Section 2
Use authorization to establish the rights of an authenticated user.
- Manage roles in the Web Site Administration Tool.
- Ascertain whether a specific user is in role.
- Get the roles for a specific user by using the Roles object or the User object.
- Store role information in a cookie.
- Restrict access to files by using file authorization.
- Restrict access to portions of an application by using URL authorization.
Summary
The Web Site Administration Tool allows you to manage roles and add users to roles on the security tab.
You can use the Roles Object static method IsUserInRole to determine if a user is a member of a role.
You can get the roles for a specific user by using the GetRolesForUser method of the Roles Object.
You can configure the RoleManager in the web config of the application to store a users role information in a cookie.
To apply authorization rules to a specific file or folder, enclose the <authorization> element inside a <location> element as shown here. The example of how to restrict access to portions of an application using URL authorization is from the resource Security Practices: ASP.NET 2.0 Security Practices at a Glance
<location path="Secure" >
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
Other Resources & Links:
Web Site Administration Tool Security Tab
http://msdn2.microsoft.com/en-us/library/ssa0wsyf.aspx
Roles Class
http://msdn2.microsoft.com/en-us/library/system.web.security.roles(VS.80).aspx
MembershipUser Class
http://msdn2.microsoft.com/en-us/library/system.web.security.membershipuser(VS.80).aspx
How to Use Role Manager in ASP.Net 2.0
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000013.asp
Security Practices: ASP.NET 2.0 Security Practices at a Glance
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGPractices0001.asp