict accessto your pages in your site. Learn how to restrict user access to your
ASP.NET application.
So far, you have seen how to
add a new login page to your web
site and how you can add users to your application. In order to
ensure that users provide a valid login credential before they are
allowed access to a specific part of your site, you need to configure
ASP.NET to require that all users be
authenticated before they are given access.
5.3.1. How do I do that?
In the earlier lab Section 5.1,you saw how to use the Login control to get a user's
credentials. In this lab, you will learn how you can restrict access
to certain pages based on the user's credentials.
You will create a new folder in the existing project and then
restrict access to this folder by modifying
Web.config. When a page in the
restricted folder is loaded, the login
page will automatically be loaded to authenticate the user.Using the project created in the previous lab
(C:\ASPNET20\chap-5-SecurityControls), add a new
folder named Members (right-click the project
name in Solution Explorer and then select Add
Folder
Regular Folder).Add a Web Form to this folder (right-click theMembers folder in Solution Explorer and then
select Add New Item...; select Web Form) and name it
MemberDefault.aspx.Add a Web.config file to this folder
(right-click the project name in Solution Explorer and then select
Add New Item...; select Web Configuration File) and insert the
following lines:
<!-- Remove this lineThe <deny> element specifies which users to deny access to the
<authentication mode="Windows" />
-->
<authorization>
<deny users="?" />
</authorization>
current folder (Members, in this case). You can
also use the <allow> element to specifically state which users
have access to the current folder. The question mark (?) specifies
that anonymous users, or nonauthenticated users, have access, while
an asterisk (*) specifies that all users have
access.Your Solution Explorer should now resemble the one shown in Figure 5-17.
Figure 5-17. The Solution Explorer
and press F5. You will be redirected to the
Login.aspx page, as this page is accessible only
to an authenticated user. Log in with the user account created in the
last lab. If the authentication is successful, the
MemberDefault.aspx page will be
loaded.
5.3.2. What about...
...using a singleWeb.config file
to specify the access permission of the entire web application?Besides adding a separate Web.config file to
each folder in your web application to specify the access permission
for each folder, you can also use the <location> element in the
Web.config file in the root folder. The
following entry in the Web.config file in the
root of the web application is equivalent to Step 3:
...Using this method will eradicate the need to have multiple
</system.web>
<location path="Members">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
Web.config files in your project. You can use
multiple <location> elements to specify the permission for each
folder.
5.3.3. Where can I learn more?
Check out the MSDN Help topic on the <location> element tolearn more about the use of this element in Web.config
files.
