Re: Troubled authentication in subdirectories

You can only have one authentication section in a web application. You don't
solve this, it's by design. The only thing you can do is alter the login
page based upon where the user is coming from, ie: which subdirectory. The
only other way is to make the subdirectories their own independent
application spaces. Of course, you can specify whatever authorization
limitations you want in the specific subdirectories, that doesn't matter,
just keeping in mind there can only be one authentication section and one
logon page.


--
Hope this helps,
Mark Fitzpatrick
Former Microsoft FrontPage MVP 199?-2006

"Benton" <conversar@xxxxxxxxx> wrote in message
news:56jam8F27vd09U1@xxxxxxxxxxxxxxxxxxxxx
Hi there,

I want to have an unrestricted root directory and some protected
subdirectories on my ASP.NET 2.0 application. I want each subdirectory to
have its own Login.aspx page.

The following article is a good start, but it uses a single Login.aspx
located in the root directory to protect a subdirectory:

http://www.theserverside.net/tt/articles/showarticle.tss?id=FormAuthentication

The technique described in the article uses a "location" section in
web.config, where a custom "system.web" section is defined for the
protected subdirectory.

Now if I put the "authentication mode" section inside this custom
"system.web" for the subdirectory (so I can define the subdirectory Login
page), I get a compiler error on the "authentication" section:

Error 1 It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS. D:\WebSites\RegencyWeb\web.config 42

If I put the "authentication" section in the root "system.web" (outside of
the location's "system.web") then the application compiles fine, but I'm
limited to a single Login.aspx for the application.

So how can I solve this?

Thanks for any insight,

-Benton


.

Relevant Pages

  • Troubled authentication in subdirectories
    ... I want to have an unrestricted root directory and some protected subdirectories on my ASP.NET 2.0 application. ... The following article is a good start, but it uses a single Login.aspx located in the root directory to protect a subdirectory: ... Now if I put the "authentication mode" section inside this custom "system.web" for the subdirectory, I get a compiler error on the "authentication" section: ...
    (microsoft.public.dotnet.framework.aspnet)
  • RE: IIS protection
    ... "Is there another way to protect the server or allow individual user ... Sure, to achieve this, enabling user authentication is necessary: ... Use NTFS Security to Protect a Web Page Running on IIS 4.0 or ... enable either Basic authentication or Integrated windows auth: ...
    (microsoft.public.inetserver.iis)
  • Re: Forms Based Authentication Issue (VIEWSTATE) Login Form On Non Protected Page
    ... I have it all working fine and pages I want to protect show a login ... login form on an area of their homepage. ... CLASSIC ASP SCENARIO) ... this using the built in forms authentication structure of .NET. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Forms Based Authentication Issue (VIEWSTATE) Login Form On Non Protected Page
    ... I have actually looked for javascript that can do a form post on it's own. ... Not sure I am searching for the right terms. ... I have it all working fine and pages I want to protect show a login ... using the built in forms authentication structure of .NET. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: IIS 4 Security
    ... I want to protect my machine from joe ... In my definition of reasonably secure; ... >> authentication in the example provided by the OP. ... attacks on the public system. ...
    (Focus-Microsoft)