centdevs
asked on
Forms Authentication - Web.config - Location path
I am trying to leave my home page unprotected, with certain sub directories protected (see code below). The location sections of my web.config are not working. The whole site is unprotected. Can I get around putting an additional web.config in the subdirectories and making those applications? Isn't this supposed to work the way I have it?
<authentication mode="Forms">
<forms cookieless="UseCookies" loginUrl="~/login.aspx"
defaultUrl="~/default.aspx" timeout="2" slidingExpiration="true"
name=".ASPXFORMSAUTH"/>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
<location path="~/protected">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
include a web.config in the protected directory and allow acccess to only authenticated users
I dont think you need the location element in your root web.config
I dont think you need the location element in your root web.config
ASKER
I have that specified in my protected folder (and removed the location sections), but my problem remains the same (see my second comment) about locating the login.aspx file that is in my root application.
<?xml version="1.0"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Fra mework\v2. x\Config
-->
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<!--
The section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<forms defaultUrl="default.aspx" loginUrl="login.aspx">
</forms>
<!--
The section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<!--LOOK HERE, NO ~/ in this path thats why yours is not working -->
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Fra
-->
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<!--
The section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<forms defaultUrl="default.aspx" loginUrl="login.aspx">
</forms>
<!--
The section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
-->
<!--LOOK HERE, NO ~/ in this path thats why yours is not working -->
ASKER
No but what I'm saying is that I removed that section. I dont' have that in my web.config anymore.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, but the web.config that is in the subfolder? What needs to be specified there?
You dont any web.config in the sub folder
this whole thing is in the root web.config
this whole thing is in the root web.config
ASKER
In my second post though I said, it's already setup on production that way so I have to keep that web.config....
so? just delete the authentication and autherization settings from the web.config and use the root's
ASKER
I mirrored the setup on my development machine. I made the folder an application, and I also added a wildcard handler for the asp pages (I'm trying to apply the forms auth to the asp pages too). I'm getting an error now though , the web.config file from the root application has the forms authentication loginURL is ~/login.aspx. The nested web.config can't find this file because the subfolder is now setup as an application. It's looking for subfolder/login.aspx rather than root/login.aspx How can I get this new application to see the pathed files in the root application?