Added: April/20/2006 at 3:38pm | IP Logged

General Installation:

The ASPProtect.NET Authentication Add-On allows you to authenticate ASP.NET pages ".aspx" from the existing ASPProtect User Database.

This consists of an Authentication DLL that does most of the work and a few other files.



"/bin/aspprotect.authentication.dll"
This is the authentication dll.

web.config
An example "web.config" file. You can use this if you have no existing one or you can merge its sections with your existing web.config file. All of our configuration details are stored in this file. It also tells .NET how to run the FormsAuthentication the way we want it to.

aspplogin.aspx
This is the file ASP.NET will use for its forms authentication. This file is essentialy a simple login form that you can edit however you like.

protectpage.ascx
This is an ASP.NET control file. We reference this file in order to invoke page authentication on ".aspx" pages you want to protect

ASPPstyles.css
Style sheet stuff that "asplogin.aspx" uses. You can change the style sheet info all you like should you want to.

The ASPProtect.NET Authentication System is licensed Per Domain and a license key is involved. By default however the system will always run under http://localhost and http://127.0.0.1 so you will always be able to run it on local development servers without issue. Otherwise you need a domain license. I would also like to say I that I really spent a lot of time coming up with a licensing scenario that protected me yet was not too much of a hassle for the customer. The nice thing is even if you change hosting companies your license will still work and you can of course run it locally for development reasons as mentioned above.

Before we get started I want to say that it is Very Important that you or your hosting company get proper permissions set up on certain directories. This system can not work without them. They are nothing out of the ordinary for something like this, but I want to make it very clear that ultimately I have no control over them and it is your responsibility to understand that. This just can not work without proper permissions and unfortunately .NET permissions can be a bit of a pain sometimes especially on hosted 2003/208 servers. I will explain what these permissions are as best I can later on in these instructions.

Moving on:
Before you use the ASP.NET Authentication Add-On you need to get the Classic ASP Version 7 or 8 system running. Don't go any further until you have it working as it should.

Once that is done your going to want to copy the ASP.NET files into your web. Now, since we have a version compiled under ASP.NET 1.1 and a version compiled under ASP.NET 2.0 you may be wondering what the deal is. The deal is that in IIS under web site properties there is a way to specfy which version of ASP.NET the web site is associated with. If your web site is using 1.1 you can only use the 1.1 compliled version of the authentication dll. If your web site is associated with 2.0 I have found either version of the authentication dll usually can be used if 1.1 is installed though I say try using the 2.0 compiled version 1st. BTW: If your site is associated with 1.1 and you try to use the 2.0 authentication dll you will just get an error saying. Could not load type 'aspprotectauthentication.protectpage' (I would also like to mention that the only difference in the two downloads I offfer is the authentication DLL file and what version of .NET it was compiled under. The 1.1 Version was complied using Visual Studio 2003 and the 2.0 version under Visual Studio 2005.)

Below is a sceenshot of the IIS settings on a XP Pro Machine. WIndows 2003/2008 is similar.



Once you decide on a version the files can really go in any folder level but the root of the site is usually best. If you have been using .NET you probably already have a "/bin" folder and that is fine. Ultimately you probably want the classic asp system and the .net stuff all in the same "IS Application" If your wondering any directory level in your site can have its own web.config and /bin folder and they seem to overide the settings in a folder above it.

Now, your going to need to edit the "web.config" file accordingly. Everything in it is labeled with comments. You need to set up the data connection string like in the examples. You wil be connecting to the same database the classic asp system connects to so use the same info for the most part.

You'll also notice near the bottom of the web.config file this.

Your going to want to change the loginurl to a virtual path that is valid from all directories of your site.. for instance "/aspplogin.aspx" or "/somedirectory/aspplogin.aspx"

Now, the Authorization section in your web config needs to be as follows.

      <authorization>
        <allow users="*" />
      </authorization>

We want to allow all users because although we are using the built in FormsAuthentication features of ASP.NET as seen in the <forms /> tag... we will be protecting pages by inserting code that uses an ASP.NET control to invoke the authentication. This way it ends up working much like our classic ASP Authentication.

Now, if using an Access Database the folder the database is in is going to need Modify permissions for the ASPNET account and possibly the Network Services account. It should already have them for the Internet Guest Account.
http://support.cjwsoft.com/code/moreinfo136-1.htm
http://support.cjwsoft.com/code/moreinfo56-1.htm

If you use the logfile writing feature which is optional the logfiles folder needs the same permissions. BTW: you can use the same logfiles folder the classic asp version uses and both Classic ASP and ASP.NET will write to the same logfiles.

The bin folder which the Authetication dll goes in needs special permissions in order for the .NET dlls in it to do their thing. I found that I had to give the ASPNET account read permissions on my XP Development server but on my live 2003 Server I didn't have to do anything but create the folder and put the dll in it since it inherited sufficent permissions to do its thing.. If you already have a /bin folder in the the root of your site hopefully you hosting company has set it up correctly so just put the dll in there and only there. Basically if it is your server I can definetly help you get enough permissions set to get it working because you have full access, but on hosted servers your are counting on your hosts to make sure the folders get correct permissions when you ask.

Now, to test this download this page and put it in the same directory level as the "aspplogin.aspx" file.
2006-04-20_194557_testprotect.zip

Now try to run that page and try to log in as a valid user. If it works great. If not double check everything esecially the settings in the web.config and the permissions. If you still got issues post your questions in the forum and I will try to help.

If it did work you can copy some new files into the existing classic asp admin area. So copy the contents from the ASPProtect Authentication download. They are 3 files in a folder called "password_admin" and they go in the existing "password_admin" folder of your existing classic asp setup.

Now log in to the Classic ASP Admin area and go to the generate protection code section. You will now see that it generates code to protect your. ".aspx" pages as well.