Eng | Rus
 
Education -> Solutions -> Forms authenticantion in IIS 7
 
 
 
Simple Seo Solutions
SEO and Promotion
sites
VoiceNotebook.com
Speech to text for AndroidAndroid speech to text

Forms authenticantion in IIS 7 Intergrated Pipeline Mode

Integrated Pipeline is the new feature of IIS 7 that allow to make restricted to anonymous users entire directory with different file types (html, php, aspx, etc).

Here are the steps to make simplest forms authentication for IIS 7 Intergrated Pepeline Mode:

1. Switch pipeline mode to Integrated. The hosting provider usually give some simple interface to do this.
2. Make web.config file in the root web site directory:

<?xml version="1.0" encoding="utf-8"?>

<configuration>

<system.web>

<authentication mode="Forms">
<forms name="someCookieName" loginUrl="/login.aspx">
<credentials passwordFormat="Clear">
<user name="alex" password="alex" />
</credentials>
</forms>
</authentication>

</system.web>
<system.webServer>
<modules>
<remove name="FormsAuthenticationModule" />
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
<remove name="DefaultAuthentication" />
<add name="DefaultAuthentication" type="System.Web.Security.DefaultAuthenticationModule" />
</modules>
<security>

<authentication>
<basicAuthentication enabled="false" />
<windowsAuthentication enabled="false" />
<anonymousAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
</configuration>

3. Make login.aspx page in the root web site directory and put login control to it.
4. Make Login1_Authenticate event for this control (I simply click in the designer to log in button) and type here this code:

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
if (FormsAuthentication.Authenticate(Login1.UserName, Login1.Password))
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, true);
else
Login1.FailureText = "can not auth";
}

p.s. Do not forget to write "using System.Web.Security;" in the "using" section.

5. Make some folder (let's named it auth_folder) in the root of the web site and put here another web.config file:

<?xml version="1.0" encoding="utf-8"?>
<configuration>

<system.webServer>
<security>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Deny" users="?" />
<add accessType="Allow" users="*" />
</authorization>
</security>
</system.webServer>
</configuration>


6. Create index.htm file in the auth_folder with some greeting. Create default.aspx file in the root directory also with some text.

That's all. To test application:
Navigate browser to auth_folder. You will be redirected to the login page.
Type alex as the user name and alex as the password.
Press Log in - you will be redirected to auth_folder and will see index.htm file.

Posted 9 february 2010

prjsoft.ru