Forms-Based Authentication for only a subset of pages

G

Guest

I've got the basic forms based authentication going. A user has to go to my
login page before they can access any other pages. The issue is that there
are a sub-set of pages on which I don't have to require that a user login in
before they access it (the contact/about page for example). I've tried
copying all my 'secure' pages to a sub-directory of my application and then
set up the web.config in this sub-dir to use forms, leaving the web.config in
the main dir as non-form based authentication. but this didn't seem to work.
Even after logging in, I'd still get re-directed back to the login page every
time I accessed a page in the secure sub-dir.

What's the usual strategy for setting up this type of configuration?

Thanks for the help.
 
J

John Saunders

Andre said:
I've got the basic forms based authentication going. A user has to go to
my
login page before they can access any other pages. The issue is that
there
are a sub-set of pages on which I don't have to require that a user login
in
before they access it (the contact/about page for example). I've tried
copying all my 'secure' pages to a sub-directory of my application and
then
set up the web.config in this sub-dir to use forms, leaving the web.config
in
the main dir as non-form based authentication. but this didn't seem to
work.
Even after logging in, I'd still get re-directed back to the login page
every
time I accessed a page in the secure sub-dir.
Click to expand...

Does this happen when you have all the pages in one directory? This is not
the behavior that I would expect.
What's the usual strategy for setting up this type of configuration?
Click to expand...

I usually set up a single web.config, in the root of the application. I put
the unsecured pages in a few subdirectories, for instance login/, public/
and help/. I then use <location> elements in the web.config to specify that
anyone can access the pages in those subdirectories.

John Saunders
 
G

Guest

John Saunders said:
I usually set up a single web.config, in the root of the application. I put
the unsecured pages in a few subdirectories, for instance login/, public/
and help/. I then use <location> elements in the web.config to specify that
anyone can access the pages in those subdirectories.

John Saunders
Click to expand...

Thanks for the help John. I suspected there must be something like
<location> but I didn't find it in the help. Once I set up the <location>,
as per your suggestions, everything worked great.

Andre.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
How to bypass forms-based authentication 0
Forms Authentication / Role based security 1
Forms authentication for certain pages 3
Forms based authentication provider 3
Forms authentication with Active Directory 0
HELP !!! forms authentication ! 2
ASP.NET Forms Authentication site calling web service 8

Members online

No members online now.
Total: 90 (members: 1, guests: 89)
Robots: 197

Forum statistics

Threads
473,995
Messages
2,570,230
Members
46,819
Latest member
masterdaster

Latest Threads

Top