Troubled authentication in subdirectories

[Benton]

Hi there,

I want to have an unrestricted root directory and some protected
subdirectories on my ASP.NET 2.0 application. I want each subdirectory to
have its own Login.aspx page.

The following article is a good start, but it uses a single Login.aspx
located in the root directory to protect a subdirectory:

http://www.theserverside.net/tt/articles/showarticle.tss?id=FormAuthentication

The technique described in the article uses a "location" section in
web.config, where a custom "system.web" section is defined for the protected
subdirectory.

Now if I put the "authentication mode" section inside this custom
"system.web" for the subdirectory (so I can define the subdirectory Login
page), I get a compiler error on the "authentication" section:

Error 1 It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS. D:\WebSites\RegencyWeb\web.config 42

If I put the "authentication" section in the root "system.web" (outside of
the location's "system.web") then the application compiles fine, but I'm
limited to a single Login.aspx for the application.

So how can I solve this?

Thanks for any insight,

-Benton

 

[Mark Fitzpatrick]

You can only have one authentication section in a web application. You don't
solve this, it's by design. The only thing you can do is alter the login
page based upon where the user is coming from, ie: which subdirectory. The
only other way is to make the subdirectories their own independent
application spaces. Of course, you can specify whatever authorization
limitations you want in the specific subdirectories, that doesn't matter,
just keeping in mind there can only be one authentication section and one
logon page.