forms authentication question

[m.posseth]

Hi

is it possible with formsauthentication to only protect certain parts of my
website ?

let say i have the following directory structure


default.aspx
logon.aspx
pmain - map with all main website pages
pshop - map with all shop pages

lets say my user enters the url of my webpage , the default.aspx now
redirects him to the map pmain with some bla bla info ,,,, however if he
presses a button he will be redirected to pshop but should first be
authenticated by logon.aspx


regards

Michel Posseth [MCP]

 

[Christopher Reed]

Look at the MSDN documentation regarding <location> elements in your
web.config file. With locations, you should be able to set your website
where the login occurs only for the pshop subdirectory.

 

[Remy]

Yes that is possible.
One way is to put a web.config file into every folder that you want to
protect and specify the security level in there:
<authorization>
<deny users="?" />
</authorization>

But you can also specify that globally in the main web.config file:

<location path="manager">
<system.web>
<authorization>
<deny users="?" />
</athorization>
</system.web>
</location>

where location is the folder that you want to protect.
Hope that helps.

Remy Blaettler
http://www.collaboral.com

 

[m.posseth]

well i tried both

but in both situations i receive the following error

Error 1 It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS. C:\Documents and Settings\Administrator\Local
Settings\Temp\VWDWebCache\62.58.78.243\fr\Web.config 14


By the way i am using ASP.NET 2.0


regards

M. Posseth [MCP]

 

[Remy]

There are a whole bunch of posts refering to
allowDefinition='MachineToApplication' . Did you try out some of their
suggestions?
Seems to be mostly a setup issue.
Did you try it with a fresh project that you created inside VS 2005?
Meaning that VS created all your directory, virtual folder, etc and so
that there is only one project and no nested projects?

Remy

 

[m.posseth]

Well it looks to me that i can do what i want if i create a seperate project
for this part of the website ( in another virtual directory inside the main
one )

However this is exactly what i did not want to do ,,, guess i would be
better of implementing my own security mechanism

to answer your question

The project is just newly started from the VS 2005 IDE and is running on a
IIS 6 machine with frontpage extensions ( can`t go much wrong there i
guess )

but anyway thanks for your thoughts and help

regards

Michel Posseth [MCP]

 

[Edwin Knoppert]

However this is exactly what i did not want to do ,,, guess i would be
better of implementing my own security mechanism

You give up already.. gosh!
the suggested smaller web.config is the most ideal usage for me.
Solve the error, you'll love the way the web.config/authentication solves
this
Don't go messing with simplistic home-brewed security.

Well it looks to me that i can do what i want if i create a seperate
project for this part of the website ( in another virtual directory
inside the main one )

However this is exactly what i did not want to do ,,, guess i would be
better of implementing my own security mechanism

to answer your question

The project is just newly started from the VS 2005 IDE and is running on
a IIS 6 machine with frontpage extensions ( can`t go much wrong there i
guess )

but anyway thanks for your thoughts and help

regards

Michel Posseth [MCP]

There are a whole bunch of posts refering to
allowDefinition='MachineToApplication' . Did you try out some of their
suggestions?
Seems to be mostly a setup issue.
Did you try it with a fresh project that you created inside VS 2005?
Meaning that VS created all your directory, virtual folder, etc and so
that there is only one project and no nested projects?

Remy

 

[Christopher Reed]

The MachineToApplication error is caused because you have a web.config in a
subweb that is not an application. To rectify, go into IIS, go to the
subweb in question, right click and select Properties. Under the Virtual
Directory tab, the bottom section is called Application Settings. The top
button on the right should say Create. Click this and you'll turn this into
an application. Click OK and turn your web app again.
--
Christopher A. Reed
"The oxen are slow, but the earth is patient."

well i tried both

but in both situations i receive the following error

Error 1 It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS. C:\Documents and Settings\Administrator\Local
Settings\Temp\VWDWebCache\62.58.78.243\fr\Web.config 14


By the way i am using ASP.NET 2.0


regards

M. Posseth [MCP]

Yes that is possible.
One way is to put a web.config file into every folder that you want to
protect and specify the security level in there:
<authorization>
<deny users="?" />
</authorization>

But you can also specify that globally in the main web.config file:

<location path="manager">
<system.web>
<authorization>
<deny users="?" />
</athorization>
</system.web>
</location>

where location is the folder that you want to protect.
Hope that helps.

Remy Blaettler
http://www.collaboral.com

 

[Remy]

From what I heard 2005 has issues with Web Projects containing
projects. But they built a 2003 Web Project alike project type for 2005
now:

http://msdn.microsoft.com/asp.net/reference/infrastructure/wap/default.aspx

Have not tried it, but from what I heard, this might fix your issue.

Remy Blaettler
http://www.collaboral.com

 

[m.posseth]

Well i solved it now with Christopher`s solution ( creating a new virtual
dir ) however i still feel that this should have been easier
it should have worked right out of the box in my opinion


NL :
bedankt voor de push Edwin ,,, door tijdsdruk koos ik bijna de in mijn
ogen snelste oplossing

EN : don`t wannabe rude for the rest of the folowers of this thread "
roughly translated "

Thanks for the push Edwin, because of a tight time frame for this project i
almost choose the quickest solution


Michel Posseth [MCP]

However this is exactly what i did not want to do ,,, guess i would be

better of implementing my own security mechanism

You give up already.. gosh!
the suggested smaller web.config is the most ideal usage for me.
Solve the error, you'll love the way the web.config/authentication solves
this
Don't go messing with simplistic home-brewed security.

Well it looks to me that i can do what i want if i create a seperate
project for this part of the website ( in another virtual directory
inside the main one )

However this is exactly what i did not want to do ,,, guess i would be
better of implementing my own security mechanism

to answer your question

The project is just newly started from the VS 2005 IDE and is running on
a IIS 6 machine with frontpage extensions ( can`t go much wrong there i
guess )

but anyway thanks for your thoughts and help

regards

Michel Posseth [MCP]

There are a whole bunch of posts refering to
allowDefinition='MachineToApplication' . Did you try out some of their
suggestions?
Seems to be mostly a setup issue.
Did you try it with a fresh project that you created inside VS 2005?
Meaning that VS created all your directory, virtual folder, etc and so
that there is only one project and no nested projects?

Remy

 

[m.posseth]

Well i solved it now with a combination of Christopher and Remy (
creating a new virtual dir, and add a web config file with the security
settings ) however i still feel that this should have been easier .

It should have worked right out of the box in my opinion ( i think that it
is a bid strange that you have to take the extra step of creating a new
virtual dir , it should have worked with only Remy`s solution )

Thanks Christopher this was a live saver

Regards

Michel Posseth [MCP]

The MachineToApplication error is caused because you have a web.config in
a subweb that is not an application. To rectify, go into IIS, go to the
subweb in question, right click and select Properties. Under the Virtual
Directory tab, the bottom section is called Application Settings. The top
button on the right should say Create. Click this and you'll turn this
into an application. Click OK and turn your web app again.
--
Christopher A. Reed
"The oxen are slow, but the earth is patient."

well i tried both

but in both situations i receive the following error

Error 1 It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS. C:\Documents and Settings\Administrator\Local
Settings\Temp\VWDWebCache\62.58.78.243\fr\Web.config 14


By the way i am using ASP.NET 2.0


regards

M. Posseth [MCP]

Yes that is possible.
One way is to put a web.config file into every folder that you want to
protect and specify the security level in there:
<authorization>
<deny users="?" />
</authorization>

But you can also specify that globally in the main web.config file:

<location path="manager">
<system.web>
<authorization>
<deny users="?" />
</athorization>
</system.web>
</location>

where location is the folder that you want to protect.
Hope that helps.

Remy Blaettler
http://www.collaboral.com

 

[Remy]

If you are still interested in the topic:
http://weblogs.asp.net/scottgu/archive/2005/12/07/432630.aspx
Above blog entry pretty much explains the issue and the solution.

Quote from his blog:
"The new project-type will also help enable some scenarios that
web-site projects don't handle as well today (for example: around
sub-web projects where the sub-project isn't an app in the
ASP.NET/IIS sense, but rather feeds its generated assembly to a parent
app's \bin directory to run)"

Cheers

Remy Blaettler
http://www.collaboral.com