secured site with public pages

  • Thread starter Thread starter CTMAx
  • Start date Start date
C

CTMAx

Hi,

I am fairly new to developing web sites so please bear with me.

I am attempting to have some pages accessible to the general public, while
other pages are secured.

Using web.config I have setup users with passwords. It works great, but I
would like some pages to be accessible without logging in. Currently all
pages require the user to signed in.

Any response ( except flame) would be appreciated.

Thanks,

..... Tom ..
 
Hi Tom,

There are a couple ways you can do this -- with location elements or
physical directories:

1. If you only have a couple pages to secure, you can add a <location>
element to your web.config for only those pages. Something like this:

<configuration>

<!-- other elements elided for clarity -->

<location path="MySecurePage.aspx">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

</configuration>

2. My prefered option is to set up a separate physical directory for secure
pages. Add a new web.config to that directory that secures the pages you
put into it. This is convenient because any time in the future all you need
to do is create a new page in the directory it belongs. Additionally, if
you have multiple secure pages, this is the easier option because otherwise
adding <location> elements for each page could become cumbersom.

Joe
 
Thanks for the response Joe.

Does the new folder have to be a 'virtual directory' configured as an
application within IIS?

I get the following error:

Parser Error Message: It is an error to use a section registered as
allowDefinition='MachineToApplication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS.

Source Error:

Line 44: by Microsoft that offers a single logon and core profile
services for member sites.
Line 45: -->
Line 46: <authentication mode="Forms">
Line 47: <forms name="adAuthCookie" loginUrl="Default.aspx"
protection="All" timeout="60" path="/" >
Line 48: <credentials passwordFormat="Clear">

..... Tom ..
 
Back
Top