You need to specify <authentication> etc on the root level, therefore you
need to do it kind of twisted
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="ConnStr" value="Data Source=myDataSource;Initial
Catalog=myDb;User=myUser; Password=myPassword"/>
</appSettings>
<system.web>
<!-- Authentication element on root level, just specify with
authorization that root level is public -->
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx"/>
</authentication>
<authorization>
<allow users="*" />
</authorization>
<compilation defaultLanguage="c#" debug="true"/>
<customErrors mode="RemoteOnly"/>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true"/>
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
</system.web>
<!-- Deny Access to Admin folder -->
<location path="Admin">
<system.web>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>
--
Teemu Keiski
ASP.NET MVP, AspInsider
Finland, EU
http://blogs.aspadvice.com/joteke
"Adam J Knight" <ad**********@optusnet.com.au> wrote in message
news:ew******************@TK2MSFTNGP15.phx.gbl...
Hi,
I am not to clued up when it comes to Web.config.
Here is a butchered version, probably totally wrong..that attempts to
acheive what i am after.
Obviously it is incorrect, and producing an error..Would appreciated the
correct syntax!!!!
This is an attempt to apply authentication to a 'Admin' subject directory,
but have no security on pages in root directory...
Cheers,
Adam
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="ConnStr" value="Data Source=myDataSource;Initial
Catalog=myDb;User=myUser; Password=myPassword"/>
</appSettings>
<system.web>
<compilation defaultLanguage="c#" debug="true"/>
<customErrors mode="RemoteOnly"/>
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="true"/>
<sessionState mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data
source=127.0.0.1;Trusted_Connection=yes"
cookieless="false" timeout="20" />
<globalization requestEncoding="utf-8" responseEncoding="utf-8"/>
</system.web>
<location path="Admin">
<system.web>
<authentication mode="Forms">
<forms loginUrl="Admin/Login.aspx"/>
</authentication>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
</location>
</configuration>