As an extension to the framework described in my article, I'm implementing Forms Authentication. In the article, I describe how to load user controls that ultimately end up being displayed as an entire page inside of a template. Each user control resides inside the /content folder. If I browse to www.asdf.com/faq.aspx, faq.aspx is actually a user control, faq.ascx, located inside the content folder.
I like simplicity. Using this framework has proven to be the answer to my prayers - I can very easily add new functionality in the guise of a page by adding a user-control to my project and throwing a form together in my designer. Anyone on the farside of my server sees actual pages, with the full header, nav, and templated layout that I only have to worry about in a single place... HOWEVER, I was a little concerned when my current project (soon to be announced) started requiring some simple authentication. I foolishly jumped in and thought I'd brew my own quick auth scheme and bypass all that out-of-the-box overkill that comes with the asp.net framework. I have to admit I made it pretty far, and came up with a slick solution from scratch that didn't take long to throw together. (I actually did take quite a bit from the .Text source, and from some reflected studies of the FormsAuthentication namespace) I worked entirely off the false assumption that FormsAuthentication can't authenticate User Controls independently from it's parent page.
It's easy to secure a user control in Forms Authentication. Here's the simplest possible web.config to accomplish securing a user control.
<xml version="1.0" encoding="utf-8" ?>
<configuration>
<location path="securecontrol.ascx">
<system.web>
<authorization>
<deny users="?" />
<authorization>
<system.web>
<location>
<configuration>
Print | posted on Friday, August 20, 2004 11:15 PM