Protected folder with forms authentication

[Harley]

i have a VB.NET ASP.NET application. the front end is working fine, and know
im developing the manager options. this options have to be in a subfolder
server.com/manager.
how do i protect only that subfolder and its sub-sub-folders?
i thought setting the path param in the authentication - forms section of
web.config to path="/manager" will work.... but its not working.
everything works ok when i set the path to "/", so there is no problem with
the code... but i protect the whole site...
any help?

 

[Teemu Keiski]

First,In the <system.web> section of the main application folder's
web.config file specify authorization to allow access to the main folder.

<authorization>
<allow users="*" />
</authorization>

Now all users, despite are they authenticated or not, can access the main
folder(could be <allow users="?" /> as well)

Second: Outside the web.config file's <system.web> element but inside
<configuration> element, create a <location> tag that matches the subfolder.
i.e this can be set in the main web.config file.

<location path="manager">
<system.web>
<authorization>
<deny users="?" />
</athorization>
</system.web>
</location>

This should prevent unauthenticated users from accessing the subfolder. You
can again refine this for pages in the subfolder, if such is needed, with
the relevant syntax for the path attribute say:
path="manager/specificpage.aspx" and so on.

Hope this helps.

--
Teemu Keiski
MCP, Designer/Developer
Mansoft tietotekniikka Oy
http://www.mansoft.fi

AspInsiders Member, www.aspinsiders.com
ASP.NET Forums Moderator, www.asp.net
AspAlliance Columnist, www.aspalliance.com