Protected folder with forms authentication

Discussion in 'ASP .Net Security' started by Harley, Jul 27, 2003.

  1. Harley

    Harley Guest

    i have a VB.NET ASP.NET application. the front end is working fine, and know
    im developing the manager options. this options have to be in a subfolder
    server.com/manager.
    how do i protect only that subfolder and its sub-sub-folders?
    i thought setting the path param in the authentication - forms section of
    web.config to path="/manager" will work.... but its not working.
    everything works ok when i set the path to "/", so there is no problem with
    the code... but i protect the whole site...
    any help?
    Harley, Jul 27, 2003
    #1
    1. Advertising

  2. Harley

    Teemu Keiski Guest

    First,In the <system.web> section of the main application folder's
    web.config file specify authorization to allow access to the main folder.

    <authorization>
    <allow users="*" />
    </authorization>

    Now all users, despite are they authenticated or not, can access the main
    folder(could be <allow users="?" /> as well)

    Second: Outside the web.config file's <system.web> element but inside
    <configuration> element, create a <location> tag that matches the subfolder.
    i.e this can be set in the main web.config file.

    <location path="manager">
    <system.web>
    <authorization>
    <deny users="?" />
    </athorization>
    </system.web>
    </location>

    This should prevent unauthenticated users from accessing the subfolder. You
    can again refine this for pages in the subfolder, if such is needed, with
    the relevant syntax for the path attribute say:
    path="manager/specificpage.aspx" and so on.

    Hope this helps.

    --
    Teemu Keiski
    MCP, Designer/Developer
    Mansoft tietotekniikka Oy
    http://www.mansoft.fi

    AspInsiders Member, www.aspinsiders.com
    ASP.NET Forums Moderator, www.asp.net
    AspAlliance Columnist, www.aspalliance.com




    "Harley" <harleyobrien%40hotmail.com> wrote in message
    news:...
    > i have a VB.NET ASP.NET application. the front end is working fine, and

    know
    > im developing the manager options. this options have to be in a subfolder
    > server.com/manager.
    > how do i protect only that subfolder and its sub-sub-folders?
    > i thought setting the path param in the authentication - forms section of
    > web.config to path="/manager" will work.... but its not working.
    > everything works ok when i set the path to "/", so there is no problem

    with
    > the code... but i protect the whole site...
    > any help?
    >
    >
    Teemu Keiski, Jul 28, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Eric
    Replies:
    2
    Views:
    1,457
    Tommy
    Feb 13, 2004
  2. MatthewRoberts
    Replies:
    4
    Views:
    872
    MatthewRoberts
    Jun 17, 2005
  3. RMA
    Replies:
    4
    Views:
    319
    Alexey Smirnov
    May 15, 2007
  4. Alan Silver
    Replies:
    0
    Views:
    383
    Alan Silver
    Feb 27, 2008
  5. Eric
    Replies:
    2
    Views:
    498
Loading...

Share This Page