Forms Authentication for particular folder

Discussion in 'ASP .Net Security' started by VIC, Jun 28, 2004.

  1. VIC

    VIC Guest

    Hi,

    I'm working on a webapplication, most part is for anonymous access, but for
    one part login is needed. All the files after login are in one particual
    folder: "/login".

    Usernames and passwords are stored in a tabel on SQL Server.
    The loginpage and Web.config are in the root of the web.

    I've tried several things but I don't get it work correctly.
    My code of checking against the table works correctly, I'm struggling with
    Web.config.

    The authentication section of Web.config is like:

    <authentication mode="Forms">
    <forms name="justaname"
    path="/"
    loginUrl="login.aspx"
    protection="All"
    timeout="20">
    </forms>
    </authentication>

    All I want to manage is to allow anonymous acces for the whole website,
    except the content of the subfolder "/login".
    Any help is appreciated, thanks!

    VicWare
    Email: info@vicREMOVE-MEware (spamblock)
     
    VIC, Jun 28, 2004
    #1
    1. Advertising

  2. VIC

    Ken Schaefer Guest

    You need to create a new <location> in your web.config and point it to your
    folder. Configure forms auth for that location only

    Cheers
    Ken


    "VIC" <> wrote in message
    news:40dfc41b$0$10303$...
    : Hi,
    :
    : I'm working on a webapplication, most part is for anonymous access, but
    for
    : one part login is needed. All the files after login are in one particual
    : folder: "/login".
    :
    : Usernames and passwords are stored in a tabel on SQL Server.
    : The loginpage and Web.config are in the root of the web.
    :
    : I've tried several things but I don't get it work correctly.
    : My code of checking against the table works correctly, I'm struggling with
    : Web.config.
    :
    : The authentication section of Web.config is like:
    :
    : <authentication mode="Forms">
    : <forms name="justaname"
    : path="/"
    : loginUrl="login.aspx"
    : protection="All"
    : timeout="20">
    : </forms>
    : </authentication>
    :
    : All I want to manage is to allow anonymous acces for the whole website,
    : except the content of the subfolder "/login".
    : Any help is appreciated, thanks!
    :
    : VicWare
    : Email: info@vicREMOVE-MEware (spamblock)
    :
    :
     
    Ken Schaefer, Jun 28, 2004
    #2
    1. Advertising

  3. VIC

    ranganh Guest

    Dear VIC,

    You need to add the following code to your web.config file.

    <location path="login">
    <system.web>
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>
    </location>

    Hope it helps.

    Thanks.


    "VIC" wrote:

    > Hi,
    >
    > I'm working on a webapplication, most part is for anonymous access, but for
    > one part login is needed. All the files after login are in one particual
    > folder: "/login".
    >
    > Usernames and passwords are stored in a tabel on SQL Server.
    > The loginpage and Web.config are in the root of the web.
    >
    > I've tried several things but I don't get it work correctly.
    > My code of checking against the table works correctly, I'm struggling with
    > Web.config.
    >
    > The authentication section of Web.config is like:
    >
    > <authentication mode="Forms">
    > <forms name="justaname"
    > path="/"
    > loginUrl="login.aspx"
    > protection="All"
    > timeout="20">
    > </forms>
    > </authentication>
    >
    > All I want to manage is to allow anonymous acces for the whole website,
    > except the content of the subfolder "/login".
    > Any help is appreciated, thanks!
    >
    > VicWare
    > Email: info@vicREMOVE-MEware (spamblock)
    >
    >
    >
     
    ranganh, Jun 28, 2004
    #3
  4. VIC

    VicWare Guest

    That works!
    Thanks a lot!

    Vic

    "VIC" <> schreef in bericht
    news:40dfc41b$0$10303$...
    > Hi,
    >
    > I'm working on a webapplication, most part is for anonymous access, but

    for
    > one part login is needed. All the files after login are in one particual
    > folder: "/login".
    >
    > Usernames and passwords are stored in a tabel on SQL Server.
    > The loginpage and Web.config are in the root of the web.
    >
    > I've tried several things but I don't get it work correctly.
    > My code of checking against the table works correctly, I'm struggling with
    > Web.config.
    >
    > The authentication section of Web.config is like:
    >
    > <authentication mode="Forms">
    > <forms name="justaname"
    > path="/"
    > loginUrl="login.aspx"
    > protection="All"
    > timeout="20">
    > </forms>
    > </authentication>
    >
    > All I want to manage is to allow anonymous acces for the whole website,
    > except the content of the subfolder "/login".
    > Any help is appreciated, thanks!
    >
    > VicWare
    > Email: info@vicREMOVE-MEware (spamblock)
    >
    >
     
    VicWare, Jun 28, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Paras Wadehra
    Replies:
    1
    Views:
    1,827
    =?Utf-8?B?U2F1cmFiaCBOYW5kdQ==?=
    Aug 15, 2004
  2. Eric
    Replies:
    2
    Views:
    1,544
    Tommy
    Feb 13, 2004
  3. Wiktor Zychla [C# MVP]

    cassini, forms authentication and application folder [2.0]

    Wiktor Zychla [C# MVP], Nov 21, 2005, in forum: ASP .Net
    Replies:
    2
    Views:
    2,894
    Wiktor Zychla [C# MVP]
    Nov 21, 2005
  4. Eric
    Replies:
    2
    Views:
    608
  5. Replies:
    5
    Views:
    214
Loading...

Share This Page