Form authentication for subfolders only

Discussion in 'ASP .Net' started by Maziar Aflatoun, Jul 2, 2004.

  1. Hi,

    I'm trying to protect one of my subfolders from Web.config file in my root
    folder. Here is my directory structure

    / // My shopping cart
    /admin // Shopping cart admin which needs to be protected

    Now in my Web.config how can I protect just the /admin folder (which is not
    a virtual directory) it's simply a folder in my / folder?

    I tried

    <authentication mode="Forms">
    <forms name="CartAdmin" loginUrl="admin/Login.aspx" timeout="30"
    protection="All" path="/admin" />
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>

    but it doesn't work. Even when you try to access files in my / folder it
    redirects you to my /admin/login.aspx file

    Thank you
    Maz
     
    Maziar Aflatoun, Jul 2, 2004
    #1
    1. Advertising

  2. Maziar Aflatoun

    Curt_C [MVP] Guest

    look into the <location> tag for the web.config. This type of thing is what
    it's for.
    Allows you to override things on a per file (and possibly dir) level.

    --
    Curt Christianson
    Owner/Lead Developer, DF-Software
    Site: http://www.Darkfalz.com
    Blog: http://blog.Darkfalz.com


    "Maziar Aflatoun" <> wrote in message
    news:VZdFc.6896$...
    > Hi,
    >
    > I'm trying to protect one of my subfolders from Web.config file in my root
    > folder. Here is my directory structure
    >
    > / // My shopping cart
    > /admin // Shopping cart admin which needs to be protected
    >
    > Now in my Web.config how can I protect just the /admin folder (which is

    not
    > a virtual directory) it's simply a folder in my / folder?
    >
    > I tried
    >
    > <authentication mode="Forms">
    > <forms name="CartAdmin" loginUrl="admin/Login.aspx" timeout="30"
    > protection="All" path="/admin" />
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    >
    > but it doesn't work. Even when you try to access files in my / folder it
    > redirects you to my /admin/login.aspx file
    >
    > Thank you
    > Maz
    >
    >
    >
     
    Curt_C [MVP], Jul 2, 2004
    #2
    1. Advertising

  3. "Maziar Aflatoun" <> wrote in message
    news:VZdFc.6896$...
    > Hi,
    >
    > I'm trying to protect one of my subfolders from Web.config file in my root
    > folder. Here is my directory structure
    >
    > / // My shopping cart
    > /admin // Shopping cart admin which needs to be protected
    >
    > Now in my Web.config how can I protect just the /admin folder (which is

    not
    > a virtual directory) it's simply a folder in my / folder?
    >
    > I tried
    >
    > <authentication mode="Forms">
    > <forms name="CartAdmin" loginUrl="admin/Login.aspx" timeout="30"
    > protection="All" path="/admin" />
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    >
    > but it doesn't work. Even when you try to access files in my / folder it
    > redirects you to my /admin/login.aspx file


    Take a look at the <location> element:

    <configuration>
    <system.web>
    <authorization>
    <allow users="*"/>
    </authorization>
    </system.web>
    <location path="/admin">
    <system.web>
    <authorization>
    <deny users="?"/>
    </authorization>
    </system.web>
    </location>
    </configuration>
    --
    John Saunders
    johnwsaundersiii at hotmail
     
    John Saunders, Jul 2, 2004
    #3
  4. I did add the following lines to my Web.config
    <location path="/admin">
    <system.web>
    <authorization>
    <deny users="?"/>
    </authorization>
    </system.web>
    </location>

    But now it says,
    Error while trying to run project: Unable to start debugging on web
    server....etc.

    Any idea why?

    thanks
    Maz.


    "John Saunders" <> wrote in message
    news:%...
    > "Maziar Aflatoun" <> wrote in message
    > news:VZdFc.6896$...
    >> Hi,
    >>
    >> I'm trying to protect one of my subfolders from Web.config file in my
    >> root
    >> folder. Here is my directory structure
    >>
    >> / // My shopping cart
    >> /admin // Shopping cart admin which needs to be protected
    >>
    >> Now in my Web.config how can I protect just the /admin folder (which is

    > not
    >> a virtual directory) it's simply a folder in my / folder?
    >>
    >> I tried
    >>
    >> <authentication mode="Forms">
    >> <forms name="CartAdmin" loginUrl="admin/Login.aspx" timeout="30"
    >> protection="All" path="/admin" />
    >> </authentication>
    >> <authorization>
    >> <deny users="?" />
    >> </authorization>
    >>
    >> but it doesn't work. Even when you try to access files in my / folder it
    >> redirects you to my /admin/login.aspx file

    >
    > Take a look at the <location> element:
    >
    > <configuration>
    > <system.web>
    > <authorization>
    > <allow users="*"/>
    > </authorization>
    > </system.web>
    > <location path="/admin">
    > <system.web>
    > <authorization>
    > <deny users="?"/>
    > </authorization>
    > </system.web>
    > </location>
    > </configuration>
    > --
    > John Saunders
    > johnwsaundersiii at hotmail
    >
    >
     
    Maziar Aflatoun, Jul 2, 2004
    #4
  5. "Maziar Aflatoun" <> wrote in message
    news:aXiFc.842$...
    > I did add the following lines to my Web.config
    > <location path="/admin">
    > <system.web>
    > <authorization>
    > <deny users="?"/>
    > </authorization>
    > </system.web>
    > </location>
    >
    > But now it says,
    > Error while trying to run project: Unable to start debugging on web
    > server....etc.
    >
    > Any idea why?


    I have no idea at all. Did you put the <location> tag at the end of the
    web.config, just before the </configuration> tag? That's where I usually put
    it. Also, try changing the deny to allow and see what happens.
    --
    John Saunders
    johnwsaundersiii at hotmail
     
    John Saunders, Jul 2, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Stan
    Replies:
    1
    Views:
    591
    Jacob Yang [MSFT]
    Oct 20, 2003
  2. TK
    Replies:
    3
    Views:
    398
    Jim Cheshire [MSFT]
    Jul 14, 2004
  3. Guest
    Replies:
    4
    Views:
    902
    Eliyahu Goldin
    Jan 4, 2005
  4. dotosu

    authentication and authorization in subfolders

    dotosu, Jul 17, 2003, in forum: ASP .Net Security
    Replies:
    1
    Views:
    158
    Teemu Keiski
    Jul 17, 2003
  5. JTR

    Forms Authentication w/SubFolders

    JTR, Jul 29, 2003, in forum: ASP .Net Security
    Replies:
    7
    Views:
    183
    Joel Finkel
    Aug 20, 2003
Loading...

Share This Page