Protecting multiple directories

  • Thread starter Maziar Aflatoun
  • Start date
M

Maziar Aflatoun

Hi everyone,

I have a website that requires 2 separate sections to be password protected
(/admin and /admin2) so that for ex. once the user in /admin2 is
authenticated he/she can then view everything in /admin2 only without
restrictions. I have managed to make it work for 1 /admin and it works
great. Can someone please tell me how I can define different section
protections?

This is what I have to get /admin working

In my root Web.config I have
<authentication mode="Forms">
<forms loginUrl="admin/Login.aspx" protection="All" timeout="30" path="/">
</forms>
</authentication>

In my /admin I have
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

and same in my /admin2
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>

but now / works (requires no authentication)
/admin and /admin2 both require authentication. But that's not what I want.
I want /admin to go to /admin/Login.aspx and /admin2 to go to
/admin2/Login2.aspx

Thank you
Maz
 
F

Fabio

Maziar,
not sure whether I got your problem but if I did, you should have a total of 3
Web.config files (one in /, one in /admin1, one in /admin2). If that's the case,
try the following:

move/copy this from the root Web.config to the Web.config(s) in /admin1 and /admin2:
<authentication mode="Forms">
<forms loginUrl="admin/Login.aspx" protection="All" timeout="30" path="/">
</forms>
</authentication>
Click to expand...

in other words (check loginUrl attribute):
<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="admin1/Login.aspx" protection="All" timeout="30" path="/">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
and

<configuration>
<system.web>
<authentication mode="Forms">
<forms loginUrl="admin2/Login.aspx" protection="All" timeout="30" path="/">
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
Click to expand...

I haven't tried it myself, but that's the approach to adopt (if you don't want
to create two different apps for the two branches of course...)

Have fun!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forms Authentication for single directory 1
Restrict access to Classic ASP pages in web.config 2
Forms Authentication not Redirecting 1
Protecting files 1
Form authentication & multiple login pages 0
Forms Authentication 4
Forms Authentication and Login Pages 1
IsAuthenticated with multiple cookie 0

Members online

No members online now.
Total: 50 (members: 1, guests: 49)
Robots: 306

Forum statistics

Threads
473,994
Messages
2,570,222
Members
46,809
Latest member
moe77

Latest Threads

Top