Configuring Windows Auth & Forms Auth in Asp.Net

From: Chris Mohan (chrismo1__=AT__yahoo.com)
Date: 04/28/04 

Date: Wed, 28 Apr 2004 11:11:04 -0700

Configuring Windows Auth & Forms Auth in Asp.Net
Hi, I've configured a web app to use windows authentication and also set up two separate subdirectories to use forms authentication. It appears to work fine but I have never seen a sample that demonstrates both in the same web.config and I don't like assuming i've done this correctly and securely.

Please take a look at the following from my web.config and let me know what you think(its not the full config-- just stripped down to its essentials w/ no attributes) Its pretty basic, i just use a location element for each sub-dir and then set the auth mode inside of it. Thanks!!

<?xml version="1.0" encoding="UTF-8" ?><configuration><system.web><authentication mode="Windows" /><authorization><allow users="*" /></authorization></system.web><location path="SecureArea1"><system.web><authentication mode="Forms"><forms loginUrl="login.aspx" /></authentication><authorization><deny users="?" /></authorization></system.web></location><location path="SecureArea2"><system.web><authentication mode="Forms"><forms loginUrl="login.aspx" / ></authentication><authorization><deny users="?" /></authorization></system.web></location></configuration>