Re: can I set web.config to require authentication only for some files?

From: Bennett Haselton (bennett_at_peacefire.org)
Date: 09/10/04 

Date: 10 Sep 2004 01:09:07 -0700

Thanks, that worked! At least once I figured out where the <location>
tag was supposed to go so that the web.config file would be parsed
correctly (it had to go just before the closing </configuration> tag
but I couldn't tell that from the tutorial).

In my original message I had said it broke when I tried putting a
web.config file in the subdirectory, but that was because I also had
the <authentication mode="Forms"> tag in that web.config file, and it
was giving a run-time error because that attribute can only be set in
the application-level web.config file. Once I changed the web.config
file in the subdirectory so that it only set the <authorization>
setting, it worked.

(I assume this means that within the same application, you can't have
one authentication method for one set of pages and a different
authentication method for another set of pages, but that's not
something I need anyway.)

One last question though: is there a way to specify multiple files and
directories in the "path" attribute of the <location> tag:

<location path="subdir">
        <system.web>
                <authorization>
                        <deny users="?" />
                </authorization>
        </system.web>
</location>

I tried entering multiple files separated by commas or semicolons, but
that always gave a run-time error.

It's not a huge pain to add a new <location> tag every time I create a
new page that needs to have required authentication, but I was
curious.

-Bennett

"Steve C. Orr [MVP, MCSD]" <Steve@Orr.net> wrote in message news:<e4U7j4tlEHA.556@tk2msftngp13.phx.gbl>...
> You can specify some pages to require login, and others to not require login
> via your web.config file by using the <location> tag.
>
> Here is an example with sample code that you can download and play with.
> http://www.dotnetbips.com/displayarticle.aspx?id=117
>
> --
> I hope this helps,
> Steve C. Orr, MCSD, MVP
> http://Steve.Orr.net
>
>
> "Bennett Haselton" <bennett@peacefire.org> wrote in message
> news:e614455c.0409091740.137b1092@posting.google.com...
> > If I add this to my web.config file:
> >
> > <authentication mode="Forms">
> > <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All"
> > timeout="60" />
> > </authentication>
> >
> > I can configure the application so that users who try to access a page
> > in the application, get redirected to login.aspx where they have to
> > sign in. (And the "signing in" is handled in the codebehind page of
> > login.aspx.)
> >
> > What if I want to configure authentication so that it's only required
> > for certain files? Or only for certain directories? Is there a way
> > to specify in the <forms> tag or in the <authentication> tag that you
> > want authentication to apply only to certain files or directories? I
> > couldn't find any documented way.
> >
> > If you create a subdirectory and put a web.config file in there with
> > its own <authentication mode="Forms"> tag, in an attempt to make
> > authentication apply only to files in that directory, then you get the
> > ASP.Net error:
> >
> > It is an error to use a section registered as
> > allowDefinition='MachineToApplication' beyond application level.
> >
> > As a last resort I could create a new project directory as a
> > sub-directory under the top-level project directory, but that sounds
> > inelegant; it'd be better to be able to manage all files in a single
> > project.
> >
> > -Bennett

Relevant Pages

  • Re: ASP.NET Authentication exception case
    ... It doesn't seem to like the authorization tag underneath the location tag ... This section sets the authentication policies of the application. ... <!-- SESSION STATE SETTINGS ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: can I set web.config to require authentication only for some files?
    ... You can specify some pages to require login, and others to not require login ... via your web.config file by using the tag. ... > What if I want to configure authentication so that it's only required ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: can I set web.config to require authentication only for some files?
    ... To change the authentication in specific directories all you have to do ... To specify at the file level within a site or directory: ... > to specify in the tag or in the tag that you ... > sub-directory under the top-level project directory, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Page level forms Authentication
    ... By setting authentication normally as you would and then the alternative ... tag as it would normally be with Forms auth. ... I also have 3 more in the root> directory that must be available to everyone. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • can I set web.config to require authentication only for some files?
    ... What if I want to configure authentication so that it's only required ... to specify in the tag or in the tag that you ... sub-directory under the top-level project directory, ...
    (microsoft.public.dotnet.framework.aspnet)