S
stevek
I have a site which I want anonymous access to, but want to restrict
access by role to particular subfolders. I've tried to do this many
ways in web.config, but they have all resulted in members who don't
belong to any role being able to access the restricted subfolders. I
know how to do this in code, but I'd rather do it in web.config. I
believe the comments in "Step 3" in the article
http://www.devx.com/dotnet/Article/32223/0/page/2 have something to do
with this problem.
The snippets from the latest web.config attempts look something like:
root web.config: (I get same behavriour with no authorization section
in the root web.config)
<authorization>
<allow users="?"/>
<deny users="*"/>
</authorization>
editor subfolder web.config:
<authorization>
<deny users="?" />
<allow roles="Editor" />
<deny users="*" />
</authorization>
A member who belongs to no roles can access the editor subfolder after
logging in. The site uses forms authentication against a standard
generated ASP.NET 2.0 membership database. Any ideas?
Thanks
access by role to particular subfolders. I've tried to do this many
ways in web.config, but they have all resulted in members who don't
belong to any role being able to access the restricted subfolders. I
know how to do this in code, but I'd rather do it in web.config. I
believe the comments in "Step 3" in the article
http://www.devx.com/dotnet/Article/32223/0/page/2 have something to do
with this problem.
The snippets from the latest web.config attempts look something like:
root web.config: (I get same behavriour with no authorization section
in the root web.config)
<authorization>
<allow users="?"/>
<deny users="*"/>
</authorization>
editor subfolder web.config:
<authorization>
<deny users="?" />
<allow roles="Editor" />
<deny users="*" />
</authorization>
A member who belongs to no roles can access the editor subfolder after
logging in. The site uses forms authentication against a standard
generated ASP.NET 2.0 membership database. Any ideas?
Thanks