How do I use forms authentication on specific directories?

  • Thread starter Thread starter Darrel
  • Start date Start date
D

Darrel

My app has an 'admin' folder. This is the only directory i need to apply
forms authentication to.

Googling seems to indicate that the solution is to just give the admin
folder it's own config file and set the authentication rules there.

However, when I do that, I get this error:

--------------------------
Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS.
--------------------------------

Which, from what I can tell, is saying I can't do forms authentication in a
directory unless that directory is also an application.

So, is there a way to do what I want to do? I want one subdirectory of my
application (not an application itself) to use forms authentication.

-Darrel
 
Hi,

you need to declare the authentication method used on root web.config with
<authenication> element, there's no way around that .

But with <location> tags in root web.config or web.config files in
subdirectories you can provide <authorization> elements to specify if
accessing a folder (or specific aspx page) needs authentication. E.g in root
web.config put
<authorization>
<allow users="*" />
</authorization>

But for specific subfolders you can deny it.

<location path="subfolder">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

(or place this into separate web.config file on subdirectiry when <location>
wouldn't be needed)
 
<location path="subfolder">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

(or place this into separate web.config file on subdirectiry when
<location> wouldn't be needed)
Click to expand...

Thanks, Teemu. That worked perfectly!

-Darrel
 
Back
Top