Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is WEB.CONFIG the right solution to control thousands of users?

Status
Not open for further replies.
TunaAdmiral

TunaAdmiral

MIS
Jan 19, 2000
57
US
Good afternoon!

Handling web-page access using the web.config file is very unwieldy when you have a few thousand users.

There must be another way of doing this (by allowing access by groups, or something.)

I can control access to each page in the code-behind for each page, but this would also be very unwieldy, and would require me to recompile my code every time I add or change a user.

What are other folks doing to control user access to specific pages and directories within a website?

Thanks!

Mikeymac
 
Sort by date Sort by votes
1. Use Windows integrated security and lock down access on a per-folder basis.
2. Use Forms authentication to assign roles, but still lock down folders as above.
3. In ASP.NET 2.0, automate the authentication using a built-in MembershipProvider (but still configure roles for folders).
4. For security setups that fall outside of the normal methods (as in per-user access to a page), use an IHttpModule to handle authentication (using whatever arbitrary security criteria you like): 5. For ASP.NET 2.0, do something similar with custom role and membership providers.
6. Have all pages inherit from the same base page that handles security (better to use an IHttpModule/Providers, though).
 
Upvote 0 Downvote
Drive it with a database!...

Code: 
<configuration>
   <appSettings file="externalFile.config">
   </appSettings>
    <system.web>
        <customErrors mode="On" defaultRedirect="error.htm">
			<error statusCode="500" redirect="CustomerError500.aspx"/>
			<error statusCode="401" redirect="CustomerAccessDenied.aspx"/>
			<error statusCode="404" redirect="inactive.aspx"/>
			<error statusCode="403" redirect="noaccessallowed.aspx"/>
		</customErrors>
        <authentication mode="Forms">
            <forms name="appNameAuth" path="/" loginUrl="login.aspx" protection="All" timeout="30">
            </forms>
        </authentication>
        <authorization>
            <deny users="?" />
        </authorization>
		<sessionState mode="InProc" cookieless="false" timeout="30" />
    </system.web>
</configuration>

Many articles on this process, i built a couple of database driven login pages.

If hosted, only option is Forms Auth, if internal DO NOTHING BUT INTEGRATED WINDOWS!

some good links...
(to build auth pages)
(forms auth and sql)

Glad to help you out more when u decide which direction to go
 
Upvote 0 Downvote
Your responses set me on the right track!

Thanks for taking the time to respond!

Excelsior!

Mikeymac
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

chikwendu
  • Locked
  • Question
Mouse jumps to DropDownList when clicking a button
Replies
0
Views
166
chikwendu
chikwendu
Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
852
Makumbi256
Makumbi256
AhmedAzizBarbary
  • Locked
  • Question
How to pass list of checkboxes not checked on page model razor page?
Replies
0
Views
1K
AhmedAzizBarbary
AhmedAzizBarbary
AhmedAzizBarbary
  • Locked
  • Question
How to read data response body after success login razor page ?
Replies
0
Views
941
AhmedAzizBarbary
AhmedAzizBarbary
a6green
  • Locked
  • Question
How to configure AT&T / Avaya Definity G3 incoming ISDN trunk
Replies
2
Views
991
a6green
a6green

Part and Inventory Search

Sponsor

Back
Top