Secure and Unsecure Web Directories using Forms Authentication

B

Billy Jacobs

I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?

Originally I had my web.config file in the root with Forms
Authentication set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.

I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
Secure Folder with Forms Authentication On and also placed
a web.config in the root with Authentication set to none
and allow users="*". Doing this I get the following error.

It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application
level. This error can be caused by a virtual directory not
being configured as an application in IIS.

If I make the Secure Directory an application in IIS I
don't get that error but I get a different error. It says
cannot load type CSEPP.Login.

If I remove the web.config from the secure directory and
also remove the application from the Secure Directory in
IIS it does run and displays any page within the Secure
Directory correctly but of course there is no
authentication without the web.config file in that
directory.

Please help. I know this is possible but don't remember
how to set it up properly.

Thanks,

Billy Jacobs
 
P

Peter Huang [MSFT]

Hi Billy,

You may take a look at the link below.
Forms Authentication Using An XML Users File
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
l/cpconcookieauthenticationusinganxmlusersfile.asp

If you can not adduser in the example above, you may need to modify one of
the web.config as below.
[NOTE: <identity impersonate="true"/> will allow you to impersonate the
account you use to access the aspx page,
so that, you have write permission to the user.xml file, or you may need to
guarantee that the ASP_NET account has enough permission to
access the user.xml file]
<configuration>
<system.web>
<identity impersonate="true"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

Did the example works for you?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
--------------------
 
B

Billy Jacobs

This does not answer my question.

Please read it more carefully.

I need 2 web.config files. It is my understanding that it
is ok to have a web.config in multiple directories and
that the settings in the subdirectory web.config file
overrides the web.config file in the parent directory for
the subdirectory.

At the root of my web app and all folders EXCEPT
the "Secure" Folder I don't need forms authentication. I
need forms authentication in the Secure Directory Only.

Thanks,

Billy Jacobs

-----Original Message-----
Hi Billy,

You may take a look at the link below.
Forms Authentication Using An XML Users File
http://msdn.microsoft.com/library/default.asp? url=/library/en-us/cpguide/htm
l/cpconcookieauthenticationusinganxmlusersfile.asp

If you can not adduser in the example above, you may need to modify one of
the web.config as below.
[NOTE: <identity impersonate="true"/> will allow you to impersonate the
account you use to access the aspx page,
so that, you have write permission to the user.xml file, or you may need to
guarantee that the ASP_NET account has enough permission to
access the user.xml file]
<configuration>
<system.web>
<identity impersonate="true"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

Did the example works for you?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <[email protected]>
Sender: "Billy Jacobs" <[email protected]>
Subject: Secure and Unsecure Web Directories using Forms Authentication
Date: Thu, 11 Sep 2003 15:28:38 -0700
Lines: 36
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcN4tAwIiQDIbifhTH6DG1udCyABfQ==
Newsgroups: microsoft.public.dotnet.general
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.general:108209
NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.general

I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?

Originally I had my web.config file in the root with Forms
Authentication set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.

I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
Secure Folder with Forms Authentication On and also placed
a web.config in the root with Authentication set to none
and allow users="*". Doing this I get the following error.

It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application
level. This error can be caused by a virtual directory not
being configured as an application in IIS.

If I make the Secure Directory an application in IIS I
don't get that error but I get a different error. It says
cannot load type CSEPP.Login.

If I remove the web.config from the secure directory and
also remove the application from the Secure Directory in
IIS it does run and displays any page within the Secure
Directory correctly but of course there is no
authentication without the web.config file in that
directory.

Please help. I know this is possible but don't remember
how to set it up properly.

Thanks,

Billy Jacobs
Click to expand...

.
Click to expand...
 
P

Peter Huang [MSFT]

Hi Billy,

I modify the example I refer in my last post.
This is my directory structure in the IIS configuration.[I move the files
in the root to the Logon directory for demostrating your question]
http://localhost/Test-------AddUser Web.config [This one will make the
directory visited free, note it as webconfig1, unsecure]
|--------Logon Web.config [This one will make
the directory visited with form authentication, note it as webconfig2,
secure]
[Test, AddUser and Logon directories are all configured as an application
in IIS.]
[NOTE, the AddUser and Logon are the alias names that you set when you
confugured a virtual directory
And the webconfig in the AddUser virtual directory will be read , as it is
unsecure config(webconfig1), then all the aspx page in the virtual
directory will be free visited
similarly, the webconfig in the Logon virtual directory will be read , as
it is secure config(webconfig2), then all the aspx page in the virtual
directory will be visited with authentication.]

[webconfig1]
<configuration>
<system.web>
<identity impersonate="true"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

[webconfig2]
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl = "../adduser/adduser.aspx" name =
"FORMSAUTHCOOKIE"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

You may try to modify the example I post last as what I have said to see if
it meet your question.
Did I misunderstand your meaning?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <[email protected]>
Sender: "Billy Jacobs" <[email protected]>
References: <[email protected]>
Click to expand...
Subject: RE: Secure and Unsecure Web Directories using Forms Authentication
Date: Fri, 12 Sep 2003 09:30:58 -0700
Lines: 125
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcN5Sz8Df03oA781TQyUZyKJFEEbMg==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.general
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.general:108306
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.general

This does not answer my question.

Please read it more carefully.

I need 2 web.config files. It is my understanding that it
is ok to have a web.config in multiple directories and
that the settings in the subdirectory web.config file
overrides the web.config file in the parent directory for
the subdirectory.

At the root of my web app and all folders EXCEPT
the "Secure" Folder I don't need forms authentication. I
need forms authentication in the Secure Directory Only.

Thanks,

Billy Jacobs

-----Original Message-----
Hi Billy,

You may take a look at the link below.
Forms Authentication Using An XML Users File
http://msdn.microsoft.com/library/default.asp? url=/library/en-us/cpguide/htm
l/cpconcookieauthenticationusinganxmlusersfile.asp

If you can not adduser in the example above, you may need to modify one of
the web.config as below.
[NOTE: <identity impersonate="true"/> will allow you to impersonate the
account you use to access the aspx page,
so that, you have write permission to the user.xml file, or you may need to
guarantee that the ASP_NET account has enough permission to
access the user.xml file]
<configuration>
<system.web>
<identity impersonate="true"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

Did the example works for you?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <[email protected]>
Sender: "Billy Jacobs" <[email protected]>
Subject: Secure and Unsecure Web Directories using Forms Authentication
Date: Thu, 11 Sep 2003 15:28:38 -0700
Lines: 36
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcN4tAwIiQDIbifhTH6DG1udCyABfQ==
Newsgroups: microsoft.public.dotnet.general
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.general:108209
NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.general

I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?

Originally I had my web.config file in the root with Forms
Authentication set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.

I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
Secure Folder with Forms Authentication On and also placed
a web.config in the root with Authentication set to none
and allow users="*". Doing this I get the following error.

It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application
level. This error can be caused by a virtual directory not
being configured as an application in IIS.

If I make the Secure Directory an application in IIS I
don't get that error but I get a different error. It says
cannot load type CSEPP.Login.

If I remove the web.config from the secure directory and
also remove the application from the Secure Directory in
IIS it does run and displays any page within the Secure
Directory correctly but of course there is no
authentication without the web.config file in that
directory.

Please help. I know this is possible but don't remember
how to set it up properly.

Thanks,

Billy Jacobs
Click to expand...

.
Click to expand...
Click to expand...
 
B

Billy Jacobs

After moving my files to my "Secure" and "Unsecure"
directory, if I make the directories Applications in IIS
then I get an error saying:

"Could not load type 'CSEPPPortal.Login'.

My Login.aspx was originally in the root then I moved it
to the secure folder.

Do you have any idea what may be causing this?

Billy Jacobs

-----Original Message-----
Hi Billy,

I modify the example I refer in my last post.
This is my directory structure in the IIS configuration. [I move the files
in the root to the Logon directory for demostrating your question]
http://localhost/Test-------AddUser Web.config [This one will make the
directory visited free, note it as webconfig1, unsecure]
|--------Logon Web.config [This one will make
the directory visited with form authentication, note it as webconfig2,
secure]
[Test, AddUser and Logon directories are all configured as an application
in IIS.]
[NOTE, the AddUser and Logon are the alias names that you set when you
confugured a virtual directory
And the webconfig in the AddUser virtual directory will be read , as it is
unsecure config(webconfig1), then all the aspx page in the virtual
directory will be free visited
similarly, the webconfig in the Logon virtual directory will be read , as
it is secure config(webconfig2), then all the aspx page in the virtual
directory will be visited with authentication.]

[webconfig1]
<configuration>
<system.web>
<identity impersonate="true"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

[webconfig2]
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl = "../adduser/adduser.aspx" name =
"FORMSAUTHCOOKIE"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

You may try to modify the example I post last as what I have said to see if
it meet your question.
Did I misunderstand your meaning?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <[email protected]>
Sender: "Billy Jacobs" <[email protected]>
References: <[email protected]>
Click to expand...
Subject: RE: Secure and Unsecure Web Directories using Forms Authentication
Date: Fri, 12 Sep 2003 09:30:58 -0700
Lines: 125
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcN5Sz8Df03oA781TQyUZyKJFEEbMg==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.general
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.general:108306
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.general

This does not answer my question.

Please read it more carefully.

I need 2 web.config files. It is my understanding that it
is ok to have a web.config in multiple directories and
that the settings in the subdirectory web.config file
overrides the web.config file in the parent directory for
the subdirectory.

At the root of my web app and all folders EXCEPT
the "Secure" Folder I don't need forms authentication. I
need forms authentication in the Secure Directory Only.

Thanks,

Billy Jacobs

-----Original Message-----
Hi Billy,

You may take a look at the link below.
Forms Authentication Using An XML Users File
http://msdn.microsoft.com/library/default.asp? url=/library/en-us/cpguide/htm
l/cpconcookieauthenticationusinganxmlusersfile.asp

If you can not adduser in the example above, you may
Click to expand...
need
to modify one of
the web.config as below.
[NOTE: <identity impersonate="true"/> will allow you to impersonate the
account you use to access the aspx page,
so that, you have write permission to the user.xml
Click to expand...
file,
or you may need to
guarantee that the ASP_NET account has enough
Click to expand...
permission
to
access the user.xml file]
<configuration>
<system.web>
<identity impersonate="true"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

Did the example works for you?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <[email protected]>
Sender: "Billy Jacobs" <[email protected]>
Subject: Secure and Unsecure Web Directories using
Click to expand...
Forms
Authentication
Date: Thu, 11 Sep 2003 15:28:38 -0700
Lines: 36
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcN4tAwIiQDIbifhTH6DG1udCyABfQ==
Newsgroups: microsoft.public.dotnet.general
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.general:108209
NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.general

I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?

Originally I had my web.config file in the root with Forms
Authentication set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.

I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
Secure Folder with Forms Authentication On and also placed
a web.config in the root with Authentication set to none
and allow users="*". Doing this I get the following error.

It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application
level. This error can be caused by a virtual directory not
being configured as an application in IIS.

If I make the Secure Directory an application in IIS I
don't get that error but I get a different error. It says
cannot load type CSEPP.Login.

If I remove the web.config from the secure directory and
also remove the application from the Secure Directory in
IIS it does run and displays any page within the Secure
Directory correctly but of course there is no
authentication without the web.config file in that
directory.

Please help. I know this is possible but don't remember
how to set it up properly.

Thanks,

Billy Jacobs


.
Click to expand...
Click to expand...

.
Click to expand...
 
P

Peter Huang [MSFT]

Hi Billy,

Have you try the example I refered in my last post, which works fine in my
machine? This will help me isolate the problem.

You may try to set the <location> of the web.config file. Here is a KB link.

Configuration <location> Settings
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
l/cpconconfigurationlocationsettings.asp

INFO: ASP.NET Configuration Overview
http://support.microsoft.com/default.aspx?scid=kb;EN-US;307626

Here is a sample web.config.
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authentication mode="Forms" >
<forms loginUrl="Admin/Login.aspx" name="AdminLogin" protection="None"
path="/" timeout="20" >
</forms>

</authentication>
</system.web>


<location path="Admin">
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>

</configuration>

You may have a try and let me know if this works for you.

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <[email protected]>
Sender: "Billy Jacobs" <[email protected]>
References: <[email protected]>
Click to expand...
<[email protected]>
Subject: RE: Secure and Unsecure Web Directories using Forms Authentication
Date: Mon, 15 Sep 2003 06:07:51 -0700
Lines: 249
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcN7il5raugSOvBFSp6snF+X4rv9qA==
Newsgroups: microsoft.public.dotnet.general
Path: cpmsftngxa07.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.dotnet.general:108218
NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
X-Tomcat-NG: microsoft.public.dotnet.general

After moving my files to my "Secure" and "Unsecure"
directory, if I make the directories Applications in IIS
then I get an error saying:

"Could not load type 'CSEPPPortal.Login'.

My Login.aspx was originally in the root then I moved it
to the secure folder.

Do you have any idea what may be causing this?

Billy Jacobs

-----Original Message-----
Hi Billy,

I modify the example I refer in my last post.
This is my directory structure in the IIS configuration. [I move the files
in the root to the Logon directory for demostrating your question]
http://localhost/Test-------AddUser Web.config [This one will make the
directory visited free, note it as webconfig1, unsecure]
|--------Logon Web.config [This one will make
the directory visited with form authentication, note it as webconfig2,
secure]
[Test, AddUser and Logon directories are all configured as an application
in IIS.]
[NOTE, the AddUser and Logon are the alias names that you set when you
confugured a virtual directory
And the webconfig in the AddUser virtual directory will be read , as it is
unsecure config(webconfig1), then all the aspx page in the virtual
directory will be free visited
similarly, the webconfig in the Logon virtual directory will be read , as
it is secure config(webconfig2), then all the aspx page in the virtual
directory will be visited with authentication.]

[webconfig1]
<configuration>
<system.web>
<identity impersonate="true"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

[webconfig2]
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl = "../adduser/adduser.aspx" name =
"FORMSAUTHCOOKIE"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

You may try to modify the example I post last as what I have said to see if
it meet your question.
Did I misunderstand your meaning?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <[email protected]>
Sender: "Billy Jacobs" <[email protected]>
References: <[email protected]>
Click to expand...
Subject: RE: Secure and Unsecure Web Directories using Forms Authentication
Date: Fri, 12 Sep 2003 09:30:58 -0700
Lines: 125
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcN5Sz8Df03oA781TQyUZyKJFEEbMg==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.public.dotnet.general
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.general:108306
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.public.dotnet.general

This does not answer my question.

Please read it more carefully.

I need 2 web.config files. It is my understanding that it
is ok to have a web.config in multiple directories and
that the settings in the subdirectory web.config file
overrides the web.config file in the parent directory for
the subdirectory.

At the root of my web app and all folders EXCEPT
the "Secure" Folder I don't need forms authentication. I
need forms authentication in the Secure Directory Only.

Thanks,

Billy Jacobs


-----Original Message-----
Hi Billy,

You may take a look at the link below.
Forms Authentication Using An XML Users File
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/cpguide/htm
l/cpconcookieauthenticationusinganxmlusersfile.asp

If you can not adduser in the example above, you may need
to modify one of
the web.config as below.
[NOTE: <identity impersonate="true"/> will allow you to
impersonate the
account you use to access the aspx page,
so that, you have write permission to the user.xml file,
or you may need to
guarantee that the ASP_NET account has enough permission
to
access the user.xml file]
<configuration>
<system.web>
<identity impersonate="true"/>
<authorization>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

Did the example works for you?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and
confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <[email protected]>
Sender: "Billy Jacobs" <[email protected]>
Subject: Secure and Unsecure Web Directories using Forms
Authentication
Date: Thu, 11 Sep 2003 15:28:38 -0700
Lines: 36
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcN4tAwIiQDIbifhTH6DG1udCyABfQ==
Newsgroups: microsoft.public.dotnet.general
Path: cpmsftngxa06.phx.gbl
Xref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.general:108209
NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
X-Tomcat-NG: microsoft.public.dotnet.general

I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?

Originally I had my web.config file in the root with
Forms
Authentication set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.

I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
Secure Folder with Forms Authentication On and also
placed
a web.config in the root with Authentication set to none
and allow users="*". Doing this I get the following
error.

It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond
application
level. This error can be caused by a virtual directory
not
being configured as an application in IIS.

If I make the Secure Directory an application in IIS I
don't get that error but I get a different error. It
says
cannot load type CSEPP.Login.

If I remove the web.config from the secure directory and
also remove the application from the Secure Directory in
IIS it does run and displays any page within the Secure
Directory correctly but of course there is no
authentication without the web.config file in that
directory.

Please help. I know this is possible but don't remember
how to set it up properly.

Thanks,

Billy Jacobs


.
Click to expand...

.
Click to expand...
Click to expand...
 
V

valmir cinquini

Hi Peter,

I'm tracking your support to Billy. I have the same structure Billy
has, and I tryed your sugestion shown below in this message, with no
success.

My folder structure is
d:\conseg (unsecure) <-- only this one is configured as application
in IIS
d:\conseg\consegseguro (secure) <-- this one isn't

Do I need have both folder and sub-folder registered in IIS as
application? Can you figure out if I'm doing some stupid?

My web.config is the following (some lines where put in the same row
for short):


<?xml version="1.0" encoding="utf-8" ?>
<configuration>

<!-- this is for the application root folder -->
<system.web>
<compilation defaultLanguage="c#" debug="true" />
<customErrors mode="Off"/> <!--mode="RemoteOnly"/-->
<authentication mode="Windows" />
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true" />
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8"
/>
</system.web>

<!-- this is for the application secure sub-folder -->
<location path="consegseguro">
<system.web>
<authentication mode="Forms">
<forms loginUrl="logon.aspx" name="adAuthCookie" timeout="60">
<deny users="?"/>
<allow users="*"/>
</forms>
</authentication>
<identity impersonate="true"/>
</system.web>
</location>

</configuration>

I got this error

Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS.

Source Error:
Line 32: <system.web>
Line 33:
Line 34: <authentication mode="Forms">
Line 35: <forms loginUrl="logon.aspx" name="adAuthCookie"
timeout="60">
Line 36: <deny users="?"/>

Source File: D:\conseg\web.config Line: 34


I've tryed to use two separated web.config files, one for the unsecure
folder an another for the secure folder, but I got the same error.
Even configuring both folders as application in IIS. :>(

Thanks in advance
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms-based authentication 2
web.config and forms authentication problem 1
Authentication error using WSHttpBinding in WCF 0
allowDefinition='MachineToApplication' beyond application level. 1
IIS error application error? 1
Forms Authentication on Virtual Directory -- How? 3
<authentication mode="Windows"/> 1
Combine Forms Authentication with Windows 3

Top