Women in Technology

Hear us Roar



Article:
  ASP.NET Forms Authentication - Part 1
Subject:   Emergency-Form level authentication
Date:   2004-09-10 14:23:49
From:   Bev3
Response to: Emergency-Form level authentication

Thanks ... I inherited a site that required an initial login ... as soon as the site was accessed, the first page was a login.aspx page.


It was later decided to have an open website with the previously secured information linked to from the default.aspx page.


Using the .Net 'Solution Explorer', I created a new subdirectory called "dbpages" and, again using the .Net 'Solution Explorer', I cut/pasted all of the original root directory pages and subdirectories into "dbpages".


After a lot of hair pulling / trying web.config files in subdirectories / wandering the web looking for a solution, I read this about <location> and tried it ... thanks much!


Previously, my root web.config was:


<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<authentication mode="Forms">
<forms name=".myCookie" loginUrl="./Login.aspx" protection="All" timeout="40" path="/"/>
</authentication>

<authorization>
<deny users="?"/>
</authorization>


</system.web>
</configuration>


Now, my root web.config is:


<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="dbpages/">
<system.web>
<authentication mode="Forms">
<forms name="./dbpages/myCookie" loginUrl="./dbpages/Login.aspx" protection="All" timeout="40" path="./dbpages/"/>
</authentication>

<authorization>
<deny users="?"/>
</authorization>


</system.web>
</location>
</configuration>


I've left out a lot of <compilation> and <appSettings> as not pertinent to the discussion.


I also do not have/need any othe web.config than the one in the root directory ... thanks again!