RE: Forms Authentication for only one folder



Thanks Steven I will try to put an additional web.config file within the dir
that I want to protect. Thanks for your help.

"Steven Cheng [MSFT]" wrote:

Hi Flyguy,

From your description, you're using ASP.NET with FormsAuthentication, and
you wonder how to configure an particular folder to have different
authorization setting as the main web application, correct?

Based on my experience, for specifc authorization(for a parituclar page or
sub folder) in ASP.NET web application, there are two means:

1. You can create an additional web.config file in that certain sub folder
and override the "<authorization>" setting in that sub web.config file

2. There is a <location> element in web.config file which can let you
specify customized settings(different from main setting) for a particular
path(a page or a folder). e.g.

========================
..............

<location path="subdir1">
<system.web>
<authorization>
<allow users ="*" />
</authorization>
</system.web>
</location>

<system.web>
// main setting here....
</system.web>

</configuration>
=========================

here are some web article and reference introduced these methods.

#HOW TO: Control Authorization Permissions in an ASP.NET Application
http://support.microsoft.com/kb/316871

#Form authentication and authorization in ASP.NET
http://www.codeproject.com/KB/web-security/FormAuthenticnAuthorizn.aspx

#location Element (ASP.NET Settings Schema)
http://msdn.microsoft.com/en-us/library/b6x6shw7.aspx

Hope this helps.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.







--------------------
From: =?Utf-8?B?Rmx5Z3V5?= <flyguy@xxxxxxxxxxxxx>
Subject: Forms Authentication for only one folder
Date: Sat, 21 Jun 2008 07:29:02 -0700


I am using Forms Authentication on a website. I’d like to configure it
to
allow anyone access to the entire site with the exception of one folder.
In
that one folder I’d like to limit it to users with logins. How do I
setup my
web.config file for this?



.



Relevant Pages

  • RE: Forms Authentication for only one folder
    ... you wonder how to configure an particular folder to have different ... authorization setting as the main web application, ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Securing a single aspx page
    ... forms authentication by default will allow everyone access ... authorization setting: ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Securing a single aspx page
    ... forms authentication by default will allow everyone access ... authorization setting: ... Microsoft MSDN Online Support Lead ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: My.Settings.Upgrade doesnt upgrade?
    ... It goes up to its parent folder "%AppData%/My ... which usually is the application install path, ... Microsoft Online Community Support ... nature are best handled working with a dedicated Microsoft Support Engineer ...
    (microsoft.public.dotnet.languages.vb)
  • RE: Web Deployment Project location/Authorization replacement
    ... During "Release" the test role is not authorized in the sub directory. ... authorization works fine. ... Microsoft Online Support ... nature are best handled working with a dedicated Microsoft Support Engineer ...
    (microsoft.public.dotnet.framework.aspnet)