Problem with web.config inheritance and <authorization> section

Max2006

Hi,

I have the following tags in my root web.config file:

<authorization>
<allow roles="RoleA,RoleB"/>
<deny users="*"/>
</authorization>

I also have a public folder in my application called "~/Public"

I like to put all publicly available aspx pages in the "~/Public" folder.
Here is what I have in the web.config file within "~/Public" folder:

<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</configuration>
The problem is that none of pages in "~/Public" folder are available for
public users. I guess still thetag <deny users="*"/in root web.config is
in effect.

How can I make the pages within "~/Public" folder available for anonymous
users?

Any help would be appreciated,
Max

Jul 13 '07 #1

Subscribe Post Reply

5312

Steven Cheng[MSFT]

Hi Max,

Have you got the problem resolved? Based on my understanding, using a
web.config file in sub directory does be identical to using a <location>
section in root web.config. Also, I've performed some simple local test
and the public pages(in a sub folder mark with <allow users="*" / should
be visible to all users no matter how you configure authorization setting
in root web.config file. I think there maybe something else result to your
application's problem behavior.

You can also try a simple forms authentication application to see whether
you can duplicate the same issue.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

Jul 16 '07 #2

=?Utf-8?B?UXVpbmN5IEpvbmVz?=

It certainly seems like the root authorization takes precedence - I too have
a web config with
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>

and then


<location path="Public">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

None-the-less, I get a login form for pages in Public.

Removing the deny from the global authorization allows public access to the
pages in the Public folder, but also to pages in the root directory.

Jul 16 '07 #3

Steven Cheng[MSFT]

Hi Quincy,

Thanks for your input.

Seems my test result is quite different. I've tried both approaches(using a
web.config file in sub folder and using the <locationelement to specify
sub folder setting), and in b oth cases, sub folder's authorization rules
will take precedence. And this is also the expected behavior. If you feel
necessary, I can send a test project to you.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.

Jul 17 '07 #4

Steven Cheng[MSFT]

Hi Max,

Any progress on this issue? If you still have any questions on this, please
feel free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

Jul 19 '07 #5

by: phreeskier | last post by:

i want to implement authorization with windows authentication and don't have the slightest clue of how to do this implementation. the basic windows authentication for this .NET application is...

ASP / Active Server Pages

Web.config Authorization tag

by: Tampa .NET Koder | last post by:

I want to protect several folders in my application. However, in each folder I want to specify a different login page for each section. It seems like you can only define 1 login page in the...

ASP.NET

Detecting Failed Authorization

by: Bijoy Naick | last post by:

I've implemented forms authentication and authorization on my application. In my Web.Config, my authorization section looks like this.. <authorization> <allow roles="admin" /> <deny users="*"...

ASP.NET

how to config the web.config to specify the folder i want form aut

by: lenyado | last post by:

i want to use the forms authentication for the folder in virtual folder "admin/" but i don't know how to config the web.config. once i turn on authentication mode to "Forms", all files will need...

ASP.NET

Form Based Authentication and open project problem

by: sduncansca | last post by:

Hi I have an ASP.NET v1.4 application that uses form based authorization. My authorization section of the web.config looks like <authorization> <deny users="?" /> <allow users="*" />...

ASP.NET

Membership Problem

by: Scatir | last post by:

Hi, I have a membership problem I couldn't resolve. I have set up membership as most of tutorial instructed, and I am able to log on, but cannot stay log on for some reason. ex: when I log on, the...

ASP.NET

authorization policy help

by: yofnik | last post by:

Hello, Using policy (modifying web.config) and FormsAuthentication, is it possible to return an error message (or redirect to error page) instead of redirecting to the login page for specific...

ASP.NET

problem restricting access to folder to one role on anonymous site

by: stevek | last post by:

I have a site which I want anonymous access to, but want to restrict access by role to particular subfolders. I've tried to do this many ways in web.config, but they have all resulted in members...

ASP.NET

User.IsInRole in fails unless authorization section limits access

by: ronscottlangham | last post by:

I have a web page that any authenticated user can access, but I dynamically enable/disable other asp.net controls on the web page based on the Role that they are in via C# code behind. My web...

ASP.NET

How to turn on java script in a villaon keypad mobile phone

by: Charles Arthur | last post by:

How do i turn on java script on a villaon, callus and itel keypad mobile phone

Java

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Looking to do Android software development, any suggestions? Is flutter better?

by: nemocccc | last post by:

hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

General

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...

Windows Server

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...

General

Problem with web.config inheritance and <authorization> section

Similar topics