Re: Basic Forms Authentication question

From: Michal A. Valasek (news_at_altaircom.net)
Date: 07/29/03 

Date: Tue, 29 Jul 2003 16:47:26 +0200

| I have a virtual directory set up with anonymous access only, web.config
| contains the following but when I go to the site it ignores the security
and
| never redirects to login.aspx. I know this will be a stupid problem but
| please help!

you must specify not only authentication, but also the authorization
conditions. The following web.config example should help:

<configuration>
  <system.web>
    <!-- here you would setup authentication method -->
    <authentication mode="Forms">
      <forms loginUrl="/Default.aspx" timeout="30" path="/" protection="All"
/>
    </authentication>
    <!--
      now specify authorization for root folder
      '*' means all users, '?' means anonymous users
      the following setting will allow access to all users except anonymous
    -->
    <authorization>
      <deny users="?" />
      <allow users="*" />
    </authorization>
  </system.web>
  <!--
     here we specify different rights for the 'noauth' folder, where
everyone
     (even anonymous users) has access
  -->
  <location path="noauth">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <!--
     here we specify different rights for the 'admin' folder, where only
     members of 'Admins' role can go
  -->
  <location path="admin">
    <system.web>
      <authorization>
        <allow roles="Admins" />
        <deny users="*" />
      </authorization>
    </system.web>
  </location>
</configuration> 

-- 
Michal A. Valasek, Altair Communications, http://www.altaircom.net
Please do not reply to this e-mail, for contact see http://www.rider.cz

Relevant Pages

  • Folder Properties
    ... In the properties of my contacts folder, I want to specify that only a ... Outlook 2003 & Exchange 2003. ... User is an admin on the pc. ...
    (microsoft.public.outlook.general)
  • Re: Removed IUSR_Computername, but...
    ... Thanks for the reply Jad... ... I have Anonymous access enabled because there are too many ... >Set NTFS permissions to allow access only to local admins ... I've given in that folder Administrator, ...
    (microsoft.public.inetserver.iis.security)
  • IIS Remote file access/permissions
    ... folder on a different machine. ... anonymous access disabled with the shared directory as ... another virtual directory in IIS. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Finding out admin username
    ... Determining an admin ID is relatively easy if anonymous access is allowed. ... You simply retrieve the domain or machine SID and then add the RID 500 to it ... I decided to log the bad username/password attempts to ...
    (microsoft.public.win2000.security)
  • Re: Removed IUSR_Computername, but...
    ... You can disable anonymous access on the folder level too. ... mentioned in the previous post but instead of doing it on the site level, ...
    (microsoft.public.inetserver.iis.security)