4

I would like to know if there is a way to check if a page requies authentication based on the web.config settings. Basically if there is a node like this

  <location path="account">
    <system.web>
      <authorization>
        <deny users="?"/>
      </authorization>
    </system.web>
  </location>

then I would like to check on any page if it requires authentication or not and to return true if it is under the account directory. Is this possible?

Improve this question
7
  • Couldn't you just parse the web.config with the XmlDocument and look for the setting you're looking for? Or am I misunderstanding your intentions? Commented Dec 29, 2011 at 0:55
  • if asp.net does this already i'd rather not put additional overhead/startup time by reading the config again. Commented Dec 29, 2011 at 0:58
  • Are you looking for a way to access the web.config from your asp.net application? Commented Dec 29, 2011 at 1:00
  • I've read your comment but that doesn't answer the question. I'll rephrase: are you looking for a way to access the settings set in your web.config based on what ASP.NET has read? Commented Dec 29, 2011 at 1:05
  • yes. i was hoping there was some hidden property or method for doing it, like a Page.RequiredAuthentication property that I could get at. Commented Dec 29, 2011 at 1:07

3 Answers 3

Reset to default
7

The solution is to create an anonymous identity (principal), and pass it into the CheckUrlAccessForPrincipal method. It will determine if the page is public, or requires authentication.

See code below:

var principal = new GenericPrincipal(new GenericIdentity(String.Empty, String.Empty), new string[]{});
bool requiredAuthentication = UrlAuthorizationModule.CheckUrlAccessForPrincipal(Page.AppRelativeVirtualPath, principal, Request.HttpMethod);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

Are you checking the page that the user has requested? Its unlikely as the request will never get to the page. Check the url authorization workflow.

enter image description here

http://www.asp.net/web-forms/tutorials/security/membership/user-based-authorization-cs

Improve this answer

3 Comments

you're premise is wrong. you're assuming the user never logged in. in that case they would be redirected to the login page (and never get to a page that needed authentication). if they are logged in then assume they can get to any page... i still want to determine on each page if it was required for them to login or not
OK, maybe on each page you could potentially use the UrlAuthorizationModule.CheckUrlAccessForPrincipal method passing in a anonymous user and checking the response? msdn.microsoft.com/en-us/library/…
this works. I'll post the code in a separate answer in case anyone wants copy pasta. Thank you!
0

I am a little confused as to what you are asking exactly, but to use your web.config to enforce authentication on a page-for-page basis, you need something like this:

 <location path="Forms/Administration/Default.aspx">
        <system.web>
            <authorization>
                <allow roles="Administrator, User, AdditionalUser" />
            </authorization>
        </system.web>
    </location>

If you need to be more granular than that, you need to add the logic to your middle-tier and then check on page load or url request (if MVC).

Improve this answer

4 Comments

"add the logic to your middle-tier"? What?
Which logic, and where is the middle tier? Neither are clear.
OK. . .all due respect, but I have never been asked "where is the middle-tier". I guess I mean the one in the middle of the stack. On the server. . .uh. . .in the middle. And by "logic" I mean the logic required for sniffing out the page requested against the permissions required for access. Perhaps I am missing something here. I am originally from the Southeast US afterall. . .
Sure, but isn't this question (by definition) about logic in the middle-tier?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.