I'm using webmatrix, razor, c#. I've created a web site for friends, it's on godaddy. I've created web pages to upload or delete images for the gallery, they work ok on webmatrix on my laptop, but get an "access denied" error with godaddy, understandably since I'm an anonymous user.
Godaddy says it is doing windows authentication and the godaddy gui shows me the folders and the user accounts and their permissions.
Can anyone tell me please how to keep the rest of the web site anonymous but to do this with the web pages which amend the gallery: 1. some kind of authentication to get into 2. they also authenticate to godaddy so they have permissions to create/delete files in the relevant folders
I can't see how the WebSecurity class can help. I've read that by default it creates its own database of user accounts, so this could achieve 1, but not 2. I've also read that it can be configured to use windows authentication instead of its own database, but that to do this anonymous access must be disabled.
I'd be grateful for any help, I certainly am stuck. For anyone kind enough to reply, please bear in mind I'm not a web developer, I'm a server admin!
I'm not sure if you're attempting to allow the end users to go to their galleries using GoDaddy AND thru the website. That sounds like a difficult security challenge.
One approach is to only allow the web application to have access to all the files and folders on the server. Then you can forget about Windows authentication. Have the users authenticate using the WebSecurity classes and pages.
_PageStart.cshtml is a file whose code runs everytime a page is opened by a user. In there you can put code which controls who has access including anonymous activity. For example, users are always allowed to go to the account pages in the account folder, because that's where they sign in. So they are still anonymous before signing in. The code is simple:
// You're always allowed to go to the login pages
if ( Request.RawUrl.StartsWith( "/Account") )
{
return;
}
If the code returns from here and doesn't take any other action, the page will open normally.