473,695 Members | 2,647 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Secure and Unsecure Web Directories using Forms Authentication

I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?

Originally I had my web.config file in the root with Forms
Authentication set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.

I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
Secure Folder with Forms Authentication On and also placed
a web.config in the root with Authentication set to none
and allow users="*". Doing this I get the following error.

It is an error to use a section registered as
allowDefinition ='MachineToAppl ication' beyond application
level. This error can be caused by a virtual directory not
being configured as an application in IIS.

If I make the Secure Directory an application in IIS I
don't get that error but I get a different error. It says
cannot load type CSEPP.Login.

If I remove the web.config from the secure directory and
also remove the application from the Secure Directory in
IIS it does run and displays any page within the Secure
Directory correctly but of course there is no
authentication without the web.config file in that
directory.

Please help. I know this is possible but don't remember
how to set it up properly.

Thanks,

Billy Jacobs
Jul 21 '05 #1
6 4829
Hi Billy,

You may take a look at the link below.
Forms Authentication Using An XML Users File
http://msdn.microsoft.com/library/de...us/cpguide/htm
l/cpconcookieauth enticationusing anxmlusersfile. asp

If you can not adduser in the example above, you may need to modify one of
the web.config as below.
[NOTE: <identity impersonate="tr ue"/> will allow you to impersonate the
account you use to access the aspx page,
so that, you have write permission to the user.xml file, or you may need to
guarantee that the ASP_NET account has enough permission to
access the user.xml file]
<configuratio n>
<system.web>
<identity impersonate="tr ue"/>
<authorizatio n>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

Did the example works for you?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <bi********@csa .com>
Sender: "Billy Jacobs" <bi********@csa .com>
Subject: Secure and Unsecure Web Directories using Forms Authentication
Date: Thu, 11 Sep 2003 15:28:38 -0700
Lines: 36
Message-ID: <06************ *************** *@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcN4tAwIiQDIbif hTH6DG1udCyABfQ ==
Newsgroups: microsoft.publi c.dotnet.genera l
Path: cpmsftngxa06.ph x.gbl
Xref: cpmsftngxa06.ph x.gbl microsoft.publi c.dotnet.genera l:108209
NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
X-Tomcat-NG: microsoft.publi c.dotnet.genera l

I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?

Originally I had my web.config file in the root with Forms
Authenticati on set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.

I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
Secure Folder with Forms Authentication On and also placed
a web.config in the root with Authentication set to none
and allow users="*". Doing this I get the following error.

It is an error to use a section registered as
allowDefinitio n='MachineToApp lication' beyond application
level. This error can be caused by a virtual directory not
being configured as an application in IIS.

If I make the Secure Directory an application in IIS I
don't get that error but I get a different error. It says
cannot load type CSEPP.Login.

If I remove the web.config from the secure directory and
also remove the application from the Secure Directory in
IIS it does run and displays any page within the Secure
Directory correctly but of course there is no
authenticati on without the web.config file in that
directory.

Please help. I know this is possible but don't remember
how to set it up properly.

Thanks,

Billy Jacobs


Jul 21 '05 #2
This does not answer my question.

Please read it more carefully.

I need 2 web.config files. It is my understanding that it
is ok to have a web.config in multiple directories and
that the settings in the subdirectory web.config file
overrides the web.config file in the parent directory for
the subdirectory.

At the root of my web app and all folders EXCEPT
the "Secure" Folder I don't need forms authentication. I
need forms authentication in the Secure Directory Only.

Thanks,

Billy Jacobs

-----Original Message-----
Hi Billy,

You may take a look at the link below.
Forms Authentication Using An XML Users File
http://msdn.microsoft.com/library/default.asp? url=/library/en-us/cpguide/html/cpconcookieauth enticationusing anxmlusersfile. asp

If you can not adduser in the example above, you may need to modify one ofthe web.config as below.
[NOTE: <identity impersonate="tr ue"/> will allow you to impersonate theaccount you use to access the aspx page,
so that, you have write permission to the user.xml file, or you may need toguarantee that the ASP_NET account has enough permission toaccess the user.xml file]
<configuration >
<system.web>
<identity impersonate="tr ue"/>
<authorizatio n>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

Did the example works for you?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <bi********@csa .com>
Sender: "Billy Jacobs" <bi********@csa .com>
Subject: Secure and Unsecure Web Directories using Forms AuthenticationDate: Thu, 11 Sep 2003 15:28:38 -0700
Lines: 36
Message-ID: <06************ *************** *@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcN4tAwIiQDIbif hTH6DG1udCyABfQ ==
Newsgroups: microsoft.publi c.dotnet.genera l
Path: cpmsftngxa06.ph x.gbl
Xref: cpmsftngxa06.ph x.gbl microsoft.publi c.dotnet.genera l:108209NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
X-Tomcat-NG: microsoft.publi c.dotnet.genera l

I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?

Originally I had my web.config file in the root with FormsAuthenticatio n set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.

I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
Secure Folder with Forms Authentication On and also placeda web.config in the root with Authentication set to none
and allow users="*". Doing this I get the following error.
It is an error to use a section registered as
allowDefiniti on='MachineToAp plication' beyond applicationlevel. This error can be caused by a virtual directory notbeing configured as an application in IIS.

If I make the Secure Directory an application in IIS I
don't get that error but I get a different error. It sayscannot load type CSEPP.Login.

If I remove the web.config from the secure directory and
also remove the application from the Secure Directory in
IIS it does run and displays any page within the Secure
Directory correctly but of course there is no
authenticatio n without the web.config file in that
directory.

Please help. I know this is possible but don't remember
how to set it up properly.

Thanks,

Billy Jacobs


.

Jul 21 '05 #3
Hi Billy,

I modify the example I refer in my last post.
This is my directory structure in the IIS configuration.[I move the files
in the root to the Logon directory for demostrating your question]
http://localhost/Test-------AddUser Web.config [This one will make the
directory visited free, note it as webconfig1, unsecure]
|--------Logon Web.config [This one will make
the directory visited with form authentication, note it as webconfig2,
secure]
[Test, AddUser and Logon directories are all configured as an application
in IIS.]
[NOTE, the AddUser and Logon are the alias names that you set when you
confugured a virtual directory
And the webconfig in the AddUser virtual directory will be read , as it is
unsecure config(webconfi g1), then all the aspx page in the virtual
directory will be free visited
similarly, the webconfig in the Logon virtual directory will be read , as
it is secure config(webconfi g2), then all the aspx page in the virtual
directory will be visited with authentication.]

[webconfig1]
<configuratio n>
<system.web>
<identity impersonate="tr ue"/>
<authorizatio n>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

[webconfig2]
<configuratio n>
<system.web>
<authenticati on mode="Forms">
<forms loginUrl = "../adduser/adduser.aspx" name =
"FORMSAUTHCOOKI E"/>
</authentication>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

You may try to modify the example I post last as what I have said to see if
it meet your question.
Did I misunderstand your meaning?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <bi********@csa .com>
Sender: "Billy Jacobs" <bi********@csa .com>
References: <06************ *************** *@phx.gbl> <wS************ **@cpmsftngxa06 .phx.gbl>Subject: RE: Secure and Unsecure Web Directories using Forms Authentication
Date: Fri, 12 Sep 2003 09:30:58 -0700
Lines: 125
Message-ID: <1a************ *************** *@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcN5Sz8Df03oA78 1TQyUZyKJFEEbMg ==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.publi c.dotnet.genera l
Path: cpmsftngxa06.ph x.gbl
Xref: cpmsftngxa06.ph x.gbl microsoft.publi c.dotnet.genera l:108306
NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.publi c.dotnet.genera l

This does not answer my question.

Please read it more carefully.

I need 2 web.config files. It is my understanding that it
is ok to have a web.config in multiple directories and
that the settings in the subdirectory web.config file
overrides the web.config file in the parent directory for
the subdirectory.

At the root of my web app and all folders EXCEPT
the "Secure" Folder I don't need forms authentication. I
need forms authentication in the Secure Directory Only.

Thanks,

Billy Jacobs

-----Original Message-----
Hi Billy,

You may take a look at the link below.
Forms Authentication Using An XML Users File
http://msdn.microsoft.com/library/default.asp?

url=/library/en-us/cpguide/htm
l/cpconcookieauth enticationusing anxmlusersfile. asp

If you can not adduser in the example above, you may need

to modify one of
the web.config as below.
[NOTE: <identity impersonate="tr ue"/> will allow you to

impersonate the
account you use to access the aspx page,
so that, you have write permission to the user.xml file,

or you may need to
guarantee that the ASP_NET account has enough permission

to
access the user.xml file]
<configuratio n>
<system.web>
<identity impersonate="tr ue"/>
<authorizatio n>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

Did the example works for you?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and

confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <bi********@csa .com>
Sender: "Billy Jacobs" <bi********@csa .com>
Subject: Secure and Unsecure Web Directories using FormsAuthenticati onDate: Thu, 11 Sep 2003 15:28:38 -0700
Lines: 36
Message-ID: <06************ *************** *@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcN4tAwIiQDIbif hTH6DG1udCyABfQ ==
Newsgroups : microsoft.publi c.dotnet.genera l
Path: cpmsftngxa06.ph x.gbl
Xref: cpmsftngxa06.ph x.gblmicrosoft.publ ic.dotnet.gener al:108209NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
X-Tomcat-NG: microsoft.publi c.dotnet.genera l

I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplish this?

Originally I had my web.config file in the root withFormsAuthenticati on set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.

I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
Secure Folder with Forms Authentication On and alsoplaceda web.config in the root with Authentication set to none
and allow users="*". Doing this I get the followingerror.
It is an error to use a section registered as
allowDefinit ion='MachineToA pplication' beyondapplicationlevel. This error can be caused by a virtual directorynotbeing configured as an application in IIS.

If I make the Secure Directory an application in IIS I
don't get that error but I get a different error. Itsayscannot load type CSEPP.Login.

If I remove the web.config from the secure directory and
also remove the application from the Secure Directory in
IIS it does run and displays any page within the Secure
Directory correctly but of course there is no
authenticati on without the web.config file in that
directory.

Please help. I know this is possible but don't remember
how to set it up properly.

Thanks,

Billy Jacobs


.


Jul 21 '05 #4
After moving my files to my "Secure" and "Unsecure"
directory, if I make the directories Applications in IIS
then I get an error saying:

"Could not load type 'CSEPPPortal.Lo gin'.

My Login.aspx was originally in the root then I moved it
to the secure folder.

Do you have any idea what may be causing this?

Billy Jacobs

-----Original Message-----
Hi Billy,

I modify the example I refer in my last post.
This is my directory structure in the IIS configuration. [I move the filesin the root to the Logon directory for demostrating your question]http://localhost/Test-------AddUser Web.config [This one will make thedirectory visited free, note it as webconfig1, unsecure]
|--------Logon Web.config [This one will makethe directory visited with form authentication, note it as webconfig2,secure]
[Test, AddUser and Logon directories are all configured as an applicationin IIS.]
[NOTE, the AddUser and Logon are the alias names that you set when youconfugured a virtual directory
And the webconfig in the AddUser virtual directory will be read , as it isunsecure config(webconfi g1), then all the aspx page in the virtualdirectory will be free visited
similarly, the webconfig in the Logon virtual directory will be read , asit is secure config(webconfi g2), then all the aspx page in the virtualdirectory will be visited with authentication.]

[webconfig1]
<configuration >
<system.web>
<identity impersonate="tr ue"/>
<authorizatio n>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

[webconfig2]
<configuration >
<system.web>
<authenticati on mode="Forms">
<forms loginUrl = "../adduser/adduser.aspx" name ="FORMSAUTHCOOK IE"/>
</authentication>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

You may try to modify the example I post last as what I have said to see ifit meet your question.
Did I misunderstand your meaning?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <bi********@csa .com>
Sender: "Billy Jacobs" <bi********@csa .com>
References: <06************ *************** *@phx.gbl>

<wS*********** ***@cpmsftngxa0 6.phx.gbl>
Subject: RE: Secure and Unsecure Web Directories using Forms AuthenticationDate: Fri, 12 Sep 2003 09:30:58 -0700
Lines: 125
Message-ID: <1a************ *************** *@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcN5Sz8Df03oA78 1TQyUZyKJFEEbMg ==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups: microsoft.publi c.dotnet.genera l
Path: cpmsftngxa06.ph x.gbl
Xref: cpmsftngxa06.ph x.gbl microsoft.publi c.dotnet.genera l:108306NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.publi c.dotnet.genera l

This does not answer my question.

Please read it more carefully.

I need 2 web.config files. It is my understanding that itis ok to have a web.config in multiple directories and
that the settings in the subdirectory web.config file
overrides the web.config file in the parent directory forthe subdirectory.

At the root of my web app and all folders EXCEPT
the "Secure" Folder I don't need forms authentication. I
need forms authentication in the Secure Directory Only.

Thanks,

Billy Jacobs

-----Original Message-----
Hi Billy,

You may take a look at the link below.
Forms Authentication Using An XML Users File
http://msdn.microsoft.com/library/default.asp?

url=/library/en-us/cpguide/htm
l/cpconcookieauth enticationusing anxmlusersfile. asp

If you can not adduser in the example above, you may need
to modify one of
the web.config as below.
[NOTE: <identity impersonate="tr ue"/> will allow you to

impersonate the
account you use to access the aspx page,
so that, you have write permission to the user.xml
file,or you may need to
guarantee that the ASP_NET account has enough
permissionto
access the user.xml file]
<configurati on>
<system.web>
<identity impersonate="tr ue"/>
<authorizatio n>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

Did the example works for you?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and

confers no rights.
--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <bi********@csa .com>
Sender: "Billy Jacobs" <bi********@csa .com>
Subject: Secure and Unsecure Web Directories using
FormsAuthenticatio n
Date: Thu, 11 Sep 2003 15:28:38 -0700
Lines: 36
Message-ID: <06************ *************** *@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE

V5.50.4910.0300Thread-Index: AcN4tAwIiQDIbif hTH6DG1udCyABfQ ==
Newsgroup s: microsoft.publi c.dotnet.genera l
Path: cpmsftngxa06.ph x.gbl
Xref: cpmsftngxa06.ph x.gbl

microsoft.pub lic.dotnet.gene ral:108209
NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
X-Tomcat-NG: microsoft.publi c.dotnet.genera l

I have a website which has both secure and non-secure
pages. I want to uses forms authentication. How do I
accomplis h this?

Originall y I had my web.config file in the root with

Forms
Authenticat ion set up and it worked just fine. Then I
realized that I needed to have some pages unsecure.

I then created 2 directories. One named Secure and the
other named Public. I placed my web.config file in my
Secure Folder with Forms Authentication On and also

placed
a web.config in the root with Authentication set to noneand allow users="*". Doing this I get the following

error.

It is an error to use a section registered as
allowDefini tion='MachineTo Application' beyond

application
level. This error can be caused by a virtual directory

not
being configured as an application in IIS.

If I make the Secure Directory an application in IIS I
don't get that error but I get a different error. It

says
cannot load type CSEPP.Login.

If I remove the web.config from the secure directory andalso remove the application from the Secure Directory inIIS it does run and displays any page within the SecureDirectory correctly but of course there is no
authenticat ion without the web.config file in that
directory .

Please help. I know this is possible but don't rememberhow to set it up properly.

Thanks,

Billy Jacobs
.


.

Jul 21 '05 #5
Hi Billy,

Have you try the example I refered in my last post, which works fine in my
machine? This will help me isolate the problem.

You may try to set the <location> of the web.config file. Here is a KB link.

Configuration <location> Settings
http://msdn.microsoft.com/library/de...us/cpguide/htm
l/cpconconfigurat ionlocationsett ings.asp

INFO: ASP.NET Configuration Overview
http://support.microsoft.com/default...b;EN-US;307626

Here is a sample web.config.
<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>
<system.web>
<authenticati on mode="Forms" >
<forms loginUrl="Admin/Login.aspx" name="AdminLogi n" protection="Non e"
path="/" timeout="20" >
</forms>

</authentication>
</system.web>
<location path="Admin">
<system.web>
<authorizatio n>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>

</configuration>

You may have a try and let me know if this works for you.

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <bi********@csa .com>
Sender: "Billy Jacobs" <bi********@csa .com>
References: <06************ *************** *@phx.gbl> <wS************ **@cpmsftngxa06 .phx.gbl>
<1a************ *************** *@phx.gbl>
<U#************ *@cpmsftngxa07. phx.gbl>Subject: RE: Secure and Unsecure Web Directories using Forms Authentication
Date: Mon, 15 Sep 2003 06:07:51 -0700
Lines: 249
Message-ID: <08************ *************** *@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Thread-Index: AcN7il5raugSOvB FSp6snF+X4rv9qA ==
Newsgroups: microsoft.publi c.dotnet.genera l
Path: cpmsftngxa07.ph x.gbl
Xref: cpmsftngxa07.ph x.gbl microsoft.publi c.dotnet.genera l:108218
NNTP-Posting-Host: tk2msftngxa12.p hx.gbl 10.40.1.164
X-Tomcat-NG: microsoft.publi c.dotnet.genera l

After moving my files to my "Secure" and "Unsecure"
directory, if I make the directories Applications in IIS
then I get an error saying:

"Could not load type 'CSEPPPortal.Lo gin'.

My Login.aspx was originally in the root then I moved it
to the secure folder.

Do you have any idea what may be causing this?

Billy Jacobs

-----Original Message-----
Hi Billy,

I modify the example I refer in my last post.
This is my directory structure in the IIS configuration.

[I move the files
in the root to the Logon directory for demostrating your

question]
http://localhost/Test-------AddUser Web.config [This

one will make the
directory visited free, note it as webconfig1, unsecure]
|--------Logon Web.config

[This one will make
the directory visited with form authentication, note it

as webconfig2,
secure]
[Test, AddUser and Logon directories are all configured

as an application
in IIS.]
[NOTE, the AddUser and Logon are the alias names that you

set when you
confugured a virtual directory
And the webconfig in the AddUser virtual directory will

be read , as it is
unsecure config(webconfi g1), then all the aspx page in

the virtual
directory will be free visited
similarly, the webconfig in the Logon virtual directory

will be read , as
it is secure config(webconfi g2), then all the aspx page

in the virtual
directory will be visited with authentication.]

[webconfig1]
<configuratio n>
<system.web>
<identity impersonate="tr ue"/>
<authorizatio n>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

[webconfig2]
<configuratio n>
<system.web>
<authenticati on mode="Forms">
<forms loginUrl = "../adduser/adduser.aspx"

name =
"FORMSAUTHCOO KIE"/>
</authentication>
<authorizatio n>
<deny users="?"/>
</authorization>
</system.web>
</configuration>

You may try to modify the example I post last as what I

have said to see if
it meet your question.
Did I misunderstand your meaning?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and

confers no rights.

--------------------
Content-Class: urn:content-classes:message
From: "Billy Jacobs" <bi********@csa .com>
Sender: "Billy Jacobs" <bi********@csa .com>
References : <06************ *************** *@phx.gbl>

<wS********** ****@cpmsftngxa 06.phx.gbl>
Subject: RE: Secure and Unsecure Web Directories usingForms AuthenticationDate: Fri, 12 Sep 2003 09:30:58 -0700
Lines: 125
Message-ID: <1a************ *************** *@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Thread-Index: AcN5Sz8Df03oA78 1TQyUZyKJFEEbMg ==
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Newsgroups : microsoft.publi c.dotnet.genera l
Path: cpmsftngxa06.ph x.gbl
Xref: cpmsftngxa06.ph x.gblmicrosoft.publ ic.dotnet.gener al:108306NNTP-Posting-Host: TK2MSFTNGXA13 10.40.1.165
X-Tomcat-NG: microsoft.publi c.dotnet.genera l

This does not answer my question.

Please read it more carefully.

I need 2 web.config files. It is my understanding thatitis ok to have a web.config in multiple directories and
that the settings in the subdirectory web.config file
overrides the web.config file in the parent directoryforthe subdirectory.

At the root of my web app and all folders EXCEPT
the "Secure" Folder I don't need forms authentication. I
need forms authentication in the Secure Directory Only.

Thanks,

Billy Jacobs
-----Original Message-----
Hi Billy,

You may take a look at the link below.
Forms Authentication Using An XML Users File
http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/cpguide/htm
l/cpconcookieauth enticationusing anxmlusersfile. asp

If you can not adduser in the example above, you mayneedto modify one of
the web.config as below.
[NOTE: <identity impersonate="tr ue"/> will allow you to
impersonat e the
account you use to access the aspx page,
so that, you have write permission to the user.xmlfile,or you may need to
guarantee that the ASP_NET account has enoughpermissionto
access the user.xml file]
<configurat ion>
<system.web>
<identity impersonate="tr ue"/>
<authorizatio n>
<allow users="*"/>
</authorization>
</system.web >
</configuration>

Did the example works for you?

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and
confers no rights.
--------------------
>Content-Class: urn:content-classes:message
>From: "Billy Jacobs" <bi********@csa .com>
>Sender: "Billy Jacobs" <bi********@csa .com>
>Subject: Secure and Unsecure Web Directories usingFormsAuthenticati on
>Date: Thu, 11 Sep 2003 15:28:38 -0700
>Lines: 36
>Message-ID: <06************ *************** *@phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="iso-8859-1"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>X-MimeOLE: Produced By Microsoft MimeOLEV5.50.4910.030 0>Thread-Index: AcN4tAwIiQDIbif hTH6DG1udCyABfQ ==
>Newsgroups : microsoft.publi c.dotnet.genera l
>Path: cpmsftngxa06.ph x.gbl
>Xref: cpmsftngxa06.ph x.gbl
microsoft.pu blic.dotnet.gen eral:108209
>NNTP-Posting-Host: TK2MSFTNGXA11 10.40.1.163
>X-Tomcat-NG: microsoft.publi c.dotnet.genera l
>
>I have a website which has both secure and non-secure
>pages. I want to uses forms authentication. How do I
>accompli sh this?
>
>Original ly I had my web.config file in the root with
Forms
>Authentica tion set up and it worked just fine. Then I
>realized that I needed to have some pages unsecure.
>
>I then created 2 directories. One named Secure and the
>other named Public. I placed my web.config file in my
>Secure Folder with Forms Authentication On and also
placed
>a web.config in the root with Authentication set tonone>and allow users="*". Doing this I get the following
error.
>
>It is an error to use a section registered as
>allowDefin ition='MachineT oApplication' beyond
applicatio n
>level. This error can be caused by a virtual directory
not
>being configured as an application in IIS.
>
>If I make the Secure Directory an application in IIS I
>don't get that error but I get a different error. It
says
>cannot load type CSEPP.Login.
>
>If I remove the web.config from the secure directoryand>also remove the application from the Secure Directoryin>IIS it does run and displays any page within theSecure>Director y correctly but of course there is no
>authentica tion without the web.config file in that
>director y.
>
>Please help. I know this is possible but don'tremember>how to set it up properly.
>
>Thanks,
>
>Billy Jacobs
>

.


.


Jul 21 '05 #6
Hi Peter,

I'm tracking your support to Billy. I have the same structure Billy
has, and I tryed your sugestion shown below in this message, with no
success.

My folder structure is
d:\conseg (unsecure) <-- only this one is configured as application
in IIS
d:\conseg\conse gseguro (secure) <-- this one isn't

Do I need have both folder and sub-folder registered in IIS as
application? Can you figure out if I'm doing some stupid?

My web.config is the following (some lines where put in the same row
for short):
<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>

<!-- this is for the application root folder -->
<system.web>
<compilation defaultLanguage ="c#" debug="true" />
<customErrors mode="Off"/> <!--mode="RemoteOnl y"/-->
<authenticati on mode="Windows" />
<trace enabled="false" requestLimit="1 0" pageOutput="fal se"
traceMode="Sort ByTime" localOnly="true " />
<sessionState mode="InProc"
stateConnection String="tcpip=1 27.0.0.1:42424"
sqlConnectionSt ring="data source=127.0.0. 1;user id=sa;password= "
cookieless="fal se" timeout="20" />
<globalizatio n requestEncoding ="utf-8" responseEncodin g="utf-8"
/>
</system.web>

<!-- this is for the application secure sub-folder -->
<location path="consegseg uro">
<system.web>
<authenticati on mode="Forms">
<forms loginUrl="logon .aspx" name="adAuthCoo kie" timeout="60">
<deny users="?"/>
<allow users="*"/>
</forms>
</authentication>
<identity impersonate="tr ue"/>
</system.web>
</location>

</configuration>

I got this error

Parser Error Message: It is an error to use a section registered as
allowDefinition ='MachineToAppl ication' beyond application level. This
error can be caused by a virtual directory not being configured as an
application in IIS.

Source Error:
Line 32: <system.web>
Line 33:
Line 34: <authenticati on mode="Forms">
Line 35: <forms loginUrl="logon .aspx" name="adAuthCoo kie"
timeout="60">
Line 36: <deny users="?"/>

Source File: D:\conseg\web.c onfig Line: 34
I've tryed to use two separated web.config files, one for the unsecure
folder an another for the secure folder, but I got the same error.
Even configuring both folders as application in IIS. :>(

Thanks in advance


v-******@online.m icrosoft.com (Peter Huang [MSFT]) wrote in message news:<Fm******* *******@cpmsftn gxa07.phx.gbl>. ..
Hi Billy,

Here is a sample web.config.
<?xml version="1.0" encoding="utf-8" ?>
<configuratio n>
<system.web>
<authenticati on mode="Forms" >
<forms loginUrl="Admin/Login.aspx" name="AdminLogi n" protection="Non e"
path="/" timeout="20" >
</forms>

</authentication>
</system.web>
<location path="Admin">
<system.web>
<authorizatio n>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
</location>

</configuration>

You may have a try and let me know if this works for you.

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

Jul 21 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
1181
by: Stephen Bartholomew | last post by:
Hi All, I have an ecommerce site that resides mainly on an unsecure server for browsing the catalogue and only passes the user to a secure area when its time checkout. The secure domain however is not located on the same URL as the unsecure site - it is hosted on a virtual directory of the ISP's secure domain. The way i would have traditionally passed the user across to the secure domain is by providing a POST form containing the...
4
3239
by: Leszek | last post by:
Hello, Is there anywhere on the net a simple step-by-step guide how to implement SSL with ASP.NET? My Internet provider enables this feature and I would like to use it to authenticate users on my WebForms. Thanks, Leszek Taratuta
2
1391
by: Shimon Sim | last post by:
I am creating application that is mostly is used by registered user. I am using Form security to let user in. I also need to create registration for users. This of cause has to be accessible to everyone. Can I do everything in one ASP.NET application or I have to create two applications for each task? Thanks, Shimon.
4
2649
by: MR. UNDERHILL | last post by:
I want to use forms authentication on my website. Looking at the documentation, I create a sample site for testing. One of my requirements is to ensure that SOME pages required an authenticated user and some others, like the home page is not required. I specified the <deny users="?" /> on the web.config, but this is causing ALL pages require the authentication. How can I mix both, without loosing the web.config setup? I know that I can...
1
1319
by: Maziar Aflatoun | last post by:
Hi everyone, I have a website that requires 2 separate sections to be password protected (/admin and /admin2) so that for ex. once the user in /admin2 is authenticated he/she can then view everything in /admin2 only without restrictions. I have managed to make it work for 1 /admin and it works great. Can someone please tell me how I can define different section protections? This is what I have to get /admin working
6
639
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms Authentication set up and it worked just fine. Then I realized that I needed to have some pages unsecure. I then created 2 directories. One named Secure and the other named Public. I placed my web.config file in my
4
1221
by: Jeff | last post by:
Using ASP.NET 1.1 Suppose I put the following code in an aspx code-behind's Page_Load() event procedure... if ( ! VerifiedSomething()) { Server.Transfer("../NoDice.aspx"); Response.End(); }
3
3741
by: Gina_Marano | last post by:
Hey All, I need to download 1 or more files from a secure or unsecure website folder using HTTP. Here is what I have so far: public void GetHTTPImages() { WebClient HTTPClient = new WebClient();
4
31871
ADezii
by: ADezii | last post by:
On several occasions, we've come across situations in which our Members have inherited secured, legacy Databases and were told to either eliminate the security mechanism on these Databases or restructure them. In these, and similar circumstances, it is very helpful to know you can 'unsecure' a 'secure' Access Database. These are the steps necessary to accomplish this: Log on as a Member of the Admins Group. Grant full permissions,...
0
8553
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9112
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
8971
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
8815
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6483
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
5827
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4332
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
4570
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
3
1970
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.