Possible to secure non-mojoportal page?

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
8/26/2010 3:30:57 PM
Jerry McCreary
Gravatar
Total Posts 63
View Posts
Jerry McCreary
SureFire Studios, Inc.

Possible to secure non-mojoportal page?

I have a sub-directory on my site with a page that is not part of mojoportal. 
For example mysite.com/myfolder/default.aspx

Is it possible and practical to secure the files in the directory "myfolder" using the mojoportal authentication?

Or do I need to set that directory as a new application starting point?

(If possible, can you point me in the right direction?)

Thanks.

8/27/2010 6:25:59 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Possible to secure non-mojoportal page?

mojoPortal pages enforce role security with its own code but cannot affect non-mojoportal custom page code.

However, ASP.NET has ways you can protect that page based on roles. You can put another Web.config file (a minimal one, not a copy of the mojoportal Web.config), and from there you can set allowed roles in the <authorization section.

There are lots of tutorials on the web if you search for "protect folder forms authentication" or "forms authentication location", these are example articles that should help.

http://www.codedigest.com/CodeDigest/14-Controlling-Access-to-Folders-in-FormsAuthentication-using-location-Element.aspx

and

http://www.theserverside.net/tt/articles/showarticle.tss?id=FormAuthentication

note that you could do it from the mojoPortal Web.config using a <location element, but the advantage of just using a separate Web.config file in your folder is that you don't have to maintain this customization in the mojoPortal Web.config during upgrades.

Hope it helps,

Joe

8/27/2010 6:34:41 AM
Jerry McCreary
Gravatar
Total Posts 63
View Posts
Jerry McCreary
SureFire Studios, Inc.

Re: Possible to secure non-mojoportal page?

This is the direction I needed.

Thank you.

You must sign in to post in the forums. This thread is closed to new posts.