Using the Web Site Administration Tool

VWD ships with a new tool for managing many aspects of your Web application: the ASP.NET Web Site Administration Tool (hereafter, WSAT). To use the full (i.e., non-Express) edition of SQL Server you can run the ASP.NET SQL Server Setup Wizard (aspnet_regsql.exe in C:\Windows\Microsoft.NET\Framework\v2.0.xxxx). After running the wizard you will then need to change the Provider via the WSAT. You can also implement the Provider API for a custom data storage solution and use the WSAT to manage settings.

1. Open the LoginView Tasks menu and select Administer Website. This will launch the WSAT. (Alternatively you can select the Website | ASP.NET Configuration menu command.)

2. Click Security to set up roles, users and role assignments.

3. On the main Security page click Select Authentication Type. On the next page select From the Internet and then click Done. This changes the authentication type in the web.config file from "Windows" to "Forms".

To control access to your site's Admin folder you will enable roles and create a new "Administrator" role. This will only allow members of this role to have access to the secure area.

4. Click Enable roles. When the page posts back, click the now-enabled Create or Manage Roles link.

5. For New Role Name enter "Administrator", and then click Add Role. When the page posts back you should see tne new role listed in a new section below. Click Back.

You will now add two users, only one of whom will be assigned to the new Administrator role.

6. Click Create user. Complete the form as you see it below, using "Pa$$word!" as the password. Make sure to check the Administrator role. Click Create User, and then click Continue.

7. Add a second user as you see below, using the same password. Do not check the Administrator role. When created, click Continue, and then click Back to return to the main Security page.

You will now create access rules, which enforce the role assignments for the Admin folder.

8. Click Create access rules.

9. Click Create access rules. In the tree view select the Admin folder. For Permission select Allow, and then click OK.

10. Again, click Create access rules. For the Admin folder select Deny and then select All users. This will prevent all other users from accessing the Admin folder.

The Admin folder is now secure. It's important to realize that the rules are enforced in the order they were added. In other words, if you were to have added the second rule first no user would ever be able to enter the Admin folder. As it is now, anyone in the Administrator role can enter, but all others are denied access. The Manage Access Rules page allows you to move rules up and down, so if you enter them in the wrong order you can always make changes.

11. Click Manage access rules. You should see both rules. Notice the Move Up and Move Down buttons, which are enabled when you select a role. Close the WSAT.

Security for your site is now configured.