Hello,

Essentially, I have two sites. The first site is a third party vendor site that is authenticating the member. Users are immediately passed to my website and the username is caputred. My website has a series of webpages that can only be accessed by specific individuals. I need to allow access to those pages based on username. I believe that I can somehow do this using <authorization></authorization> in the webconfig. I apologize because I do not have any code and am not certain where to begin.

Any assitance, guidance or alternatives that you can provide is much appreicated.

Thanks,

Allison

Yes, you can use Authorization tag to give permissions to specific users to access specific pages using some configurations in web.config file. For example;

<system.web>

    <authentication mode="Forms" >

      <forms loginUrl="login.aspx" name=".ASPNETAUTH" protection="None" path="/" timeout="20" >

      </forms>

    </authentication>

    <!-- This section denies access to all files in this application except for those that

         you have not explicitly specified by using location setting. -->

    <authorization>

      <deny users="?" />

    </authorization>

  </system.web>

  <!-- This section will give access to the defined user on default page and deny access to all other users -->

  <location path="default.aspx">

    <system.web>

      <authorization>

        <allow users = "Mary,john" />        

        <deny users = "?" />

      </authorization>

    </system.web>

  </location>

  <!-- This section will give access to test.aspx page to all users.  -->

  <location path="test.aspx">

    <system.web>

      <authorization>

        <allow users ="*" />

      </authorization>

    </system.web>

  </location>

For more information, please view following links.

http://support.microsoft.com/kb/316871

http://authors.aspalliance.com/aspxtreme/webapps/aspnetauthorization.aspx

Hope it will help.

Danish Ali,

Thank you so much for your quick response. I understand that I can use the authorization tag to give permissions to specific users to access specific pages using some configurations in the web.config file. However, can I use it without implementing the membership provider model? My users are coming directly from a third party site. They are authenticated at the third party site. I am being passed their username from a cookie. I want to be able to use the username to allow or deny access to specific pages. My apologlies if my initial post did not provide substantial information.

Thanks again,

Allison

No it will not work then. I am sorry, i misunderstood it. But we may use one work around, if you have small no of user.

Please follow the following link for details.

http://www.heartysoft.com/post/2009/06/19/Simple-Username-Password-Authentication-WITHOUT-Membership-Providers.aspx

Please view the above link before reading the below comments for better understanding...

My idea is that you define your users in web.config file. When user come to your site, get his name from cookie and authenticate it using following code.

FormsAuthentication.Authenticate("username", "pwd")

to make your application feel that you are using form authentication. Once user is authenticated, the authorization configurations will work.

Hope it will help.