Securing Sections of Site

[MikeD]

Hello,

I'm trying to work out the approved method of securing sections of my site.
The site consists of two areas, one available to everyone and the other only
availble to those who know the password. I'm using forms authentication
located within the webconfig to control this, but i'm running into problems.

Is it possible to indicate within the webconfig file which pages should be
protected? My other options i've tried so far are to include a subfolder
within the project (i'm using VS.NET) but that causes me problems with the
InheritsFrom statement at the top of the aspx page as it seems to have
trouble referencing a subfolder or something. And I've tried including a
second project for the secure part of the site with it's own webconfig file,
but it says that I can't then use user controls saved in the unsecure part
of the site.

Is there an approved method of how to go about setting up secure and
unsecure areas within a solution?

Cheers,

<M>ike

 

[MikeD]

It seems that the <location> tag in the webconfig file is the answer. But
does any one know if you need to explicitly deny access to the sub folder
before or after the general allow rule?

<M>ike

 

[karimL]

Hi Mike,
my site is like this :
root
-protect
--admin
-picts
.....
at the root location all access in protect directory and subdirs need
authentication...
if this can help you...



here's my config file

<configuration>
<system.web>

<authentication mode="Forms" >
<forms name=".XAUTH" loginUrl="protect/login.aspx" protection="All"
path="/PPLIB" slidingExpiration="false" timeout="30"/>
</authentication>

<authorization>
<allow users ="*" />
</authorization>

</system.web>

<location path="protect">
<system.web>
<authorization>
<deny users ="?" />
</authorization>
</system.web>
</location>

</configuration>

this should work...

Karim

MikeD a écrit:

 

[MikeD]

Merci Karim,

Following your example and amending it for my situation worked perfectly.

Thanks,

<M>ike