hi there,
I had a few problems with forms authentication a while ago but got some help in fixing it. Now I have a question with regards to multiple loginurl's, i did ask this in my previous question but it wasn't really fair as it is separate to that question... here we go................
My App (running on same domain name) has 2 entrance security points i.e.
Admin (which is the Security Main Admin for system administrators)
Useradmin (which is like a control panel for individual users)
Currently I have one main web.config in the root which has the Forms AUthentication enabled etc
and then I have another web.config in the Admin directory which is where I was testing. I will put it below as it isn't large the one in the admin
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
It works great! But the problem is that in the Admin directory I want anyone trying to use a page there to be presented with /Admin/Login.aspx and it does as the loginurl etc is in the main web.config in the root
But if somebody goes to a page under /UserAdmin then I want them to be presented with a completely different loginurl i.e. /UserAdmin/login.aspx
It does'nt, it uses the loginurl of Admin..... My reason for wanting this is because I need a different login screen and the logic behind it is different too.
Previously I did try putting the loginurl in the web.config in the Admin dir etc but this was the reason of my last problem.. We discovered i needed a cut down version of the web.config that goes in the other directories as per above (see above web.config)
Can anybody suggest a work around or something? Or indeed can it be done?
I am placing below the web.config of the root, its larger than the one above... Just for information.
Thanks in advance
Ian
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb information)
into the compiled page. Because this creates a larger file that executes
more slowly, you should set this value to true only when debugging and to
false at all other times. For more information, refer to the documentation about
debugging ASP.NET files.
-->
<compilation
defaultLanguage="c#"
debug="true"
/>
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not running
on the local Web server. This setting is recommended for security purposes, so
that you do not display application detail information to remote clients.
-->
<customErrors
mode="Off"
/>
<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows",
"Forms", "Passport" and "None"
"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
its settings for the application. Anonymous access must be disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter their credentials, and then
you authenticate them in your application. A user credential token is stored in a cookie.
"Passport" Authentication is performed via a centralized authentication service provided
by Microsoft that offers a single logon and core profile services for member sites.
-->
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Admin/Login.aspx
" />
</authentication>
<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<allow users="*" /> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page within an application.
Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
trace information will be displayed at the bottom of each page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your web application
root.
-->
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcp
ip=127.0.0
.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_C
onnection=
yes"
cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>
</system.web>
</configuration>
View the Solution FREE for 7 Days
