Role based security in ASP.NET 2.0 web application

I know this has prbably been asked a million times here but i can't find any examples the help me resolve my issue.  I am trying to enable security on an ASP.NET 2.0 web project i am working on.  I want to have types of roles; Admin, Users.   I have the DB piece all worked out and have the login process finished.  I want to only allow the admin's to access to certain pages and restrict the other users from being able to get to these pages.  I have read here that the one way of doing this is to create an "admin" subfolder withing the site and put all of the "admin only" pages in that folder and the create a web.config file for that folder and place the web.config in the /admin folder.

What should the admin web.config file contain?  I have included the following authorization info.

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

 When I run the app i get the following:  "Error 131 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS."            

I copied the main web.config file to the admin folder and added the above code.  Do I have more that i need in the admin config file?  

Any help would be really appreciated.  

Thanks,





Mike_StevensAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
YZlatConnect With a Mentor Commented:
dmake sure you remove <location> tag from web.config file in Admin directory
0
 
YZlatCommented:
1) in your web.config file do you have </location> closing tag?

2)in what section of your web.config did you put the following?

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

0
 
Mike_StevensAuthor Commented:
Yeah i do have the closing location tag.  The above is at the end of the web.config file between the </system.web> and the </configuration> tags
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
YZlatCommented:
what directory do you store your config file in?
0
 
YZlatCommented:
also, change path from

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

to

<location path="admin">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>
0
 
Mike_StevensAuthor Commented:
the config for the admin folder is in the admin folder.
0
 
YZlatCommented:
that's the problem in that case all you need in your config file (the one in admin folder) is this:

<configuration>
<system.web>

....


<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
</configuration>


Do you have another config file in the application directory?
0
 
Mike_StevensAuthor Commented:
Yes....their is one in the app_path as well.  That one has all of the configuration info
0
 
YZlatCommented:
another thing you can do is remove web.config file from Admin folder and add this section to the web.config file in the application directory:

<location path="admin">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>
</location>
0
All Courses

From novice to tech pro — start learning today.