Configuring Login and Security Settings

One of the primary security decisions to be made for a Cartella instance is whether or not to require users to log in. You can tailor Cartella login and security settings by modifying values contained in Cartella.config.

Cartella session state settings, including the timeout value, are configured in the .NET Framework under which the application runs. To learn more about configuring the ASP.NET session state, see sessionState Element (ASP.NET Settings Schema).
To set login parameters:
  1. Navigate to [Site_Root].
  2. Open Cartella.config in a text editor.
  3. Within <SiteSettings>, locate the <add> elements with the following @name values:
    • RequireLogin
    • UseRememberMe
    • RememberMePeriod
    • RememberMePeriodInterval
        <!-- RequireLogin determines if public pages are visible to users who are not logged in with a Cartella account. 
            If true, public views are no longer available to anonymous users. Login is required for all requests. 
            If false (default), no login displays and site is immediately accessible to all users. -->
        <add name="RequireLogin" value="true" />
        <!-- If true, password will be stored in a cookie. If false, password is not stored. -->
        <add name="UseRememberMe" value="true" />
        <!-- RememberMePeriod value represents the number of units in the period. Fractional values are supported. -->
        <add name="RememberMePeriod" value="30" />
        <!-- Interval for RememberMePeriod value. 
            Its valid options are Days, Hours, and Minutes. 
            If no interval is provided, the default is Days. -->
        <add name="RememberMePeriodInterval" value="Days" />
  4. To change how users enter your Cartella site, adjust the @value field of the <add> element, where the @name value is RequireLogin.
    Default is false.
    • If false, the site will be visible to all users without an initial login.
    • If true, the site will be visible only to logged-in users.
  5. To store login credentials in a cookie, set UseRememberMe to true.
    To disable login cookies, set RememberMePeriod to an empty value.
    Remembered login credentials make it easier for users to log back into Cartella, but it also means that a public computer, such as one found in a library, retains the sessions associated with users. This increases the risk of an unauthorized user gaining access.
  6. To indicate the time period that credentials will be stored, set RememberMePeriod to a number.
  7. To indicate the time interval of the RememberMePeriod value, set the value of RememberMePeriodInterval to Days, Hours, or Minutes.
    If no interval is provided, the default is Days.
  8. Save Cartella.config.

Next Steps: Recycle the Cartella site application pool in IIS in order for your changes to take effect, immediately.


Related Topics