Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Protected folder with forms authentication

Reply
Thread Tools

Protected folder with forms authentication

 
 
Harley
Guest
Posts: n/a
 
      07-27-2003
i have a VB.NET ASP.NET application. the front end is working fine, and know
im developing the manager options. this options have to be in a subfolder
server.com/manager.
how do i protect only that subfolder and its sub-sub-folders?
i thought setting the path param in the authentication - forms section of
web.config to path="/manager" will work.... but its not working.
everything works ok when i set the path to "/", so there is no problem with
the code... but i protect the whole site...
any help?


 
Reply With Quote
 
 
 
 
Teemu Keiski
Guest
Posts: n/a
 
      07-28-2003
First,In the <system.web> section of the main application folder's
web.config file specify authorization to allow access to the main folder.

<authorization>
<allow users="*" />
</authorization>

Now all users, despite are they authenticated or not, can access the main
folder(could be <allow users="?" /> as well)

Second: Outside the web.config file's <system.web> element but inside
<configuration> element, create a <location> tag that matches the subfolder.
i.e this can be set in the main web.config file.

<location path="manager">
<system.web>
<authorization>
<deny users="?" />
</athorization>
</system.web>
</location>

This should prevent unauthenticated users from accessing the subfolder. You
can again refine this for pages in the subfolder, if such is needed, with
the relevant syntax for the path attribute say:
path="manager/specificpage.aspx" and so on.

Hope this helps.

--
Teemu Keiski
MCP, Designer/Developer
Mansoft tietotekniikka Oy
http://www.mansoft.fi

AspInsiders Member, www.aspinsiders.com
ASP.NET Forums Moderator, www.asp.net
AspAlliance Columnist, www.aspalliance.com




"Harley" <harleyobrien%40hotmail.com> wrote in message
news:(E-Mail Removed)...
> i have a VB.NET ASP.NET application. the front end is working fine, and

know
> im developing the manager options. this options have to be in a subfolder
> server.com/manager.
> how do i protect only that subfolder and its sub-sub-folders?
> i thought setting the path param in the authentication - forms section of
> web.config to path="/manager" will work.... but its not working.
> everything works ok when i set the path to "/", so there is no problem

with
> the code... but i protect the whole site...
> any help?
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I allow access to axd files in a protected folder (forms authentication) Alan Silver ASP .Net 0 02-27-2008 09:06 AM
Best practices for using forms authentication and security in a hosted env (was: Re: Using a Forms authentication in a shared hosting environment) JEFF ASP .Net 1 11-12-2007 07:00 PM
forms authentication -- expired forms cookie vs. not provided forms cookie Eric ASP .Net Security 2 01-27-2006 10:09 PM
File Types not protected by Forms Authentication MatthewRoberts ASP .Net 4 06-17-2005 04:50 PM
Forms Authentication question: How to have some pages open and some requiring forms authentication Eric ASP .Net 2 02-13-2004 02:14 PM



Advertisments