web.config and forms authentication problem
From: MJ (emjay703_gmu_at_yahoo.com)
Date: 02/26/04
- Next message: Novice: "RE: Do all three permission classes (Identity Permission, Code Access Permission and Role Based Permission) fall under CAS?"
- Previous message: Sherif ElMetainy: "Re: Security makes .Net a JOKE....."
- Next in thread: Phill P: "Re: web.config and forms authentication problem"
- Reply: Phill P: "Re: web.config and forms authentication problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 25 Feb 2004 15:00:25 -0800
I'm building an application that has a file structure similar to the
following:
/myapp/user_login.aspx
/myapp/user_page_1.aspx
/myapp/user_page_2.aspx
/myapp/user_page_3.aspx
/myapp/admin/admin_login.aspx
/myapp/admin/admin_page_1.aspx
/myapp/admin/admin_page_2.aspx
/myapp/admin/admin_page_3.aspx
...where "/myapp" is a virtual directory defined as an application in
IIS.
You probably get the idea - only logged-in users should have access to
the user pages under the application root, and only logged-in admins
should have access to the admin pages that are under the "admin"
subdir. Unauthenticated users/admins should be redirected to the
appropriate login form.
Using forms authentication, my web.config (located in application root
- "/myapp") currently looks like this:
<!-- begin web.config -->
<configuration>
<location>
<system.web>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="AuthCookie" loginUrl="/myapp/user_login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
<location path="admin">
<system.web>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="AdminAuthCookie"
loginUrl="/myapp/admin/admin_login.aspx" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
</configuration>
<!-- end web.config -->
This works perfectly for the user pages... unauthenticated users are
redirected to "user_login.aspx", and after successfully logging-in
there they can access the rest of the user pages.
However, when an unauthenticated admin tries to access
"admin_page_1.aspx", instead of being redirected to the admin login
form, I get the following "Configuration Error":
<!-- begin error message -->
Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS.
Source Error:
Line 15: <system.web>
Line 16: <customErrors mode="Off" />
Line 17: <authentication mode="Forms">
Line 18: <forms name="AdminAuthCookie"
loginUrl="/myapp/admin/admin_login.aspx" />
Line 19: </authentication>
<!-- end error message -->
(line 17 is highlighted)
This message says that maybe my virtual directory is not an
application from IIS' perspective, but I've double and triple checked
that it is. Since that does not seem to be the issue, what is causing
this error? Please help! Thanks!
-MJ
- Next message: Novice: "RE: Do all three permission classes (Identity Permission, Code Access Permission and Role Based Permission) fall under CAS?"
- Previous message: Sherif ElMetainy: "Re: Security makes .Net a JOKE....."
- Next in thread: Phill P: "Re: web.config and forms authentication problem"
- Reply: Phill P: "Re: web.config and forms authentication problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
