subfolders/security

[slinky]

I've placed certain .aspx & .html pages into a subfolder called
MembersArea to which a successful logon will take the user.
Here's what I'm assuming: Both my main web folder and my MembersArea
subfolder need their own unique web.config file, correct?
I'm also assuming that by designing a custom logon page I'm using
"Forms Authentication" (?)
I've tried to put the pieces together as to what to put into the
web.config files to secure them such as:


<authentication>
<deny users="?"> <!-- Deny all unauthenticated users -->
<authentication/>


Am I on the right track here and do I need also in the web.config
file
to reference the login.aspx page?


Thanks!!

 

[Peter Bromberg [C# MVP]]

No, subfolders do not require their own web.config file. An alternative:


<location path="MembershipArea">
<system.web>
<authorization>
<allow roles="member" />
<deny users="*" />
</authorization>
</system.web>
</location>

 

[slinky]

thanks! I was going down the wrong path obviously.
My scenario extends to I have a registration page (Name, EmailAddress,
Password) and a login page (Name, Password).
I'm using any XML file to store that info (necessity in our business).
How can I apply the "<allow roles="member" />" to this setup? Should I
add a node onto my XML for "Role"?

Here's what my XML looks like:

<?xml version="1.0" standalone="yes"?>
<submission>
<destination>
<emailAddress>[email protected]</emailAddress>
<name>Ken Gay</name>
<password>helsinki</password>
</destination>
<destination>
<emailAddress>[email protected]</emailAddress>
<name>Jeff Stansen</name>
<password>tazmania</password>
</destination>
<destination>
<emailAddress>[email protected]</emailAddress>
<name>EdKlein</name>
<password>primative</password>
</destination>
</submission>

Thanks!