This project is read-only.
Drop the library into your Bin directory and grab the relevant pieces from the demo web app’s web.config (I think I made them all bold).  I’ll expand on this by v1.0 time, but I’m more focused on the code at the moment.
<?xml version="1.0"?>
<configuration>
    <configSections>
        <sectionGroup name="sholo.web">
            <section name="statefulFormsAuthentication" type="Sholo.Web.Security.Configuration.StatefulFormsAuthenticationConfiguration, Sholo.Web.Security" />
        </sectionGroup>
    </configSections>
    <sholo.web>
        <!-- This will change as I get closer to 1.0 -->
        <statefulFormsAuthentication 
            maintainServerTicketStore="true"
            ticketStore="CacheTicketStore"
            enforceClientHostAddressValidation="true"
            minimumDelayOnSuspiciousRequest="1500"
            maximumDelayOnSuspiciousRequest="5000"
            minimumDelayOnMaliciousRequest="1500"
            maximumDelayOnMaliciousRequest="5000"
            minimumDelayOnCryptographicException="15000"
            maximumDelayOnCryptographicException="30000"
            hashSalt="YOU SHOULD CHANGE THIS ... S%OV6O7L7Dtuq@EEzSVfu9uWOWrn5DejYxakxcSeMW*JlS!X@hsfEJroei!L7@Z80LQ5^z8RbYRE1M@bwJGFnZSvikZtpvNVHcoDFl*$oY7%XNDBxvh6JbAIS93RI^j" />
        <!-- This will change as I get closer to 1.0 -->
    </sholo.web>
    <system.web>
        <!-- These are a bad idea -->
        <compilation debug="true" />
        <customErrors mode="Off" />
        <!-- /These are a bad idea -->

        <!-- You shouldn't share this with your friends... -->
        <machineKey validationKey="4E7CA1B0665106620A1B7848A7A6D06FCD4F9C1BC8B8149A6E5250671C16148A4CBA0027C186DC5DA52A2DA9E8D7FF379556FBC92AB23E6EF7516B9F090E680D" decryptionKey="F155A4848826DE4857C1027E9C379B81228CFBFF0AD4AAD58D1E22B961EFDF37" validation="SHA1" decryption="AES" />
        <!-- But if this works, they shouldn't be able to do anything FormsAuthn-related with it remotely anyway -->

        <!-- DON'T CACHE ROLES IN COOKIES ... I haven't looked into this yet. -->
        <roleManager defaultProvider="XmlRoleProvider" enabled="true" cacheRolesInCookie="false">
            <providers>
                <clear />
                <add applicationName="Demo" name="XmlRoleProvider" type="Artem.Web.Security.XmlRoleProvider, Artem.XmlProviders" />
            </providers>
        </roleManager>
        <!-- DON'T CACHE ROLES IN COOKIES ... I haven't looked into this yet. -->

        <authentication mode="Forms">
            <forms cookieless="UseCookies" defaultUrl="~/Default.aspx" loginUrl="~/Login.aspx" protection="All" slidingExpiration="true" timeout="30" />
        </authentication>

        <membership defaultProvider="XmlMembershipProvider">
            <providers>
                <clear />
                <add applicationName="Demo" name="XmlMembershipProvider" type="Artem.Web.Security.XmlMembershipProvider, Artem.XmlProviders" minRequiredPasswordLength="1" minRequiredNonAlphanumericCharacters="0" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" />
            </providers>
        </membership>
        
        <siteMap enabled="true" defaultProvider="XmlSiteMapProvider">
            <providers>
                <clear />
                <add name="XmlSiteMapProvider" type="System.Web.XmlSiteMapProvider" siteMapFile="Demo.sitemap" />
            </providers>
        </siteMap>
    </system.web>
    <system.webServer>
        <validation validateIntegratedModeConfiguration="false"/>
        <modules runAllManagedModulesForAllRequests="false">
            <add name="StatefulFormsAuthenticationModule" type="Sholo.Web.Security.EnhancedSecurityModule, Sholo.Web.Security, Version=0.5.0.0, Culture=neutral" preCondition="managedHandler" />
        </modules>
    </system.webServer>
    <location path="Users.aspx">
        <system.web>
            <authorization>
                <allow roles="Users,Administrators" />
                <deny users="*" />
            </authorization>
        </system.web>
    </location>
    <location path="Admins.aspx">
        <system.web>
            <authorization>
                <allow roles="Administrators" />
                <deny users="*" />
            </authorization>
        </system.web>
    </location>
</configuration>

Last edited Sep 24, 2010 at 8:59 PM by scottt732, version 3

Comments

No comments yet.