Forms Authentication

[robertx]

I am trying to use forms authentication. I want to put public pages in the root directory and pages requiring login authentication into a separate folder - all of the literature recommends this. When I exclude an aspx file from my project, move it to the private folder and re-include it by selecting "Add existing item", it copies the aspx (and its code-behind file) back to the root directory and does not recognise the "hidden" file.

Also, if I try adding a new web.config file to the private directory and add it to the project, it wants to replace the existing web.config in the root directory.

[robertx]

I managed to resolve this by leaving all of my files in the root directory, having only one web.config file and adding "location" tags to the web.config file as follows:

Code:

<authentication mode="Forms">
<forms 
   name="mycookie"
   loginUrl="login.aspx" 
   protection="Encryption" /> 
</authentication 

<authorization>
        <allow users="*" />  
</authorization>

 <location path="myPrivatePage.aspx" >
    <system.web>
      <authorization>
        <deny users="?" />
      </authorization>
    </system.web>
  </location>

This allows public access to all pages in the root directory except for "myPrivatePage.aspx". You will be redirected to "login.aspx" if you try to access this page without logging in. You need to set up a "location" tag for each page that you want to keep private.