Search:   Namespaces Discussions .NET v1.1 Feedback

Public and private web site Messages   Related Types This message was discovered on ASPFriends.com 'aspngconfig' list. Kailas Tare -- Moved from [aspngreuse] to [aspngconfig] by Tony Stark <Click here to reveal e-mail address> -- Hi all, My web site has few public pages and all pages under a secured folder are requied to have authentication. This is one web application. The design is like ebay, where bidding display pages are public, but submition of bid requires a user account.=20 I am using forms authentication in .Net. How do i specify it in web.config file that use forms authentication only for certain folder? Thanks in advance. Kailas Tare Reply to this message...        Johnson, Peter Put another web.config in the subdirectory, and its settings will be used instead for that directory. We're doing the reverse of what you're talking about--the main directory (the web app's root) has a web.config with most of the settings including forms authentication, then a subdirectory has a small web.config that essentially turns it off for that directory: <configuration> <system.web> <authorization> <allow users="?" /> </authorization> </system.web> </configuration> HTH, Peter [Original message clipped] ********************************************** This e-mail and any attachments may be confidential or legally privileged. If you received this message in error or are not the intended recipient, you should destroy the e-mail message and any attachments or copies, and you are prohibited from retaining, distributing disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your cooperation. ********************************************** ec03/04 Reply to this message...        Johnson, Peter Thanks to the other thread on web.config, I wonder if this would work instead. If so, it seems a bit of a cleaner solution: <configuration> <system.web> <!- Your main web settings go here --> </system.web> <!- Configuration for the "Sub1" subdirectory. --> <location path="Sub1"> <system.web> <authentication mode="Forms"> <forms name=".FORMSAUTH" protection="All" timeout="60" /> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> </location> </configuration> If you try it and it works, let me know. Thanks, Peter [Original message clipped] ********************************************** This e-mail and any attachments may be confidential or legally privileged. If you received this message in error or are not the intended recipient, you should destroy the e-mail message and any attachments or copies, and you are prohibited from retaining, distributing disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your cooperation. ********************************************** ec03/04 Reply to this message...        Kailas Tare Hi Peter, In my visual studio .net project, I have a project called MyDotNet and so the virtual folder in ISS. MyDotNet is under "inetput/wwwroot" and it has bin as subdirectory. Authentication mode is "None" for this project. I also have "Admin" as a subfolder in MyDotNet folder. In order to make "Admin" folder pages login secured, I changed my "inetput\wwwroot\MyDotNet\web.config" as you suggested. I also added a blank Login.aspx page under Admin folder. Now when I tried to hit any page in Admin folder, I got=20 "It is an error to use a section registered as allowDefinition=3D'MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS."=20 So I went to IIS and made "Admin" subfolder as an application. Now when I hit any page in Admin folder, the request gets redirected to Login.aspx page, but I get following error on the page: *------------- Parser Error Message: "Could not load type 'MyDotNet.Admin.Login'." Source Eror: Line 1: <%@ Page language=3Dc# CodeBehind=3D"Login.aspx.cs" AutoEventWireup=3D"false" Inherits=3D"MyDotNet.Admin.Login" %> --------------* Now it looks like ASP.NET is trying to load type "MyDotNet.Admin.Login" and it is sitting in=20 "inetput\wwwroot\MyDotNet\bin\MyDotNet.dll". "Admin" is a web application, but it does not have a bin directory. How can it load types from MyDotNet projects dll? I am missing something here or completely out of track? Kailas Tare. -----Original Message----- From: Johnson, Peter [mailto:Click here to reveal e-mail address] Sent: Thursday, July 25, 2002 6:26 AM To: aspngconfig Subject: [aspngconfig] RE: Public and private web site Thanks to the other thread on web.config, I wonder if this would work instead. If so, it seems a bit of a cleaner solution: <configuration> <system.web> =20 <!- Your main web settings go here --> </system.web> =20 <!- Configuration for the "Sub1" subdirectory. --> <location path=3D"Sub1"> <system.web> <authentication mode=3D"Forms"> <forms name=3D".FORMSAUTH" protection=3D"All" timeout=3D"60" = /> </authentication> =20 <authorization> <deny users=3D"?" /> </authorization> </system.web> </location> </configuration> If you try it and it works, let me know. Thanks, Peter [Original message clipped] ********************************************** This e-mail and any attachments may be confidential or legally privileged. If you received this message in error or are not the intended recipient, you should destroy the e-mail message and any attachments or copies, and you are prohibited from retaining, distributing disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your cooperation. ********************************************** ec03/04 | [aspngconfig] member Click here to reveal e-mail address =3D YOUR ID | http://www.asplists.com/asplists/aspngconfig.asp =3D JOIN/QUIT | http://www.asplists.com/search =3D SEARCH Archives Reply to this message...        Johnson, Peter I think you want MyDotNet configured as an IIS application, and Admin not configured as an IIS application. What I was saying is that you can try one of two things (not both at the same time): 1. Change MyDotNet\web.config to include this section: <configuration> <location path="Admin"> <system.web> <authentication mode="Forms"> <forms name=".FORMSAUTH" protection="All" timeout="60" /> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> </location> </configuration> (mind you, not including the <configuration> tags again which should already be in your web.config) 2. Instead of changing MyDotNet\web.config as above, change MyDotNet\Admin\web.config to include this section only: <configuration> <system.web> <authentication mode="Forms"> <forms name=".FORMSAUTH" protection="All" timeout="60" /> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> </configuration> That is, the above would be the complete text of web.config. I believe this technique works for allowing anonymous access instead of authenticating; not sure about your scenario--authenticating instead of allowing anonymous. Your login page should be compiled into MyDotNet\bin\MyDotNet.dll. The "Could not load type" error usually means you didn't compile it into an assembly the ASPX can see, or your codebehind is specifying a different namespace/class name than your ASPX page is specifying. Remove the application configuration from Admin, delete the MyDotNet\Admin\web.config file, and try #1 above. If you still have problems, copy & paste your complete MyDotNet\web.config into your reply (substituting dummy words for things like database locations and passwords, of course!). --Peter [Original message clipped] ********************************************** This e-mail and any attachments may be confidential or legally privileged. If you received this message in error or are not the intended recipient, you should destroy the e-mail message and any attachments or copies, and you are prohibited from retaining, distributing disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your cooperation. ********************************************** ec03/04 Reply to this message...        Eric Marthinsen Hello-     Don't put any <authentication> elements in any web.config other than the one in your application root and don't put it within a <location> element. The <authentication> element is application level only. You can put your <authorization> elements in a <location> tag or in a web.config in a subdirectory. To fix your second error, I think you need to rebuild your project. Regards-     Eric -----Original Message----- From: Johnson, Peter [mailto:Click here to reveal e-mail address] Sent: Friday, July 26, 2002 12:02 PM To: aspngconfig Subject: [aspngconfig] RE: Public and private web site I think you want MyDotNet configured as an IIS application, and Admin not configured as an IIS application. What I was saying is that you can try one of two things (not both at the same time): 1. Change MyDotNet\web.config to include this section: <configuration> <location path="Admin"> <system.web> <authentication mode="Forms"> <forms name=".FORMSAUTH" protection="All" timeout="60" /> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> </location> </configuration> (mind you, not including the <configuration> tags again which should already be in your web.config) 2. Instead of changing MyDotNet\web.config as above, change MyDotNet\Admin\web.config to include this section only: <configuration> <system.web> <authentication mode="Forms"> <forms name=".FORMSAUTH" protection="All" timeout="60" /> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> </configuration> That is, the above would be the complete text of web.config. I believe this technique works for allowing anonymous access instead of authenticating; not sure about your scenario--authenticating instead of allowing anonymous. Your login page should be compiled into MyDotNet\bin\MyDotNet.dll. The "Could not load type" error usually means you didn't compile it into an assembly the ASPX can see, or your codebehind is specifying a different namespace/class name than your ASPX page is specifying. Remove the application configuration from Admin, delete the MyDotNet\Admin\web.config file, and try #1 above. If you still have problems, copy & paste your complete MyDotNet\web.config into your reply (substituting dummy words for things like database locations and passwords, of course!). --Peter [Original message clipped] ********************************************** This e-mail and any attachments may be confidential or legally privileged. If you received this message in error or are not the intended recipient, you should destroy the e-mail message and any attachments or copies, and you are prohibited from retaining, distributing disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your cooperation. ********************************************** ec03/04 | [aspngconfig] member Click here to reveal e-mail address = YOUR ID | http://www.asplists.com/asplists/aspngconfig.asp = JOIN/QUIT | http://www.asplists.com/search = SEARCH Archives Reply to this message...        Johnson, Peter So that's why Kailas is getting that web.config error about allowDefinition='MachineToApplication'? That makes sense, that an application can only have one authentication scheme since that sort of authentication is baked into ASP.NET. So I think my instructions (#1) were right except for one thing. Kailas needs this in his web.config instead of what I said at the beginning: <configuration> <system.web> <authentication mode="Forms"> <forms name=".FORMSAUTH" protection="All" timeout="60" /> </authentication> <authorization> <allow users="?" /> </authorization> </system.web> <location path="Admin"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> </configuration> That makes more sense. Again, I've not done what you're trying, Kailas, but it "should" work. :) Thanks Eric! --Peter [Original message clipped] ********************************************** This e-mail and any attachments may be confidential or legally privileged. If you received this message in error or are not the intended recipient, you should destroy the e-mail message and any attachments or copies, and you are prohibited from retaining, distributing disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your cooperation. ********************************************** ec03/04 Reply to this message...        Kailas Tare Thanks Eric and Peter. I never knew that the <authentication> element is application level only. I changed my main config.sys as per Peter's suggestion and it worked.=20 Thanks again, Kailas. -----Original Message----- From: Johnson, Peter [mailto:Click here to reveal e-mail address] Sent: Friday, July 26, 2002 1:51 PM To: aspngconfig Subject: [aspngconfig] RE: Public and private web site So that's why Kailas is getting that web.config error about allowDefinition=3D'MachineToApplication'? That makes sense, that an application can only have one authentication scheme since that sort of authentication is baked into ASP.NET. So I think my instructions (#1) were right except for one thing. Kailas needs this in his web.config instead of what I said at the beginning: <configuration> <system.web> <authentication mode=3D"Forms"> <forms name=3D".FORMSAUTH" protection=3D"All" timeout=3D"60" /> </authentication> <authorization> <allow users=3D"?" /> </authorization> </system.web> <location path=3D"Admin"> <system.web> <authorization> <deny users=3D"?" /> </authorization> </system.web> </location> </configuration> That makes more sense. Again, I've not done what you're trying, Kailas, but it "should" work. :) Thanks Eric! --Peter [Original message clipped] ********************************************** This e-mail and any attachments may be confidential or legally privileged. If you received this message in error or are not the intended recipient, you should destroy the e-mail message and any attachments or copies, and you are prohibited from retaining, distributing disclosing or using any information contained herein. Please inform us of the erroneous delivery by return e-mail. Thank you for your cooperation. ********************************************** ec03/04 | [aspngconfig] member Click here to reveal e-mail address =3D YOUR ID | http://www.asplists.com/asplists/aspngconfig.asp =3D JOIN/QUIT | http://www.asplists.com/search =3D SEARCH Archives Reply to this message...     Ad MBR BootFX Best-of-breed application framework for .NET projects, developed by Matthew Baxter-Reynolds and MBR IT

Copyright © Matthew Baxter-Reynolds 2001-2008. '.NET 247 Software Development Services' is a trading style of MBR IT Solutions Ltd. Contact Us - Terms of Use - Privacy Policy - www.dotnet247.com