web.config and location...

Discussion in 'ASP .Net' started by Natan, Apr 15, 2004.

  1. Natan

    Natan Guest

    I have an directory structure like this:

    localhost/site/myapp
    localhost/site/myapp/author/
    localhost/site/myapp/revisor/
    localhost/site/myapp/editor/
    localhost/site/myapp/admin/

    myapp is an application and is where my web.config is located. I must
    create 4 completely separated areas for authors, revisors, and editor
    and an admin. The 4 areas will be completely different, so i put each of
    them in a different folder.

    So, each of the 4 folders have a login form, the user authenticates and
    can do his job. I am trying to use the Form Authentication that ASP.NET
    provides, but i don`t want an user authenticated for "author" to have
    access to "revisor" area... or an "editor" have access to "admin". there
    are no privilegies, no admin will access author area. So each folder
    will have it`s own authentication.

    I tried this:

    [localhost/site/myapp/web.config]
    <configuration>
    <location path="author">
    <authentication mode="Forms">
    <forms name="AUTHOR_AUTH" loginUrl="~/author/login.aspx" />
    </authentication>
    <authorization>
    <deny users="?">
    </authorization>
    </location>

    <location path="revisor">
    <authentication mode="Forms">
    <forms name="REVISOR_AUTH" loginUrl="~/revisor/login.aspx" />
    </authentication>
    <authorization>
    <deny users="?">
    </authorization>
    </location>

    <and etc="... =)"/>
    </configuration>

    but it`s not redirecting to the login page.. i can enter any folder
    always. I don`t know if my web.config is wrong, or Windows
    Authentication comes first to authorize...

    anyone can help?
    thanks...
    Natan, Apr 15, 2004
    #1
    1. Advertising

  2. Natan

    Curt_C [MVP] Guest

    you can only have one auth method per site/vd.
    You will have to create each with its own virtual dir if you want it to have
    it's own auth
    Otherwise, have them login at the top level, and control auth based on
    groups,id's,etc

    --
    Curt Christianson
    Owner/Lead Developer, DF-Software
    www.Darkfalz.com


    "Natan" <> wrote in message
    news:...
    > I have an directory structure like this:
    >
    > localhost/site/myapp
    > localhost/site/myapp/author/
    > localhost/site/myapp/revisor/
    > localhost/site/myapp/editor/
    > localhost/site/myapp/admin/
    >
    > myapp is an application and is where my web.config is located. I must
    > create 4 completely separated areas for authors, revisors, and editor
    > and an admin. The 4 areas will be completely different, so i put each of
    > them in a different folder.
    >
    > So, each of the 4 folders have a login form, the user authenticates and
    > can do his job. I am trying to use the Form Authentication that ASP.NET
    > provides, but i don`t want an user authenticated for "author" to have
    > access to "revisor" area... or an "editor" have access to "admin". there
    > are no privilegies, no admin will access author area. So each folder
    > will have it`s own authentication.
    >
    > I tried this:
    >
    > [localhost/site/myapp/web.config]
    > <configuration>
    > <location path="author">
    > <authentication mode="Forms">
    > <forms name="AUTHOR_AUTH" loginUrl="~/author/login.aspx" />
    > </authentication>
    > <authorization>
    > <deny users="?">
    > </authorization>
    > </location>
    >
    > <location path="revisor">
    > <authentication mode="Forms">
    > <forms name="REVISOR_AUTH" loginUrl="~/revisor/login.aspx" />
    > </authentication>
    > <authorization>
    > <deny users="?">
    > </authorization>
    > </location>
    >
    > <and etc="... =)"/>
    > </configuration>
    >
    > but it`s not redirecting to the login page.. i can enter any folder
    > always. I don`t know if my web.config is wrong, or Windows
    > Authentication comes first to authorize...
    >
    > anyone can help?
    > thanks...
    Curt_C [MVP], Apr 15, 2004
    #2
    1. Advertising

  3. Natan

    Natan Guest

    Curt_C [MVP] wrote:
    > you can only have one auth method per site/vd.
    > You will have to create each with its own virtual dir if you want it to have
    > it's own auth
    > Otherwise, have them login at the top level, and control auth based on
    > groups,id's,etc


    what prevents an app from having multiple logins, if you have the
    "location" tag to specify different configs for different directories
    and the cookie path can be changed?

    And how do i disable windows authentication in my app?
    Natan, Apr 15, 2004
    #3
  4. Natan

    Curt_C [MVP] Guest

    web.config wont allow it, it's part of the asp.net framework I believe. ONE
    auth type per "site/vd". You can override/exclude/include but you can't set
    multiple types

    --
    Curt Christianson
    Owner/Lead Developer, DF-Software
    www.Darkfalz.com


    "Natan" <> wrote in message
    news:%...
    > Curt_C [MVP] wrote:
    > > you can only have one auth method per site/vd.
    > > You will have to create each with its own virtual dir if you want it to

    have
    > > it's own auth
    > > Otherwise, have them login at the top level, and control auth based on
    > > groups,id's,etc

    >
    > what prevents an app from having multiple logins, if you have the
    > "location" tag to specify different configs for different directories
    > and the cookie path can be changed?
    >
    > And how do i disable windows authentication in my app?
    Curt_C [MVP], Apr 15, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Benny Ng
    Replies:
    9
    Views:
    9,938
    Benny Ng
    Oct 13, 2005
  2. ABC
    Replies:
    1
    Views:
    796
    Richard Dudley
    Oct 24, 2005
  3. CSharpner
    Replies:
    0
    Views:
    1,010
    CSharpner
    Apr 9, 2007
  4. Grant Harmeyer

    Web.Config and subdirectory *location* security

    Grant Harmeyer, Jul 20, 2004, in forum: ASP .Net Security
    Replies:
    2
    Views:
    213
    Grant Harmeyer
    Jul 21, 2004
  5. ABC
    Replies:
    1
    Views:
    363
    Patrick.O.Ige
    Oct 31, 2005
Loading...

Share This Page