Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Securing a subfolder with forms authentication

Status
Not open for further replies.
dalchri

dalchri

Programmer
Apr 19, 2002
608
US
I am developing an e-commerce practice test web site. Only registered users can access the full version of the practice tests. All full version of the practice test code and pages are in a subfolder of the app root called 'Test'

Basically, I want to secure only the 'Test' subfolder and all of its contents with forms authentication. I tried using the following in my Web.config file at the app root:
[tt]
<location path=&quot;Test&quot;>
<system.web>
<authentication mode=&quot;Forms&quot; />
</system.web>
</location>
[/tt]
and I tried adding a second web.config file to the 'Test' subfolder itself. Both approaches yielded the same error message:
[tt]
It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.
[/tt]
Does this mean I have to bust my web app into more than one virtual folder in IIS? I'm hoping that there is an alternative since the .NET documentation hints at being able to do this without actually saying how.
 
Sort by date Sort by votes
you shouldn't need 2 web.config files...try one similair to the following:

--------------------------------------------
<?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot; ?>

<configuration>

<system.web>
<authentication mode=&quot;Forms&quot;>
<forms name=&quot;.TESTWEB&quot; loginUrl=&quot;login.aspx&quot; protection=&quot;All&quot; timeout=&quot;60&quot;>
<credentials passwordFormat=&quot;SHA1&quot; >
<user name=&quot;admin&quot; password=&quot;D8B8125B453F0F7AF5143325EE39004034CC52A8&quot;/>
</credentials>
</forms>
</authentication>

</system.web>

<location path=&quot;admin&quot;>
<system.web>
<authorization>
<deny users=&quot;?&quot;/>
</authorization>
</system.web>
</location>

</configuration>
--------------------------------------------

what i did was tell it to allow everyone into everything unless otherwise specified, such as the admin folder. mike griffith
----------------------------
mgriffith@lauren.com
mdg12@po.cwru.edu
 
Upvote 0 Downvote
I found the problem...

In my machine.config file, the authentication section was set to 'MachineToApplication'. It has to be set to 'Everywhere' so that you can reassign the authentication scheme in subfolders. I sure hope that isn't an issue with my Hosting server cause I surely don't have access to their machine.config file.
 
Upvote 0 Downvote
Oh! stupid me, its not that you need to change the authentication mode, just WHO you let it!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

chikwendu
  • Question
Mouse jumps to DropDownList when clicking a button
Replies
0
Views
73
chikwendu
chikwendu
G12Consult
  • Locked
  • Question
Help with Json
Replies
2
Views
867
gmmastros
gmmastros
weberm
  • Locked
  • Question
How do I make a page with multiple AJAX custom controls?
Replies
2
Views
811
weberm
weberm
Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
738
Makumbi256
Makumbi256
Moregelen
  • Locked
  • Question
Domain Authentication
Replies
0
Views
756
Moregelen
Moregelen

Part and Inventory Search

Sponsor

Back
Top