The title isn’t descriptive enough for this post, but it will have to do. Today I was trying to get an ASP.Net application to allow me to define two different login levels. What I was trying to do was the following:


 


There’s a main ASP.Net application, which is allowed to be accessed by anyone (<allow users=”*”>).(http://www.domain.com/)


There’s a customer part where a login is required. (http://www.domain.com/customers/)


There’s a maintenance part where a different login is required. (http://www.domain.com/maintenance/)


 


Because I didn’t want to share my DAL between two applications and I wanted to keep everything within one solution (one project even) I was searching for a way to make sure only the maintenance user would be able to login to the maintenance part but both the maintenance user as well as all the customers would be able to login to the customer part. Especially for these kind of wishes, the <location> element in web.config seems to have been invented. I finally solved the case by defining my web.config as follows:


 


<configuration>


  <!–Default settings for the application (snipped some stuff here)–>


  <system.web>


    <authentication mode=”Forms”>


        <forms name=”UniqueCookieName” loginUrl=”login.aspx” />


    </authentication>


    <authorization>


      <allow users=”*” />


    </authorization>


  </system.web>


 


  <!–Settings for the maintenance part–>


  <location path=”maintenance”> 


    <system.web>


      <authorization>


        <allow users=”maintenance_user” />


        <deny users=”*” />


      </authorization>


    </system.web>


  </location>


 


  <!–Settings for the customers part–>


  <location path=”customers”> 


    <system.web>


      <authorization>


        <deny users=”?” />


      </authorization>


    </system.web>


  </location>


 


</configuration>


 


As you can see, I’ve configured the application so that the maintenance-user is the only user that is allowed inside the ‘maintenance’ folder. All other users are denied access. By the way, allowing the maintenance user must happen before denying all the others, or else no-one has rights there.


 


Within the customers location, anyone who logs in is allowed. So everybody who’s unknown is not allowed to do anything.


 

This was my fairly simple solution to what I thought would be something of a challenge…