stainless steel jewelry
New Member
I am currently reading a few books about ASP.NET in preparation of upgrading my site. One of the features that I'm excited about (and there are tons of them) is forms-based authentication. It seems great that ASP.NET will take care of this and I don't have to worry about it on every page. But, I have a question about it:<BR><BR>I've read that the <authentication> tag in Web.config can only be placed in the root directory of an application. Then, you can put <authorization> tags in Web.config files in the subdirectories of the application.<BR><BR>I'll be laying my site out with the following three main directories:<BR> /<BR> /public<BR> /private<BR><BR>I only want users to have to login for the pages in the /private directory. Does this mean that I would have the following Web.config files?<BR><BR>/Web.config<BR>-----------<BR> <configuration><BR> <system.web><BR> <authentication mode="Forms"><BR> <forms name="RLAuth" loginUrl="login.aspx" protection="All" timeout="60" /><BR> </authentication><BR> <authorization><BR> <allow users="?" /><BR> </authorization><BR> </system.web><BR> </configuration><BR><BR>/private/Web.config<BR>-----------<BR> <configuration><BR> <system.web><BR> <authorization><BR> <deny users="?" /><BR> </authorization><BR> </system.web><BR> </configuration><BR><BR>I would've originally tried putting the <authentication> tag in the /private/Web.config file since that's the only directory I want users to be logged in for. But I think the way I've got the <authorization> tags setup, it should work. Unfortunately, the books I've got don't cover this situation. They assume that you'll want your entire site authenticated.<BR><BR>Anyway, any help would be greatly appreciated -- even if it's just confirmation that this will work. If I'm totally on the wrong path, that would be just as useful to know 
If I have understand your problem, maybe the <Location> tag is what you want. With <Location> the can secure seperate folders.<BR><BR>Like:<BR><BR><?xml version="1.0" encoding="utf-8" ?><BR><configuration><BR><system.web><BR><authentication mode="Windows" /><BR> <identity impersonate="true"/> <BR> <authorization><BR> <allow users="Administrator" /><BR> <deny users="*" /><BR> </authorization><BR> </system.web><BR><location path="Private"><BR> <system.web><BR> <identity impersonate="true" /><BR> <authorization><BR> <BR> <allow users="username,username" /><BR> <deny users="*" /><BR> </authorization><BR> </system.web><BR> </location><BR></configuration><BR><BR>This web.config is based on the Windows-authentication provider but I think it should also work Form-based.<BR>You can insert as many <Location> tags as you wantBranton,<BR><BR>What you have should work just fine.Thanks for the confirmation. Without having actually done any coding yet, I wasn't sure if I was on the right track or just convincing myself that I was.<BR><BR>Now I have a problem, though. I've created the folders /public and /private and placed some simple files in them to test my login procedures. However, when I build the project, I'm getting errors. Basically, Visual Studio.NET is giving the files the following namespace: <project-name>.<path-name>. In my case, it is localhost.public and localhost.private. So the compiler is throwing errors that public and private are keywords. Is there any way to easily get around this problem?<BR><BR>I'm sure that I could manually change the namespaces on all the files in these two directories. I'm not sure that it would still work. And since 95% of my files will be there, I'm not too excited about that option.<BR><BR>So, is it better to find an option in VS.NET that allows me to choose the namespace or to find different names for my directories? (public and private describe them exactly how I want them, unfortunately)I have implemented Forms-Based Authentication, changed web.config file but can still directly access other aspx files on the local host without logging in and creating setauth cookie. What else am I missing ? <BR>Additional question - how can I protect .asp and .html files within same website? Is this possible ?<BR><BR>Thanks in advance.
If I have understand your problem, maybe the <Location> tag is what you want. With <Location> the can secure seperate folders.<BR><BR>Like:<BR><BR><?xml version="1.0" encoding="utf-8" ?><BR><configuration><BR><system.web><BR><authentication mode="Windows" /><BR> <identity impersonate="true"/> <BR> <authorization><BR> <allow users="Administrator" /><BR> <deny users="*" /><BR> </authorization><BR> </system.web><BR><location path="Private"><BR> <system.web><BR> <identity impersonate="true" /><BR> <authorization><BR> <BR> <allow users="username,username" /><BR> <deny users="*" /><BR> </authorization><BR> </system.web><BR> </location><BR></configuration><BR><BR>This web.config is based on the Windows-authentication provider but I think it should also work Form-based.<BR>You can insert as many <Location> tags as you wantBranton,<BR><BR>What you have should work just fine.Thanks for the confirmation. Without having actually done any coding yet, I wasn't sure if I was on the right track or just convincing myself that I was.<BR><BR>Now I have a problem, though. I've created the folders /public and /private and placed some simple files in them to test my login procedures. However, when I build the project, I'm getting errors. Basically, Visual Studio.NET is giving the files the following namespace: <project-name>.<path-name>. In my case, it is localhost.public and localhost.private. So the compiler is throwing errors that public and private are keywords. Is there any way to easily get around this problem?<BR><BR>I'm sure that I could manually change the namespaces on all the files in these two directories. I'm not sure that it would still work. And since 95% of my files will be there, I'm not too excited about that option.<BR><BR>So, is it better to find an option in VS.NET that allows me to choose the namespace or to find different names for my directories? (public and private describe them exactly how I want them, unfortunately)I have implemented Forms-Based Authentication, changed web.config file but can still directly access other aspx files on the local host without logging in and creating setauth cookie. What else am I missing ? <BR>Additional question - how can I protect .asp and .html files within same website? Is this possible ?<BR><BR>Thanks in advance.