| Installation and Setup > Security Best Practices > Web.config Authentication Parameters |
Web.config Authentication Parameters
|
Related Topics: AppConfig Security | ControlScan Partner | Data Encryption Security Best Practices | Security Coding Practices | Using SSL |
In general, you will not need to understand, or alter what we have in our web.config files. A short explanation is given below. Consult your favorite ASP.NET documentation source for additional information on the settings, values, capabilities, and policies regarding ASP.NET security.
AspDotNetStorefront uses .NET Forms Authentication as of version 4.0. Consult the .NET documentation for full details.
Authentication is controlled by the <authentication> tag in the appplications web.config file.
<authentication mode="Forms"> <forms name="ASPDNSFGUID" loginUrl="SignIn.aspx" timeout="60" /> </authentication>Forms Authentication allows the developer to control access to files and directories via the <authorization> tags in web.config. This can be used control access to download files for greater security. See the download section for more details.
The admin site, in particular, is fairly restrictive on preventing access by users who are not logged in as administrators.
System Requirements | Security Best Practices | Support & Upgrade Contracts | Downloads | Contact Us
Copyright © 1995-2006 All rights reserved.