Well I guess I'll try to re-iterate this a bit.
so at
http://localhost/myApplication
I have a login page and a web.config.
I use forms authentication and test usernames and
passwords against a database.
The authentication and authorization sections of the
web.config are (there could be something missing in it):
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
Within
http://localhost/myApplication I have a folder for
the pages I want secured:
http://localhost/myApplication/Secur...Information.as
px
'Security' being a folder within the project i.e.:
c:\inetpub\wwwroot\myApplication\Security
In that security folder I have another web.config file
that contains <u>only</u>:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
(I may be missing something in there).
So the problem I am having with this setup is: when I
login, it goes to my default page, but when I try to
click a link to another page, I get redirected to the
login page.
I hope that clears up my issue so that someone can help
me.
Thanks.
-----Original Message-----
Hi,
I'm trying to secure my application.
I'm using forms authentication and I check passwords
against a database.
I have a login.aspx page in the root of my application,
pages that I want to restrict access to are in a folder
below the root called 'secure'.
I have a web.config in the 'secure' folder with only
(I've tried having <allow users="*"/> after the deny,
butit didn't help)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
The web.config in my root has an authentication section
as such:
<authentication mode="Forms">
<forms name=".ASPXAUTH"
loginUrl="login.aspx" path="/" protection="All"
timeout="60" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
When I login, it goes to my default page, but when I try
to click a link to another page, I get redirected to the
login page.
Obviously, I'm missing something somewhere.
Any help is appreciated. Thanks.
.