In this walkthrough, you will create a
Web.config file that will configure your Web application to:
- Collect credentials using an HTML form directly from the client (i.e.
Forms-based authentication)
- Prevent anonymous Web user access
When used together with the Login.aspx page we just created, it will
allow us to force users to successfully login before visiting our Master/Details
data reporting page. To enable this, please follow the steps below:
- Select New from the File menu. You will see the New
File dialog box appear.
- Select (General) from the Templates pane.
- Select the Web.Config template.
- Type a file path in the Location box.
- Type Web.config in the Filename box (default).
- Click OK. The web.config file will open.
- Set the mode attribute of the authentication tag to
Forms (the default is Windows). This section sets the
authentication policies of the application:
<authentication mode="Forms">
Note Forms-based authentication is an ASP.NET authentication
service that enables applications to provide their own logon UI and do
their own credential verification.
- Remove the (default) allow sub-tags of the authorization
tag. This section sets the authorization policies of the application:
<allow users="joeuser" />
<allow roles="Admins" />
Note You can allow or deny access to application resources by
user or role.
- Set the deny sub-tag of the authorization tag to ?
(the default is *):
<deny users="?" />
Note In addition to user or role names, you can specify one of
the following wildcard values: "*" means everyone, "?" means
anonymous. Denying the anonymous user access to the pages
within the directory disallows any user who is not logged in from visiting
a page -- and will instead send them to the login page we created earlier.
They will not have access to any page until they successfully enter their
username/password on the login page.
- Save the file.
Note You cannot run a Web.config file.
Next Step >> |
