how can I restrict access to all files in a folder without web.config

I need to restric access to my admin folder to certain people. Those with no authentication ticket should be redirectere开发者_高级运维d to a "not allowed page". How do I identify all pages in my admin folder. I have so far but is it OK?

If url.Contains("/admin") Then

'If authentication ticket incorrect then

        `Response.Redirect("~/notallowed_admin.aspx")`

End If

And not, I cannot use my web.config for this particular issue.

Many thanks

You should put the security check to Global.asax

Also, it would be wise to replace you condition with more precise match by regexp to avoid occasional mismatches.

    protected override void Application_BeginRequest(Object sender, EventArgs e) {
        if (Regex.IsMatch(Request.Url.ToString(),@".*/system\.aspx/admin.*\.aspx",RegexOptions.IgnoreCase)) {
            Response.Redirect("~/AdminSecurityCheck.aspx");
            return;
        }
        .......
    }

If url.contains("/admin") should be sufficient in most cases. Most programmers would find it to be a bit if a KLUDGE, though.

You could also write an abstract class to inherit from the Page class which contains the code to check the authorization and then redirect. Then, you could declare the classes for all the code-behind files in the admin folder to inherit the class.

I believe that yes, what you want to do is possible, though anything you do will be a bit of a KLUDGE form a .net point of view because web.config is what MS provides to specify how to do authorization.