F
Fred
Hello,
I made a little web site to share some files with a very few users.
I used aspnet membership and roles.
There are a few aspx files at the root. No problems to control access
for these files using the location element and roles.
Now, I created a folder private with one sub folder for each user.
ex : ~/private/userA
I added this in the root web.config (in the configuration element)
<location path="private/userA">
<system.web>
<authorization>
<allow users="userA"/>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
If I store a file in userA folder, I can get it, even if I am not
authenticated.
in <configuration><system.web>, I wrote this
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Default.aspx"/>
</authentication>
<authorization>
<deny users="*" />
</authorization>
Where is my error ?
I made a little web site to share some files with a very few users.
I used aspnet membership and roles.
There are a few aspx files at the root. No problems to control access
for these files using the location element and roles.
Now, I created a folder private with one sub folder for each user.
ex : ~/private/userA
I added this in the root web.config (in the configuration element)
<location path="private/userA">
<system.web>
<authorization>
<allow users="userA"/>
<allow roles="admin"/>
<deny users="*"/>
</authorization>
</system.web>
</location>
If I store a file in userA folder, I can get it, even if I am not
authenticated.
in <configuration><system.web>, I wrote this
<authentication mode="Forms">
<forms name=".ASPXAUTH" loginUrl="Default.aspx"/>
</authentication>
<authorization>
<deny users="*" />
</authorization>
Where is my error ?