Forms Authentication for single directory

Discussion in 'ASP .Net' started by Sean, Nov 14, 2008.

  1. Sean

    Sean Guest

    Hi, I've taken over a website, which has an admin section that is
    currently open. I added Forms Authentication to the admin directory
    with the using the location section in web.config:

    <location path="admin">
    <system.web>
    <customErrors mode="Off"/>
    <authentication mode="Forms">
    <forms name=".COOKIEDEMO" loginUrl="login.aspx"
    protection="All" timeout="60" path="/">
    <credentials passwordFormat="Clear">
    <user name="login1" password="password1"/>
    <user name="login2" password="password2"/>
    </credentials>
    </forms>
    </authentication>
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>
    </location>

    To get this to work for a single directory, I had to use IIS and turn
    the directory into a web app. This makes the authentication work
    correctly, however it breaks all the existing code in admin.

    My question is this: Is there a way to use Forms Authentication for a
    single directory of a web site, WITHOUT running the directory as a
    separate web app? I can't seem to find any documentation on
    protecting a single directory.

    Thanks in advance. - Sean
     
    Sean, Nov 14, 2008
    #1
    1. Advertising

  2. Sean

    brians[MCSD] Guest

    Hi Sean,

    I think I did something a while ago which sounds like what you're trying to
    do and got it to work without turning the admin directory into it's own web
    application. I forget the exact steps but in the web.config I have:
    ....
    <location path="Admin">
    <system.web>
    <authorization>
    <allow users="user1"/>
    <deny users="*"/>
    </authorization>
    </system.web>
    </location>
    ....
    <authentication mode="Forms">
    <forms loginUrl="RoleLogin.aspx" protection="None" timeout="30" path="/">
    <credentials passwordFormat="Clear">
    <user name = "user1" password = "password1" /?
    </credentials>
    </forms>
    </authentication>
    <authorization>
    <allow users="*"/>
    </authorization>
    .....
    At the time I was doing this website, I ran across across an article which I
    think did a nice job of walking through the <location/> element. I think this
    is the article:
    http://www.theserverside.net/tt/articles/showarticle.tss?id=FormAuthentication (like I said it was a while ago).

    Eventually, I changed things so that I used the SqlMembership provider and
    roles to manage access to assets on the website. A nice improvement.

    For things which have to do with ASP.NET Security, Membership, and Roles
    check out the this book - Professional ASP.NET 2.0 Security, Membership, and
    Role Management by Stefan Schackow.

    --
    brians
    http://www.limbertech.com


    "Sean" wrote:

    > Hi, I've taken over a website, which has an admin section that is
    > currently open. I added Forms Authentication to the admin directory
    > with the using the location section in web.config:
    >
    > <location path="admin">
    > <system.web>
    > <customErrors mode="Off"/>
    > <authentication mode="Forms">
    > <forms name=".COOKIEDEMO" loginUrl="login.aspx"
    > protection="All" timeout="60" path="/">
    > <credentials passwordFormat="Clear">
    > <user name="login1" password="password1"/>
    > <user name="login2" password="password2"/>
    > </credentials>
    > </forms>
    > </authentication>
    > <authorization>
    > <deny users="?" />
    > </authorization>
    > </system.web>
    > </location>
    >
    > To get this to work for a single directory, I had to use IIS and turn
    > the directory into a web app. This makes the authentication work
    > correctly, however it breaks all the existing code in admin.
    >
    > My question is this: Is there a way to use Forms Authentication for a
    > single directory of a web site, WITHOUT running the directory as a
    > separate web app? I can't seem to find any documentation on
    > protecting a single directory.
    >
    > Thanks in advance. - Sean
    >
     
    brians[MCSD], Nov 14, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,568
    Tommy
    Feb 13, 2004
  2. UJ
    Replies:
    1
    Views:
    587
    Steve C. Orr [MVP, MCSD]
    Jul 20, 2005
  3. jct

    Forms Authentication - Single Sign-On

    jct, Jan 18, 2005, in forum: ASP .Net Security
    Replies:
    0
    Views:
    182
  4. Keltex
    Replies:
    1
    Views:
    454
    Dominick Baier [DevelopMentor]
    Jan 24, 2006
  5. Eric
    Replies:
    2
    Views:
    649
Loading...

Share This Page