Forms-based authentication

[Guest]

Hi everybody:
I'm trying to use forms-based authentication in my web application and it
works quite fine when I put web.config file in the root of my web directory.
But this results that all users make to login into the site which is not
desired. Obviously there are some parts in the root of the web directory
which must be allowed to public users. Actually I want a specific folder like
"Admin" be protected merely. When I put the web.config file inside the Admin
Directory (and put another regular web.config file with <authentication
mode="Windows" /> tag on the root ) then I got this error when trying to
reach my files inside the Admin directory:
could anybody help please to fix this issue? thanks a lot

Kash

 

[John Bailo]

web.config applies for the whole site, so you can't "move it around".

In web.config you can specify different authentication for different
folders with:

<location path="Secure" >

<system.web>

<authorization>

<deny users="?" />

</authorization>

</system.web>

</location>

http://weblogs.asp.net/hernandl/archive/2004/06/09/ssoformsauth.aspx

 

[Guest]

John
thanks for your comments. I did exactly what you're saying here and also
downloaded the folder from the blog page and tried to follow it up row by
row. When I replaced the :
<authorization>
<deny users="?" />
</authorization>

with

<authorization>
<allow users="*" /> <!-- Allow all users -->
</authorization>

but contained it between <location path="backoffice" > tags at the end of
the web.config, now the authentication feature doesn't work and everyone has
access to backoffice without login! What's wrong with it? Please note that
the "backoffice" directory is right on the root of the web directory.
thanks for your help again

Kash