Using the Web Site Administration Tool
VWD ships with a new tool for managing many aspects of your Web application: the ASP.NET Web Site Administration Tool (hereafter, WSAT). To use the full (i.e., non-Express)
edition of SQL Server you can
run the ASP.NET SQL Server Setup Wizard (aspnet_regsql.exe
in C:\Windows\Microsoft.NET\Framework\v2.0.xxxx). After running the
wizard you will
then need to change the Provider via the WSAT. You can also implement the Provider API for a custom data storage solution and use the WSAT to manage settings.
1. Open the LoginView Tasks menu and select Administer
This will launch the WSAT. (Alternatively you can select the Website | ASP.NET
Configuration menu command.)
2. Click Security to set up
roles, users and role assignments.
3. On the main Security page click Select Authentication
Type. On the next page select From the Internet and
then click Done. This changes the authentication type in the web.config
file from "Windows" to "Forms".
To control access to your site's Admin folder you will enable roles and create a
new "Administrator" role. This will only allow members of this role to have access
to the secure area.
4. Click Enable roles. When the page posts back, click the now-enabled
Create or Manage Roles link.
5. For New Role Name enter "Administrator", and then click
Add Role. When the page posts back you should see tne new role
listed in a new section below. Click Back.
You will now add two users, only one of whom will be assigned to the new Administrator
6. Click Create user. Complete the form as you see it
below, using "Pa$$word!" as the password. Make sure to check the Administrator
role. Click Create User, and then click
7. Add a second user as you see below, using the same password. Do not check
the Administrator role. When created, click Continue,
and then click Back to return to the main Security page.
You will now create access rules, which enforce the role assignments for the Admin
8. Click Create access rules.
9. Click Create access rules. In the tree view select the Admin folder. For
Permission select Allow, and then click OK.
10. Again, click Create access rules. For the Admin
folder select Deny and then select
All users. This will prevent
all other users from accessing the Admin folder.
The Admin folder is now secure. It's important to realize that the rules are enforced
in the order they were added. In other words, if you were to have added the second
rule first no user would ever be able to enter the Admin folder. As it is now, anyone
in the Administrator role can enter, but all others are denied access. The Manage
Access Rules page allows you to move rules up and down, so if you enter them in
the wrong order you can always make changes.
11. Click Manage access rules. You should see both rules.
Notice the Move Up and Move Down buttons, which
are enabled when you select a role.
Close the WSAT.
Security for your site is now configured.