Forms Authentication question: How to have some pages open and some requiring forms authentication

02-13-2004

I am trying to build an app where the stuff in the root directory is open to
all, but anything under the Restricted directory requires you to login and I
want to use Forms to do it. I'm having trouble getting the web.config to
work properly.

First I tried to have a second web.config in the sub directory with
authentication and authorization set to forms, but it blew up.
Next, I tried to modify the root web.config in the following manner wanting
it to only force a login when trying to navigate into the sub directory but
it takes me to the login right away:
I thought setting the path to the sub directory would restrict it to pages
in the sub directory but it's not working.
<authentication mode="Forms" >

<forms loginUrl="FormsAuthenticated/login1.aspx" name="AuthCookie"
timeout="60" path="/FormsAuthenticated"></forms>

</authentication>

<authorization>

<deny users="?" />

<allow users="*" />

</authorization>

02-13-2004

Try this:

In your root web.config

<authentication mode="Forms">
<forms name="MyAuth" loginUrl="/public/Login.aspx" protection="All"
timeout="60" />
</authentication>

Then, in your secure folder, add a web.config which contains just this:

<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

Hope this helps, Dan.

"Eric" <> wrote in message
news:_b_Wb.15845$IF1.8766@fed1read01...
> I am trying to build an app where the stuff in the root directory is open
to
> all, but anything under the Restricted directory requires you to login and
I
> want to use Forms to do it. I'm having trouble getting the web.config to
> work properly.
>
> First I tried to have a second web.config in the sub directory with
> authentication and authorization set to forms, but it blew up.
> Next, I tried to modify the root web.config in the following manner
wanting
> it to only force a login when trying to navigate into the sub directory
but
> it takes me to the login right away:
> I thought setting the path to the sub directory would restrict it to pages
> in the sub directory but it's not working.
> <authentication mode="Forms" >
>
> <forms loginUrl="FormsAuthenticated/login1.aspx" name="AuthCookie"
> timeout="60" path="/FormsAuthenticated"></forms>
>
> </authentication>
>
>
>
> <authorization>
>
> <deny users="?" />
>
> <allow users="*" />
>
> </authorization>
>
>
>
>
>
>

02-13-2004

For each ASP.NET web application, you can only set the authentication
in the root Web.Config. However, each subfolder can have a Web.Config
with different authorization settings.

This is what I would do. Keep the Forms authentication settings in the
root Web.Config. In the root Web.Config, set the "Authorization" to
allow all access.

<authorization>
<allow users="*" /> 
</authorization>

Now, for folders that you want to restrict access, create a Web.Config
that contains only the "Authorization" section, and deny anonymous
access.

<authorization>
<deny users="?" />
<allow users="*" /> 
</authorization>

Now, the forms authentication will only restrict access to files with
extensions that are mapped to the ASP.NET ISAPI DLL. All other file
extensions will not be protected by the forms authentication.

For example, the forms authentication will protect .aspx files, but
not .htm files. To protect files with non-ASP.NET extensions, you can
go to the IIS manager, and map the file extension you want to protect
to the ASP.NET ISAPI DLL.

For example, if you want to protect .htm files with forms
authentication, you would map the .htm file extenstion to the ASP.NET
ISAPI DLL.

Tommy,

"Eric" <> wrote in message news:<_b_Wb.15845$IF1.8766@fed1read01>...
> I am trying to build an app where the stuff in the root directory is open to
> all, but anything under the Restricted directory requires you to login and I
> want to use Forms to do it. I'm having trouble getting the web.config to
> work properly.
>
> First I tried to have a second web.config in the sub directory with
> authentication and authorization set to forms, but it blew up.
> Next, I tried to modify the root web.config in the following manner wanting
> it to only force a login when trying to navigate into the sub directory but
> it takes me to the login right away:
> I thought setting the path to the sub directory would restrict it to pages
> in the sub directory but it's not working.
> <authentication mode="Forms" >
>
> <forms loginUrl="FormsAuthenticated/login1.aspx" name="AuthCookie"
> timeout="60" path="/FormsAuthenticated"></forms>
>
> </authentication>
>
>
>
> <authorization>
>
> <deny users="?" />
>
> <allow users="*" />
>
> </authorization>

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
python: HTTP connections through a proxy server requiring authentication	sajuptpm	Python	3	01-29-2013 06:50 AM
Cisco 4402, Web Authentication function without requiring logins	tyndareus	Cisco	1	03-28-2009 04:52 PM
Requiring login - enforce for individual pages instead of folder?	Homer J. Simpson	ASP .Net	1	08-29-2007 06:52 PM
Unable to open Web project after requiring SSL	Mek	ASP .Net Security	1	05-07-2005 01:16 PM
Retrieving if current request is for a resource requiring authentication	Matt	ASP .Net	0	06-30-2004 11:57 AM