Forms authentication in a subfolder problem, please help

Hi,

I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be protected by forms authentication.

When I create forms authentication at root level it works but when I move my
code up to the subfolder I get this error:

Server Error in '/TestProjects/FormsAuthentica tionTestingArea ' Application.
----------------------------------------------------------------------------
----

Configuration Error
Description: An error occurred during the processing of a configuration file
required to service this request. Please review the specific error details
below and modify your configuration file appropriately.

Parser Error Message: It is an error to use a section registered as
allowDefinition ='MachineToAppl ication' beyond application level. This error
can be caused by a virtual directory not being configured as an application
in IIS.

Source Error:
Line 12: />
Line 13:
Line 14: <authenticati on mode="Forms">
Line 15: <forms loginUrl="login new.aspx"/>
Line 16: </authentication>
Source File:
c:\inetpub\wwwr oot\TestProject s\FormsAuthenti cationTestingAr ea\administrati o
npages\web.conf ig Line: 14
----------------------------------------------------------------------------
----
Version Information: Microsoft .NET Framework Version:1.1.432 2.573; ASP.NET
Version:1.1.432 2.573

This is the code that I use:

root level
----------

web.config

<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>

<system.web>

<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise,
setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb
information)
into the compiled page. Because this creates a larger file that
executes
more slowly, you should set this value to true only when debugging
and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation
defaultLanguage ="c#"
debug="true"
/>

<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly " to enable custom error
messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.

"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly " Display custom (friendly) messages only to users not
running
on the local Web server. This setting is recommended for security
purposes, so
that you do not display application detail information to remote
clients.
-->
<customErrors
mode="Off"
/>

<!-- AUTHENTICATION
This section sets the authentication policies of the application.
Possible modes are "Windows",
"Forms", "Passport" and "None"

"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or
Integrated Windows) according to
its settings for the application. Anonymous access must be
disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter
their credentials, and then
you authenticate them in your application. A user credential
token is stored in a cookie.
"Passport" Authentication is performed via a centralized
authentication service provided
by Microsoft that offers a single logon and core profile services
for member sites.
-->
<authenticati on mode="Forms">
<!-- <forms loginUrl="login .aspx"/> -->
</authentication>

<!-- AUTHORIZATION
This section sets the authorization policies of the application.
You can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticate d) users.
-->

<authorizatio n>
<allow users="*"/>
<!-- <deny users="?"/>-->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>

<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page
within an application.
Set trace enabled="true" to enable application trace logging. If
pageOutput="tru e", the
trace information will be displayed at the bottom of each page.
Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your
web application
root.
-->
<trace
enabled="false"
requestLimit="1 0"
pageOutput="fal se"
traceMode="Sort ByTime"
localOnly="true "
/>

<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong
to a particular session.
If cookies are not available, a session can be tracked by adding a
session identifier to the URL.
To disable cookies, set sessionState cookieless="tru e".
-->
<sessionState
mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424"
sqlConnectionSt ring="data
source=127.0.0. 1;Trusted_Conne ction=yes"
cookieless="fal se"
timeout="20"
/>

<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalizatio n
requestEncoding ="utf-8"
responseEncodin g="utf-8"
/>

</system.web>

</configuration>

For the pages here they just contain some user controls with text and
sometimes read out some xml documents.

------------------------------------------------------------------

administrationp ages subfolder:
-----------------------------------

web.config

<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>

<system.web>
<compilation
defaultLanguage ="c#"
debug="true"
/>

<customErrors
mode="Off"
/>

<authenticati on mode="Forms">
<forms loginUrl="login new.aspx"/>
</authentication>

<authorizatio n>
<allow users="*" /> <!--Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
<deny users="?"/>
</authorization>

<trace
enabled="false"
requestLimit="1 0"
pageOutput="fal se"
traceMode="Sort ByTime"
localOnly="true "
/>

<sessionState
mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424"
sqlConnectionSt ring="data
source=127.0.0. 1;Trusted_Conne ction=yes"
cookieless="fal se"
timeout="20"
/>

<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalizatio n
requestEncoding ="utf-8"
responseEncodin g="utf-8"
/>

</system.web>

</configuration>
newtestform.asp x

<%@ Page language="c#" Codebehind="new testform.aspx.c s"
AutoEventWireup ="false"
Inherits="Forms AuthenticationT estingArea.admi nistrationpages .newtestform" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>newtestf orm</title>
<meta name="GENERATOR " Content="Micros oft Visual Studio .NET 7.1">
<meta name="CODE_LANG UAGE" Content="C#">
<meta name="vs_defaul tClientScript" content="JavaSc ript">
<meta name="vs_target Schema"
content="http://schemas.microso ft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING= "FlowLayout ">
<form id="Form1" method="post" runat="server">
<P>
<asp:Label id="LabelMessag e" runat="server"> </asp:Label></P>
<P>
<asp:Button id="ButtonSigno ut" runat="server"
Text="Signout"> </asp:Button></P>
<P>&nbsp;</P>
</form>
</body>
</HTML>
and code behind:

using System;
using System.Collecti ons;
using System.Componen tModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.Sess ionState;
using System.Web.UI;
using System.Web.UI.W ebControls;
using System.Web.UI.H tmlControls;

namespace FormsAuthentica tionTestingArea .administration pages
{
/// <summary>
/// Summary description for newtestform.
/// </summary>
public class newtestform : System.Web.UI.P age
{
protected System.Web.UI.W ebControls.Labe l LabelMessage;
protected System.Web.UI.W ebControls.Butt on ButtonSignout;

private void Page_Load(objec t sender, System.EventArg s e)
{
// Display the username
LabelMessage.Te xt = "Hello " + Context.User.Id entity.Name;
}

#region Web Form Designer generated code
override protected void OnInit(EventArg s e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeCompo nent();
base.OnInit(e);
}

/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeCompo nent()
{
this.ButtonSign out.Click += new
System.EventHan dler(this.Butto nSignout_Click) ;
this.Load += new System.EventHan dler(this.Page_ Load);

}
#endregion

private void ButtonSignout_C lick(object sender, System.EventArg s e)
{
// Signout and redirect to login.aspx
System.Web.Secu rity.FormsAuthe ntication.SignO ut();
Response.Redire ct(Request.UrlR eferrer.ToStrin g());
}
}
}
loginnew.aspx

<%@ Page language="c#" Codebehind="log innew.aspx.cs" AutoEventWireup ="false"
Inherits="Forms AuthenticationT estingArea.admi nistrationpages .loginnew" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>loginnew </title>
<meta name="GENERATOR " Content="Micros oft Visual Studio .NET 7.1">
<meta name="CODE_LANG UAGE" Content="C#">
<meta name="vs_defaul tClientScript" content="JavaSc ript">
<meta name="vs_target Schema"
content="http://schemas.microso ft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING= "FlowLayout ">
<form id="Form1" method="post" runat="server">
<P>
<asp:TextBox id="TextBoxUser Name"
runat="server"> </asp:TextBox></P>
<P>
<asp:TextBox id="TextBoxPass word" runat="server"
TextMode="Passw ord"></asp:TextBox></P>
<P>
<asp:CheckBox id="CheckBoxPer sistent" runat="server"
Text="Persisten t"></asp:CheckBox>&n bsp;
<asp:Button id="ButtonLogin " runat="server"
Text="Login"></asp:Button></P>
<P>
<asp:Label id="LabelMessag e" runat="server" Font-Bold="True"
ForeColor="Red" ></asp:Label></P>
</form>
</body>
</HTML>

and code behind:

using System;
using System.Collecti ons;
using System.Componen tModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.Sess ionState;
using System.Web.UI;
using System.Web.UI.W ebControls;
using System.Web.UI.H tmlControls;

namespace FormsAuthentica tionTestingArea .administration pages
{
/// <summary>
/// Summary description for loginnew.
/// </summary>
public class loginnew : System.Web.UI.P age
{
protected System.Web.UI.W ebControls.Text Box TextBoxUserName ;
protected System.Web.UI.W ebControls.Text Box TextBoxPassword ;
protected System.Web.UI.W ebControls.Chec kBox CheckBoxPersist ent;
protected System.Web.UI.W ebControls.Butt on ButtonLogin;
protected System.Web.UI.W ebControls.Labe l LabelMessage;

private void Page_Load(objec t sender, System.EventArg s e)
{
// Put user code to initialize the page here
}

#region Web Form Designer generated code
override protected void OnInit(EventArg s e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeCompo nent();
base.OnInit(e);
}

/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeCompo nent()
{
this.ButtonLogi n.Click += new
System.EventHan dler(this.Butto nLogin_Click);
this.Load += new System.EventHan dler(this.Page_ Load);

}
#endregion

private void ButtonLogin_Cli ck(object sender, System.EventArg s e)
{
// Validate username and password text boxes
if (TextBoxUserNam e.Text == string.Empty || TextBoxPassword .Text
== string.Empty)
{
LabelMessage.Te xt = "Username and Password cannot be empty";
return;
}

// Authenticate the user
bool CookieValue = false;
if ((TextBoxUserNa me.Text == "Kris") && (TextBoxPasswor d.Text ==
"bla"))
{
if (CheckBoxPersis tent.Checked)
{
CookieValue = true;
}
else
{
CookieValue = false;
}
// If valid, redirect to protected resource

System.Web.Secu rity.FormsAuthe ntication.Redir ectFromLoginPag e(TextBoxUserNa m
e.Text,CookieVa lue);
}
else
{
// If invalid, display an error page
LabelMessage.Te xt = "Invalid credentials, please try again";
TextBoxUserName .Text = string.Empty;
TextBoxPassword .Text = string.Empty;
}
}
}
}