Authorization in ASP.NET

You can protect your website pages from an unauthorized user that can harm your site. You can redirect any unauthorized user to login form by doing some changes in web.config file.
  • 2375
Download Files:
 

You can protect your website pages from an unauthorized user that can harm your site. You can redirect any unauthorized user to login form by doing some changes in web.config file. Suppose in your default page, you have added a hyperlink of employee detail and you want to restrict the unauthorized user and redirect unauthorized user to login form. First, You should create a folder with specific name after that add those pages you want to protect from unauthorized user. After adding pages you must add a web.config file in the folder because web.config file decide which user can redirect to employee detail page or which not.

Step 1:
Add hyperlink in default.aspx page

Default.aspx

<%
@ Page Title="Home Page" Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true"    CodeFile="Default.aspx.cs" Inherits="_Default" %>
<asp:Content ID="HeaderContent" runat="server" ContentPlaceHolderID="HeadContent">
</asp:Content>
<
asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">
    <asp:HyperLink Text="Employee Details" ID="idhyperlink" runat="server" 
    NavigateUrl="~/Detail/Employee_page.aspx" ></asp:HyperLink>   
</asp:Content>

Step 2:
Add folder in your application and named that folder Detail

Step 3:
Add a page in Detail folder by right clicking the mouse and select Add New Item option.

AddNewItems1.gif
 

You will see Add New Item Dialog box select Web Form and named that form Emplyee_page.aspx after that click the add button to add  Employee_page.aspx in Detail folder.

AddNewItems2.gif

Step 4:
Add a Web.config file in Detail folder. Authorization refers to the process to identify which resources are allowed to access to user. The configuration file denies access to anonymous users using '?'.

WebConfig.gif
 

Detail/web.config
<?xml version="1.0">
<configuration>
    <
system.web>
      <
authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
</
configuration>

Now, I debug my application. Internet explorer show Default.aspx, there is an Employee Details hyperlink on Default.aspx page if you click on that hyperlink you will automatically redirect to Log In form to know that you are authorized user or not after file that form you can see Employee_page.aspx otherwise not.

Default.aspx on internet explorer

 default.gif

After clicking on Employee Details link page redirect to Login form.

  output.gif

Categories

More Articles

© 2019 DotNetHeaven. All rights reserved.