Hooking Into Authorization and Authentication
This is probably the simplest part of the entire Web site. You can easily set up authorization and authentication on this Web site by using simple ASP.NET 2.0 concepts. Follow these steps:
|Figure 5: The Authentication page for the Web site.|
Adding Pages to the Web Site
- Add a new Web Form to your Web site based on the SiteMaster.master master page and call it authenticate.aspx.
- Drag an asp:Login control from the Toolbox to your Web Form. Use the autoformat feature to give it the look and feel of your choice. Figure 5 shows how your authenticate.aspx page should look at run time.
- Add the following sections to the web.config file for the site, under the System.Web section.
<forms loginUrl = "~/authenticate.aspx"/>
- This web.config tells ASP.NET that you'll use forms authentication, and that it the login page is authenticate.aspx. Also, the authorization section allows anonymous users to view the Web site. Note that even though anonymous users can view the Web site, they are not able to view the menu or set the WebPartManager in any other mode than Browse, because only users in the "Admin" role can see this menu. Other authenticated users can minimize or close Web Parts, but nothing else. You could easily disable even that, but I won't go into that for this article. You have already written code to display the admin menu for only admin users in the master page. Now you want to tell the Web Part framework that users in the "Admin" role can enter the Shared Scope. Add the following section to the System.Web element in the web.config file for the Web site.
<allow roles="Admin" verbs="enterSharedScope"/>
|Figure 6: The Web Site Administration Tool (WAT ).|
- With the site setup, now go ahead and administer the Web site using the WAT (Web Administration Tool) at http://<>/asp.netwebadminfiles/ as shown in Figure 6. Under the Security tab, make sure the authentication type is "Internet", add a few users, and add a role called "Admin." Also, make sure that at least one of your users is in the "Admin" role.
With setup completed for the basic site framework and the authentication mechanism, next you need to add two ASPX pages to the Web site.
- Add a page called default.aspx (see Listing 7) that will use the SiteMaster.master master page and define two WebPartZones.
- Add a page called contact.aspx to define only one WebPartZone, as shown in Listing 8.
|Figure 7: Default.aspx with nothing on it (yet).||
|Figure 8: Default.aspx in design mode, with nothing on it (yet).||
When you run the Web site, you should see a default.aspx
, as shown in Figure 7
. But when you go to authenticate.aspx
, authenticate to the Web site, and then choose the "Design" display mode from the menu on the right, the page then looks as shown in Figure 8
. Now if you wanted to add any Web Parts to the WebPartZone, those would have been available to add in the Catalog
display mode. Now I'll show you how to write the Web Parts.