Form authentication for subfolders only

  • Thread starter Maziar Aflatoun
  • Start date
M

Maziar Aflatoun

Hi,

I'm trying to protect one of my subfolders from Web.config file in my root
folder. Here is my directory structure

/ // My shopping cart
/admin // Shopping cart admin which needs to be protected

Now in my Web.config how can I protect just the /admin folder (which is not
a virtual directory) it's simply a folder in my / folder?

I tried

<authentication mode="Forms">
<forms name="CartAdmin" loginUrl="admin/Login.aspx" timeout="30"
protection="All" path="/admin" />
</authentication>
<authorization>
<deny users="?" />
</authorization>

but it doesn't work. Even when you try to access files in my / folder it
redirects you to my /admin/login.aspx file

Thank you
Maz
 
C

Curt_C [MVP]

look into the <location> tag for the web.config. This type of thing is what
it's for.
Allows you to override things on a per file (and possibly dir) level.
 
J

John Saunders

Maziar Aflatoun said:
Hi,

I'm trying to protect one of my subfolders from Web.config file in my root
folder. Here is my directory structure

/ // My shopping cart
/admin // Shopping cart admin which needs to be protected

Now in my Web.config how can I protect just the /admin folder (which is not
a virtual directory) it's simply a folder in my / folder?

I tried

<authentication mode="Forms">
<forms name="CartAdmin" loginUrl="admin/Login.aspx" timeout="30"
protection="All" path="/admin" />
</authentication>
<authorization>
<deny users="?" />
</authorization>

but it doesn't work. Even when you try to access files in my / folder it
redirects you to my /admin/login.aspx file
Click to expand...

Take a look at the <location> element:

<configuration>
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
<location path="/admin">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
 
M

Maziar Aflatoun

I did add the following lines to my Web.config
<location path="/admin">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

But now it says,
Error while trying to run project: Unable to start debugging on web
server....etc.

Any idea why?

thanks
Maz.
 
J

John Saunders

Maziar Aflatoun said:
I did add the following lines to my Web.config
<location path="/admin">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>

But now it says,
Error while trying to run project: Unable to start debugging on web
server....etc.

Any idea why?
Click to expand...

I have no idea at all. Did you put the <location> tag at the end of the
web.config, just before the </configuration> tag? That's where I usually put
it. Also, try changing the deny to allow and see what happens.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms Authentication for single directory 1
subfolders/security 2
Forms Authentication not Redirecting 1
HELP !!! forms authentication ! 2
protecting two different folders with forms authentication 2
Trouble with forms authentication 7
Form based authentication for a web aplication in subdirectory 1
Form authentication & multiple login pages 0

Members online

No members online now.
Total: 38 (members: 1, guests: 37)
Robots: 198

Forum statistics

Threads
473,767
Messages
2,569,570
Members
45,045
Latest member
DRCM

Latest Threads

Top