Securing a website section using Windows authentication

  Previous topic Next topic JavaScript is required for the print function Mail us feedback on this topic! Mail us feedback on this topic!  

It is also possible to secure only a certain section of your website using Windows authentication. In the following example, you will learn how to set the Products section of our sample Corporate site to be secured by the Windows authentication:

 

1. Locate your web project on the disk (typically c:\Inetpub\wwwroot\<web project>). Create a new directory in your web project's folder and give it the same name as the filename in the document's URL. In this case, the filename is Products.aspx, so we will create a folder named Products.

 

2. Open the IIS and locate the directory in the tree. Right click it and choose Properties.

 

devguide_clip1103

 

3. Switch to the Directory security tab and click the Edit button placed in the Anonymous access and authentication control section.

 

devguide_clip1104

 

4. Uncheck the Anonymous access check-box and click OK. Check the same setting for the root of the web and make sure that Anonymous access is allowed for it.

 

devguide_clip1105

 

5. Open the web.config file of your web project and change value of the mode attribute of the authentication tag to Windows. Also find the section marked with Windows authentication BEGIN and change the path parameter of the location tag to the name of the created directory, which will be Products in our case:

 

...

<authentication mode="Windows">

 

...

 

<!-- Windows authentication BEGIN -->

<location path="Products">

 <system.web>

   <authorization>

     <deny users="?"/>

     <allow users="*"/>

   </authorization>

 </system.web>

</location>

<!-- Windows authentication END -->

 

6. The authentication is now configured. If you try to access any of the menu items placed under the Products section, Windows authentication will be required. However, if you also want the authentication to be required for the Products main page (which is obviously not located under itself, hence requires no authentication now), you will have to use the following workaround.

 

Create a new page under the Products section, give it the same content as the main page has got and redirect the Products link in the menu to this new page. Because the new page is located under the Products section, windows authentication will be required for it.

 

devguide_clip0888

 

Page url: http://devnet.kentico.com/docs/5_5r2/devguide/index.html?securing_a_web_site_section_using_win_auth.htm