Role based security in ASP.NET 2.0 web application
Posted on 2006-06-23
I know this has prbably been asked a million times here but i can't find any examples the help me resolve my issue. I am trying to enable security on an ASP.NET 2.0 web project i am working on. I want to have types of roles; Admin, Users. I have the DB piece all worked out and have the login process finished. I want to only allow the admin's to access to certain pages and restrict the other users from being able to get to these pages. I have read here that the one way of doing this is to create an "admin" subfolder withing the site and put all of the "admin only" pages in that folder and the create a web.config file for that folder and place the web.config in the /admin folder.
What should the admin web.config file contain? I have included the following authorization info.
When I run the app i get the following: "Error 131 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS."
I copied the main web.config file to the admin folder and added the above code. Do I have more that i need in the admin config file?
Any help would be really appreciated.