PDA

Click to See Complete Forum and Search --> : form authentication for sub folder

lleemon
Jun 13th, 2005, 02:31 PM
Looking to make just one folder and all sub-folders within this folder to be password protected with form authentication. At this time, I have the following in my web.config file that works but it does for the whole site.
I have a folder off the root called email that calls the Login.aspx file when not authenticated. Issue is that files off the root folder are calling /email/Login.aspx as well.

Any thoughts?


<configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_SQLServer" value="sqlserver.htm" />
<add key="MM_CONNECTION_STRING_SQLServer" value="Persist Security Info=False;Data Source=xx.xx.xx.xx;Initial Catalog=dbname;User ID=uid;Password=pwd" />
<add key="MM_CONNECTION_DATABASETYPE_SQLServer" value="SQLServer" />
<add key="MM_CONNECTION_SCHEMA_SQLServer" value="" />
<add key="MM_CONNECTION_CATALOG_SQLServer" value="" />
<add key="MS_SQL_CONN" value="Server=xx.xx.xx.xx;uid=name;pwd=pwd;database=dbname" />
</appSettings>

<system.web>
<authentication mode="Forms">
<forms loginUrl="/email/Login.aspx">
<credentials passwordFormat="MD5">
<user name="test" password="63E46DF4AC6DD41BFAA7CE7630D0533D" />
</credentials>
</forms>
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</configuration>
dj4uk
Jun 14th, 2005, 03:33 AM
Make the root of the website accessible to everybody and then setup a new location (in this case the email directory) and only allow access to authenticated users. You also need to give unauthorised access to the login page if it is in that directory otherwise you'll need to be logged in to log in which is a little silly. See below - give a shout if you need anything else or I've misinterpreted anything.


<configuration>
<appSettings>
<add key="MM_CONNECTION_HANDLER_SQLServer" value="sqlserver.htm" />
<add key="MM_CONNECTION_STRING_SQLServer" value="Persist Security Info=False;Data Source=xx.xx.xx.xx;Initial Catalog=dbname;User ID=uid;Password=pwd" />
<add key="MM_CONNECTION_DATABASETYPE_SQLServer" value="SQLServer" />
<add key="MM_CONNECTION_SCHEMA_SQLServer" value="" />
<add key="MM_CONNECTION_CATALOG_SQLServer" value="" />
<add key="MS_SQL_CONN" value="Server=xx.xx.xx.xx;uid=name;pwd=pwd;database=dbname" />
</appSettings>

<system.web>
<authentication mode="Forms">
<forms loginUrl="/email/Login.aspx">
<credentials passwordFormat="MD5">
<user name="test" password="63E46DF4AC6DD41BFAA7CE7630D0533D" />
</credentials>
</forms>
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>

<location path="email">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>

<location path="email/login.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>


DJ