Erm, your english is not to perfect, please explain what you exactly want.

If you want a form authentification script, the best thing is to write one yourself wich uses Acces databases and cookies. This is quite secure and gives alot of control on your users and user-states (banned, ipbanned, so on).

Writing one is quite a task (a secure one, not a If this Then that one), but once it is finished, it works as a dream. Include statements at each page or a couple of functions will do the job.

The best security in .net is the built in one i think look for articles on using web.config in .net

Mart

thanks for your reply but i havent got to my answer.

for example :

i have 5 file in my application:

admin.aspx,login.aspx,order.aspx,showitem.aspx,default.aspx

and i use form authentication to authenticate user.

but only the admin.aspx and order.aspx need authenticate user and for just this file user must authenticate and for other file all user can see them.

how can i do that?

thanx

Alright, the best thing to do is to write a custom script. This is not very difficult, but the code depents on how many users there will be.

For example, if you only have 1 user, administrator in this case, you can simply use `If ... Then` statements. If you have more users and want to add and delete users in admin.aspx, you will need an Acces database (or SQL, but I preffer Acces (*.mdb)).

You still havent got an answer, so I'll trie and write a little code here, with a admin users, who can acces the admin.aspx, and regular users, who can acces the order.aspx.

Step 1:    Create a Acces database with two tables (tblAdmin, tblUsers)

Step 2:    Set a password for the Acces database

Step 3:    Upload the database in a directory called /Databases (or something like that)

Step 4:    Create two new files, order.aspx and admin.aspx

 - Now, you can choose between code-behind or in-line coded pages, I choose code-behind, but that's just because VS.net wants that. You can use this code in regular pages by using <script runat="server" lanugage="vb">

Step 5:   // Content of Order.aspx.vb (code behind)

Import System.Data
Import System.Data.OleDb

'The page designer code is left out, so this is not something to cut and paste

Sub Page_Load (ByVal e As System.Eventargs, (I forgot the rest..))

Dim myCookie as HttpCookie

'Check if the user is loggedin

myCookie = HttpContext.Current.Request.Cookies("something")

Try

     If myCookie.Item("loggedin").ToString() = "-10--10" Then
        'User is loggedin, show the page
        Response.WriteFile("order_content.aspx.txt")
     Else
        'User is not loggedin, show the login page
        Response.Redirect("Login.aspx")
     End If
Catch
     'Cookie doesn't exists (so he's not loggedin)
     Response.Redirect("Login.aspx")
End Try

End Sub

// Content Login.aspx (No code behind here! This is just a plain page)

<form action="Check_Login.aspx" method="POST">
<input type="textbox" name="txtUsername" value="Username">
<br>
<input type="password" name="txtPassword" value="...">
<br>
<br>
<input type="submit" value="Login to Order.aspx">
</form>

// Content Check_Login.aspx

<%@ runat="server" language="vb" %>
<%@ Import namespace="System.Data"%>
<%@ Import namespace="System.Data.OleDb"%>

<script runat="server" language="vb">

Sub Page_Load(...)

Dim myConn as OleDbConnection
Dim myDataAdapter as OleDbDataAdapter
Dim sqlStr as String, connStr as String

connStr = // Connection String here, look at http://www.connectionstrings.com - www.connectionstrings.com
myConn = New OleDbConnection(connStr)
myConn.Open

sqlStr = "SELECT * from tblUsers where username = '" & Request.Form("txtUsername") & "' And password = '" & Request.Form("txtPassword") & "'"
myDataAdapter = New OleDbDataAdapter(sqlStr, myConn)

If myDataAdapter.SelectCommand.ExecuteReader.Read.ToString() = False Then

    'Data isn't right
    Response.Redirect("Login.aspx")
    myConn.Close

Else

     'Data matches a user in the tblUsers
     Dim myCookie as HttpCookie
     myCookie = HttpContext.Response.Cookies("something")

     myCookie.Item("loggedin") = "-10--10"
     myCookie.Expires = Date() + 300
     Response.Redirect("Order.aspx")
     myConn.Close

End If

End Sub


The same thing is for the admin.aspx plus a couple of designer stuff. Now, I just wrote this in a few minutes, so don't trust it that much, it's just to give you an example of the way it works, if it works at all: the cookies are totaly different in ASP.Net, so some errors there I guess.

So don't reply if there is an error in it: I KNOW!

You can also use the web.config to authenticate, this is the most easy thing to do. Create a new directory (2 in the example, admin, order) and 2 web.config files.

Now, add the users wich will be allowed or denied in the web.config's and see what happens. I'm just a n00b in asp.net, but this looks quite good