Our Web.config file is a case sensitive XML file that we have placed in the root directory of our site. It allows access to all the files in our site to anonymous users except the 'admin' and 'members' folders. The asterik * in the line <allow users="*" /> highlighted tells our website to allow access to all anonymous users.
Web.config
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx">
<credentials passwordFormat="Clear">
<user name="admin" password="password"/>
</credentials>
</forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="admin">
<system.web>
<authorization>
<allow users="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="members">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
The location elements with the path attribute i.e. <location path="admin"> and <location path="members"> however tells our website to apply additional security rules.
In relation to the 'admin' folder we have granted access to the user 'admin' and denied access to all other users. The asterik * signifies all users.
In relation to the 'members' folder the asterik * in the line <deny users="*" /> tells our website to deny access all anonymous users, so in effect only logged in members and the administrator will be able to access the pages within the members folder.
Part 1 - ASP.NET Database Login Introduction
Part 2 - the Login file
Get the best asp web hosting provider now and save 30%
Plug and play ASP membership script that integrates with PayPal to let you charge recurring membership fees.
