Hello,
NO, the subfolder is not another application with its own bin folder. It
is just a subfolder that is not protected.
With the first location tag you are telling the app to deny access to all
unauthenticated users and to allow access to all other users (notice that the
deny tag is first)
<deny users="?" />
<allow users="*" />
The second location tag is overriding the whole app security and it is
allowing ALL users (notice that the second location does not have the <deny>
tag. It is in the second location tag where you should try to use the single
file. I have not tried it though!
<location path="your_login_register_folder">
The problem that I may foresee is that if your web page has any reference
(any reference at all) to any other file, you will be requested to login.
That is, if you are showing an image, a chart, or you are even using a
stylesheet, you may be requested to login so that you would need to disable
the access to all those files.
I would suggest to use a different folder where you can isolate all those
items that are not protected.
Should you have any further questions or comments, let me know.
Regards,
Cesar Saucedo
"WebBuilder451" wrote:
thanks, I did not know of this.
i do have a beginner beginner problem question on this
1. does the folder specified need to contain its own web application with
bin? and does this need to be a seprate project (different dll)?
i've not been able to get the registration page to come up without error
2. can a specific web page be allowed using the <location
allowOverride="true">
?
fyi i'm using vs.net
i can post the errors if needed.
thanks
kes
--
thanks (as always)
some day i''m gona pay this forum back for all the help i''m getting
kes
"Cesar" wrote:
Hello,
You can use the <location> tag in your main web.config as well.
It would be something like this in your web.config:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="your_name" loginUrl="login.aspx" protection="All"
path="/YourApp" timeout="20" />
</authentication>
</system.web>
<location allowOverride="true">
<system.web>
<authorization>
<deny users="?" />
<allow users="*" />
</authorization>
</system.web>
</location>
<location path="your_login_register_folder">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>
Should you have any further questions or comments, let me know.
Regards,
Cesar
"WebBuilder451" wrote:
Ya-no-wat? der'r some days dat ant no good gona happen!
well....... this is one of those days!
yes, it needs to be in a seprate directory with it's own web.config.
--
thanks (as always)
some day i''m gona pay this forum back for all the help i''m getting
kes
"WebBuilder451" wrote:
> I have an app that will direct to the login on any unauthorized access. It
> will redirect back to the calling page when authenticated. Now here is the
> problem.
> I'm allowing for user registration via a link on the lgin page, but my
> registrstion page is re-directing me back to login.aspx.
> I've enabled session state to in proc to prevent multi logins with the same
> user. Would this cause a problem?
> here is my web.config sections that i've changed.
> <authentication mode="Forms">
> <forms
> name=".STARTERCookie"
> loginUrl="Login.aspx"
> protection="All"
> timeout="10">
> </forms>
> </authentication>
> <authorization>
> <deny users="?" />
> </usthorization>
> <sessionState
> mode="InProc"
> cookieless="true"
> timeout="120"
> />
>
> thanks (as always)
> some day i'm gona pay this forum back for all the halp i'm getting
> kes