protecting two different folders with forms authentication

A

Adam

I have an asp.net site for which I want to protect two different folders
(for arguments sake, call them "members" and "admin").

I'm reading username and password info from a database, which is working
fine. My problem is that I can't see how, using the web.config file, I can
specify which login page each folder uses.

Part of my web.config in the root looks like:

<authentication mode = "Forms" >
<forms loginUrl = "login.aspx"
name = ".ASPXAUTH"
protection="All"
timeout="10"
path="/"
/>

(with an <allow users="?" />).

And in both the /admin and /members directory, it looks like:

<authorization>
<deny users="?" />
</authorization>

So when I try to access a aspx file in /admin, I get redirected to
/login.aspx. However, if I also want to protect the /members directory, how
do I configure it? At the moment, it's using the same session var
(.ASPXAUTH) for both types of login.

Currently, I also have a web.config in /members, but it looks the same as
the one in /admin, so when the user tries to access either the /members or
/admin directory they are redirected to /login.aspx. I want to members to
be redirected to members.login.aspx, and admin to redirect to
admin.login.aspx.

I hope that makes sense! I'm having problems explaining myself! :)

TIA,
A.
 
B

Brock Allen

The <authorization?> settings in web.config affect all files and subfolders
by default wiht the same settings. If you want to change the settings fort
a specific file or directory you can use the <location> element:

<configuration>
<system.web></system.web>
<location path="SomeSubDir">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
<authorization>
</system.web>
</location>
</configuration>
 
A

Adam

Excellent. Thanks Brock.

A.


Brock Allen said:
The <authorization?> settings in web.config affect all files and
subfolders by default wiht the same settings. If you want to change the
settings fort a specific file or directory you can use the <location>
element:

<configuration>
<system.web></system.web>
<location path="SomeSubDir">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
<authorization>
</system.web>
</location>
</configuration>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,480
Members
44,900
Latest member
Nell636132

Latest Threads

Top