Forms Authentication for single directory

  • Thread starter Thread starter Sean
  • Start date Start date
S

Sean

Hi, I've taken over a website, which has an admin section that is
currently open. I added Forms Authentication to the admin directory
with the using the location section in web.config:

<location path="admin">
<system.web>
<customErrors mode="Off"/>
<authentication mode="Forms">
<forms name=".COOKIEDEMO" loginUrl="login.aspx"
protection="All" timeout="60" path="/">
<credentials passwordFormat="Clear">
<user name="login1" password="password1"/>
<user name="login2" password="password2"/>
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

To get this to work for a single directory, I had to use IIS and turn
the directory into a web app. This makes the authentication work
correctly, however it breaks all the existing code in admin.

My question is this: Is there a way to use Forms Authentication for a
single directory of a web site, WITHOUT running the directory as a
separate web app? I can't seem to find any documentation on
protecting a single directory.

Thanks in advance. - Sean
 
Hi Sean,

I think I did something a while ago which sounds like what you're trying to
do and got it to work without turning the admin directory into it's own web
application. I forget the exact steps but in the web.config I have:
....
<location path="Admin">
<system.web>
<authorization>
<allow users="user1"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
....
<authentication mode="Forms">
<forms loginUrl="RoleLogin.aspx" protection="None" timeout="30" path="/">
<credentials passwordFormat="Clear">
<user name = "user1" password = "password1" /?
</credentials>
</forms>
</authentication>
<authorization>
<allow users="*"/>
</authorization>
.....
At the time I was doing this website, I ran across across an article which I
think did a nice job of walking through the <location/> element. I think this
is the article:
http://www.theserverside.net/tt/articles/showarticle.tss?id=FormAuthentication (like I said it was a while ago).

Eventually, I changed things so that I used the SqlMembership provider and
roles to manage access to assets on the website. A nice improvement.

For things which have to do with ASP.NET Security, Membership, and Roles
check out the this book - Professional ASP.NET 2.0 Security, Membership, and
Role Management by Stefan Schackow.
 
Back
Top