When you said that you can "organize your content in folders representing different level of security", do you mean, multiple web applications (virtual directories)? or folders withing the same web application?. I understand that you can have only ONE web.config located at the ROOT of your web application (virtual directory). Could explain me a little bit more your approach
Having the <allow users="?"/> is going to allow ALL unauthenticated users to get access to ALL pages, which actually defeats the purpose of using these feature
What I'm trying to do is have a <deny users="?"/>, but at the same time ALLOW access to anybody to non restricted pages, I was thinking that the way to do this will be having some kind of property set a the page level to specify that the page is not checking authentication or something like. This will give flexibility to mix pages that requires authentication and some others that not
Thank
----- Joseph E Shook [MVP - ADSI] wrote: ----
Search the help files for the <location> element
It lookes something like thi
<location path="Logon.aspx"><system.web><authorization><allo w users="?"/></authorization></system.web></location
Usually if you can organize your content in folders representing
different level of security and creating a web.config file for each of
these you are better off, but the Location element will give you the
ultimate flexibiltiy and even more chances to forget to secure something :
MR. UNDERHILL wrote
I want to use forms authentication on my website. Looking at the documentation, I create a sample site for testing. One of my requirements is to ensure that SOME pages required an authenticated user and some others, like the home page is not required. I specified the <deny users="?" /> on the web.config, but this is causing ALL pages require the authentication. How can I mix both, without loosing the web.config setup? I know that I can manually check the IsAuthenticated property on pages I want to enforce security, but I have an idea that there is some kind of Page property to specify that is secure, maybe I just dream it Thank