Forms Authentication question: How to have some pages open and some requiring forms authentication

Discussion in 'ASP .Net' started by Eric, Feb 13, 2004.

  1. Eric

    Eric Guest

    I am trying to build an app where the stuff in the root directory is open to
    all, but anything under the Restricted directory requires you to login and I
    want to use Forms to do it. I'm having trouble getting the web.config to
    work properly.

    First I tried to have a second web.config in the sub directory with
    authentication and authorization set to forms, but it blew up.
    Next, I tried to modify the root web.config in the following manner wanting
    it to only force a login when trying to navigate into the sub directory but
    it takes me to the login right away:
    I thought setting the path to the sub directory would restrict it to pages
    in the sub directory but it's not working.
    <authentication mode="Forms" >

    <forms loginUrl="FormsAuthenticated/login1.aspx" name="AuthCookie"
    timeout="60" path="/FormsAuthenticated"></forms>

    </authentication>



    <authorization>

    <deny users="?" />

    <allow users="*" />

    </authorization>
     
    Eric, Feb 13, 2004
    #1
    1. Advertising

  2. Eric

    Dan Guest

    Try this:

    In your root web.config

    <authentication mode="Forms">
    <forms name="MyAuth" loginUrl="/public/Login.aspx" protection="All"
    timeout="60" />
    </authentication>

    Then, in your secure folder, add a web.config which contains just this:

    <configuration>
    <system.web>
    <authorization>
    <deny users="?" />
    </authorization>
    </system.web>
    </configuration>

    Hope this helps, Dan.


    "Eric" <> wrote in message
    news:_b_Wb.15845$IF1.8766@fed1read01...
    > I am trying to build an app where the stuff in the root directory is open

    to
    > all, but anything under the Restricted directory requires you to login and

    I
    > want to use Forms to do it. I'm having trouble getting the web.config to
    > work properly.
    >
    > First I tried to have a second web.config in the sub directory with
    > authentication and authorization set to forms, but it blew up.
    > Next, I tried to modify the root web.config in the following manner

    wanting
    > it to only force a login when trying to navigate into the sub directory

    but
    > it takes me to the login right away:
    > I thought setting the path to the sub directory would restrict it to pages
    > in the sub directory but it's not working.
    > <authentication mode="Forms" >
    >
    > <forms loginUrl="FormsAuthenticated/login1.aspx" name="AuthCookie"
    > timeout="60" path="/FormsAuthenticated"></forms>
    >
    > </authentication>
    >
    >
    >
    > <authorization>
    >
    > <deny users="?" />
    >
    > <allow users="*" />
    >
    > </authorization>
    >
    >
    >
    >
    >
    >
     
    Dan, Feb 13, 2004
    #2
    1. Advertising

  3. Eric

    Tommy Guest

    For each ASP.NET web application, you can only set the authentication
    in the root Web.Config. However, each subfolder can have a Web.Config
    with different authorization settings.

    This is what I would do. Keep the Forms authentication settings in the
    root Web.Config. In the root Web.Config, set the "Authorization" to
    allow all access.

    <authorization>
    <allow users="*" /> <!-- Allow all users -->
    </authorization>

    Now, for folders that you want to restrict access, create a Web.Config
    that contains only the "Authorization" section, and deny anonymous
    access.

    <authorization>
    <deny users="?" />
    <allow users="*" /> <!-- Allow all users -->
    </authorization>

    Now, the forms authentication will only restrict access to files with
    extensions that are mapped to the ASP.NET ISAPI DLL. All other file
    extensions will not be protected by the forms authentication.

    For example, the forms authentication will protect .aspx files, but
    not .htm files. To protect files with non-ASP.NET extensions, you can
    go to the IIS manager, and map the file extension you want to protect
    to the ASP.NET ISAPI DLL.

    For example, if you want to protect .htm files with forms
    authentication, you would map the .htm file extenstion to the ASP.NET
    ISAPI DLL.

    Tommy,

    "Eric" <> wrote in message news:<_b_Wb.15845$IF1.8766@fed1read01>...
    > I am trying to build an app where the stuff in the root directory is open to
    > all, but anything under the Restricted directory requires you to login and I
    > want to use Forms to do it. I'm having trouble getting the web.config to
    > work properly.
    >
    > First I tried to have a second web.config in the sub directory with
    > authentication and authorization set to forms, but it blew up.
    > Next, I tried to modify the root web.config in the following manner wanting
    > it to only force a login when trying to navigate into the sub directory but
    > it takes me to the login right away:
    > I thought setting the path to the sub directory would restrict it to pages
    > in the sub directory but it's not working.
    > <authentication mode="Forms" >
    >
    > <forms loginUrl="FormsAuthenticated/login1.aspx" name="AuthCookie"
    > timeout="60" path="/FormsAuthenticated"></forms>
    >
    > </authentication>
    >
    >
    >
    > <authorization>
    >
    > <deny users="?" />
    >
    > <allow users="*" />
    >
    > </authorization>
     
    Tommy, Feb 13, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matt
    Replies:
    0
    Views:
    342
  2. dolphin
    Replies:
    3
    Views:
    384
    rossum
    Mar 9, 2007
  3. Homer J. Simpson
    Replies:
    1
    Views:
    352
    Homer J. Simpson
    Aug 29, 2007
  4. Mek
    Replies:
    1
    Views:
    169
    Nicole Calinoiu
    May 7, 2005
  5. sajuptpm
    Replies:
    3
    Views:
    458
    Saju M
    Jan 29, 2013
Loading...

Share This Page