Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / April 2008

Tip: Looking for answers? Try searching our database.

subfolders/security

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
slinky - 02 Apr 2008 13:33 GMT
I've placed certain .aspx & .html pages into a subfolder called
MembersArea to which a successful logon will take the user.
Here's what I'm assuming: Both my main web folder and my MembersArea
subfolder need their own unique web.config file, correct?
I'm also assuming that by designing a custom logon page I'm using
"Forms Authentication" (?)
I've tried to put the pieces together as to what to put into the
web.config files to secure them such as:

<authentication>
  <deny users="?"> <!-- Deny all unauthenticated users -->
<authentication/>

Am I on the right track here and do I need also in the web.config
file
to reference the login.aspx page?

Thanks!!
Reply to this Message
Peter Bromberg [C# MVP] - 02 Apr 2008 13:49 GMT
No, subfolders do not require their own web.config file. An alternative:

<location path="MembershipArea">
 <system.web>
   <authorization>
     <allow roles="member" />
     <deny users="*" />
   </authorization>
 </system.web>
</location>

Signature

Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short Urls & more: http://ittyurl.net

> I've placed certain .aspx & .html pages into a subfolder called
> MembersArea to which a successful logon will take the user.
[quoted text clipped - 14 lines]
>
> Thanks!!
Reply to this Message
slinky - 02 Apr 2008 14:15 GMT
thanks! I was going down the wrong path obviously.
My scenario extends to I have a registration page (Name, EmailAddress,
Password) and a login page (Name, Password).
I'm using any XML file to store that info (necessity in our business).
How can I apply the "<allow roles="member" />" to this setup? Should I
add a node onto my XML for "Role"?

Here's what my XML looks like:

<?xml version="1.0" standalone="yes"?>
<submission>
  <destination>
   <emailAddress>kenneth.gay@wachovia.com</emailAddress>
   <name>Ken Gay</name>
   <password>helsinki</password>
 </destination>
   <destination>
   <emailAddress>jeffstansen@hotmail.com</emailAddress>
   <name>Jeff Stansen</name>
   <password>tazmania</password>
 </destination>
 <destination>
   <emailAddress>kleinpatter@yahoo.com</emailAddress>
   <name>EdKlein</name>
   <password>primative</password>
 </destination>
</submission>

Thanks!

On Apr 2, 8:49 am, Peter Bromberg [C# MVP]
<pbromb...@yahoo.NoSpamMaam.com> wrote:
> No, subfolders do not require their own web.config file. An alternative:
>
[quoted text clipped - 32 lines]
>
> - Show quoted text -
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.