how to limit authorization in admin subfolder from web.config

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Frenny Thomas (frenchien_at_yahoo.com)
Date: 08/26/04

Next message: Robin Patra: "Re: Security setting in Web.config file."
Previous message: Jason Zhou: "Password protected certificate"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 25 Aug 2004 20:01:41 -0700

I'm in quite of a dilemma, and for the first time: all the articles and
discussion forums on the 'net hasn't helped me get rid of my page errors
:(

I have my web.config file in the root directory. I have a subdirectory
called /admin/ underneath it. I want all users to be able to view any
page in the root directory. If a user tries to access any page in the
/admin/ subfolder, I want him/her to be redirected to a login page
(located in the subfolder itself).

I have tried two methods of doing the job, but neither have worked. Can
anyone give me any suggestions/explanations??

Method 1
------------------------------------------------------------------------
--------
<configuration>
   <system.web>
       <customErrors mode="Off"/>
       <compilation debug="true"/>
       <authorization>
         <allow users="*"/>
       </authorization>
   </system.web>

</location>

</configuration>

Method 2 [After I moved the login.aspx page back up to the root
directory]
------------------------------------------------------------------------
--------
<configuration>
        <system.web>
                <customErrors mode="Off" />
                <compilation debug="true" />
                <authentication mode="Forms">
                        <forms name="frmLogin"
                         path="/"
                         loginUrl="login.aspx"
                         protection="All"
                         timeout="20"></forms>
                </authentication>
                <authorization>
                        <allow users="*" />
                </authorization>
        </system.web>
        <location path="admin">
                <system.web>
                        <authorization>
                                <deny users="?" />
                        </authorization>
                </system.web>
        </location>
</configuration>

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Next message: Robin Patra: "Re: Security setting in Web.config file."
Previous message: Jason Zhou: "Password protected certificate"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Configuration Error Message
... The permissions appear to be the same. ... A configuration error has occurred. ... Thread account name: NT AUTHORITY\NETWORK SERVICE ... I does not required any web.config in the root directory. ...
(microsoft.public.dotnet.framework.aspnet)
recheck for allowed roles
... user needs to authenticate using the login form. ... specific role (which might be different from the root directory). ... subfolder, there is no check for the right role. ...
(microsoft.public.dotnet.framework.aspnet)
Re: Forms Authentication error
... I can seem to get it to work if I put the authentication code in the ... web.config in the root directory, but not in the sub directory, which is the ... > I have a folder inside of my root folder I am trying to protect and I am ... An error occurred during the processing of a configuration ...
(microsoft.public.dotnet.framework.aspnet)
Re: Nested folders and permissions - Newbie
... How do I give the Users group Read-only access for the root directory ... It sounds like you mean you have a folder called ... Storage with a subfolder called Public. ... for Accounting or Management department data - and don't have them inherit ...
(microsoft.public.windows.server.sbs)
RE: Windows Integrated Auth and NTFS security
... if you use the location tag in the web.config of a parent ... setting different configuration for each subfolder. ... cannot be set at a level below the application root directory. ... NTFS security allows the group everyone read access. ...
(microsoft.public.dotnet.framework.aspnet.security)