How to make a website secured with https

Question

I have to build a small webapp for a company to maintain their business data... Only those within the company will be using it, but we are planning to host it in public dom

Answer 1

@balalakshmi mentioned about the correct authentication settings. Authentication is only half of the problem, the other half is authorization.

If you're using Forms Authentication and standard controls like there are a couple of things you'll need to do to ensure that only your authenticated users can access secured pages.

In web.config, under the section you'll need to disable anonymous access by default:

Any pages that will be accessed anonymously (such as the Login.aspx page itself) will need to have an override that re-allows anonymous access. This requires a element and must be located at the level (outside the section), like this:

Note that you'll also need to allow anonymous access to any style sheets or scripts that are used by the anonymous pages:

Be aware that the location's path attribute is relative to the web.config folder and cannot have a ~/ prefix, unlike most other path-type configuration attributes.