protecting two different folders with forms authentication

Discussion in 'ASP .Net' started by Adam, Mar 26, 2005.

  1. Adam

    Adam Guest

    I have an asp.net site for which I want to protect two different folders
    (for arguments sake, call them "members" and "admin").

    I'm reading username and password info from a database, which is working
    fine. My problem is that I can't see how, using the web.config file, I can
    specify which login page each folder uses.

    Part of my web.config in the root looks like:

    <authentication mode = "Forms" >
    <forms loginUrl = "login.aspx"
    name = ".ASPXAUTH"
    protection="All"
    timeout="10"
    path="/"
    />

    (with an <allow users="?" />).

    And in both the /admin and /members directory, it looks like:

    <authorization>
    <deny users="?" />
    </authorization>

    So when I try to access a aspx file in /admin, I get redirected to
    /login.aspx. However, if I also want to protect the /members directory, how
    do I configure it? At the moment, it's using the same session var
    (.ASPXAUTH) for both types of login.

    Currently, I also have a web.config in /members, but it looks the same as
    the one in /admin, so when the user tries to access either the /members or
    /admin directory they are redirected to /login.aspx. I want to members to
    be redirected to members.login.aspx, and admin to redirect to
    admin.login.aspx.

    I hope that makes sense! I'm having problems explaining myself! :)

    TIA,
    A.
     
    Adam, Mar 26, 2005
    #1
    1. Advertising

  2. Adam

    Brock Allen Guest

    The <authorization?> settings in web.config affect all files and subfolders
    by default wiht the same settings. If you want to change the settings fort
    a specific file or directory you can use the <location> element:

    <configuration>
    <system.web></system.web>
    <location path="SomeSubDir">
    <system.web>
    <authorization>
    <allow roles="Admin" />
    <deny users="*" />
    <authorization>
    </system.web>
    </location>
    </configuration>

    -Brock
    DevelopMentor
    http://staff.develop.com/ballen



    > I have an asp.net site for which I want to protect two different
    > folders (for arguments sake, call them "members" and "admin").
    >
    > I'm reading username and password info from a database, which is
    > working fine. My problem is that I can't see how, using the
    > web.config file, I can specify which login page each folder uses.
    >
    > Part of my web.config in the root looks like:
    >
    > <authentication mode = "Forms" >
    > <forms loginUrl = "login.aspx"
    > name = ".ASPXAUTH"
    > protection="All"
    > timeout="10"
    > path="/"
    > />
    > (with an <allow users="?" />).
    >
    > And in both the /admin and /members directory, it looks like:
    >
    > <authorization>
    > <deny users="?" />
    > </authorization>
    > So when I try to access a aspx file in /admin, I get redirected to
    > /login.aspx. However, if I also want to protect the /members
    > directory, how do I configure it? At the moment, it's using the same
    > session var (.ASPXAUTH) for both types of login.
    >
    > Currently, I also have a web.config in /members, but it looks the same
    > as the one in /admin, so when the user tries to access either the
    > /members or /admin directory they are redirected to /login.aspx. I
    > want to members to be redirected to members.login.aspx, and admin to
    > redirect to admin.login.aspx.
    >
    > I hope that makes sense! I'm having problems explaining myself! :)
    >
    > TIA,
    > A.
     
    Brock Allen, Mar 27, 2005
    #2
    1. Advertising

  3. Adam

    Adam Guest

    Excellent. Thanks Brock.

    A.


    "Brock Allen" <> wrote in message
    news:...
    > The <authorization?> settings in web.config affect all files and
    > subfolders by default wiht the same settings. If you want to change the
    > settings fort a specific file or directory you can use the <location>
    > element:
    >
    > <configuration>
    > <system.web></system.web>
    > <location path="SomeSubDir">
    > <system.web>
    > <authorization>
    > <allow roles="Admin" />
    > <deny users="*" />
    > <authorization>
    > </system.web>
    > </location>
    > </configuration>
    >
    > -Brock
    > DevelopMentor
    > http://staff.develop.com/ballen
    >
    >
    >
    >> I have an asp.net site for which I want to protect two different
    >> folders (for arguments sake, call them "members" and "admin").
    >>
    >> I'm reading username and password info from a database, which is
    >> working fine. My problem is that I can't see how, using the
    >> web.config file, I can specify which login page each folder uses.
    >>
    >> Part of my web.config in the root looks like:
    >>
    >> <authentication mode = "Forms" >
    >> <forms loginUrl = "login.aspx"
    >> name = ".ASPXAUTH"
    >> protection="All"
    >> timeout="10"
    >> path="/"
    >> />
    >> (with an <allow users="?" />).
    >>
    >> And in both the /admin and /members directory, it looks like:
    >>
    >> <authorization>
    >> <deny users="?" />
    >> </authorization>
    >> So when I try to access a aspx file in /admin, I get redirected to
    >> /login.aspx. However, if I also want to protect the /members
    >> directory, how do I configure it? At the moment, it's using the same
    >> session var (.ASPXAUTH) for both types of login.
    >>
    >> Currently, I also have a web.config in /members, but it looks the same
    >> as the one in /admin, so when the user tries to access either the
    >> /members or /admin directory they are redirected to /login.aspx. I
    >> want to members to be redirected to members.login.aspx, and admin to
    >> redirect to admin.login.aspx.
    >>
    >> I hope that makes sense! I'm having problems explaining myself! :)
    >>
    >> TIA,
    >> A.

    >
    >
    >
     
    Adam, Mar 27, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mike Kingscott

    Protecting PDFs with Forms Authentication?

    Mike Kingscott, Jun 21, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    471
    Mike Kingscott
    Jun 22, 2004
  2. Walter W
    Replies:
    0
    Views:
    494
    Walter W
    Jul 22, 2005
  3. Bruce
    Replies:
    5
    Views:
    194
    Joseph MCAD
    Apr 11, 2005
  4. Eric
    Replies:
    2
    Views:
    575
  5. Replies:
    6
    Views:
    93
    Thomas 'PointedEars' Lahn
    Apr 16, 2006
Loading...

Share This Page