Text version of the video
Slides
All ASP .NET Text Articles
All ASP .NET Slides
All Dot Net and SQL Server Tutorials in English
All Dot Net and SQL Server Tutorials in Arabic
Please watch Parts 87 and 88, before proceeding. In this video we will discuss about folder level authorization, with an example. Consider the project structure, shown in the solution explorer below.
Link for Part 87 – Windows authentication in asp.net
Link for Part 88 – Windows authentication and authorization in asp.net
At the following link, you can find the text version of this video. You will also find the code samples used in the demo.
Only administrators should be able to access the pages in “Admin” folder. The rest of the pages can be accessed by anyone. To achieve this, add another web.config file to the “Admin” folder and include the the authorization element.
A very common asp.net interview question:
Is it possible to have more than one web.config file? If yes, when and why would you use more than one web.config file.
This is one of the classis examples, where we need more than one web.config files.
If you want to execute the application code, using the logged in Administrator account, then enable impersonation, in the web.config file of the Admin folder. With this setting in place, all the pages in the Admin folder are executed using the logged in user account, where as the pages outside of the folder are executed using the identity of the application pool.
It is also possible to impersonate, with a specific user name and password. With this setting, whenever any user belonging to the “Administrators” group requests a page from the Admin folder, the code will be executed using “Venkat” account.