configuring web.config to restrict certain users t

[woody19]

for web.config,how do i narrow down the access to certain fiels to certain users?<BR>i.e. in classic asp,i would use something like<BR>if session("securitylevel")="1" then the person can see certain files<BR>else the person can only see certain filesActually asp.net is just brilliant for this type of security. I havent actually done this yet but I read something ( here at 4 guys ) that pretty much explains everything. basically you add a tag like this. Syntax isnt exactly right. But Ill give you a link to the full article that explains how to do this.<BR><BR><allow groups="Administrators" /><BR><deny users="*" /><BR><BR>That says only groups of administrators have access and deny all users. * means all. ? means anonymous or unauthenticated. So how do you know whos who? Well you have to assign roles to a user when he logs on. In global.asax there is an event... <BR><BR><BR>Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)<BR> If Request.IsAuthenticated() Then<BR> ' create an array of roles for the current user<BR> ' these would most likely be dynamically read<BR> ' from the data store for each user.<BR> Dim arrRoles() As String = {"Manager", "Cleaner"}<BR> <BR> ' Add our Principal to the current context<BR> Thread.CurrentPrincipal = New GenericPrincipal(Context.User.Identity, arrRoles)<BR> End If<BR>End Sub<BR><BR><BR>Here you assign your roles to the user. From a db or where ever. Only happens when they login. Its brilliant. Anyways check out this article. <BR><BR>http://www.4guysfromrolla.com/webtech/121901-1.2.shtml