<authentication mode="None">

Efran Cobisi

2007-02-17 18:35:40 UTC

Hi Eric,

You could use just one web.config file and place it in your "system"
directory, setting the authentication mode to "Forms" and making any
additional setup (like setting the login url, etc). The authorization
element is ok, you are allowing access to everyone at that level (in
fact you could omit it, because this is the default behaviour of
ASP.NET); you need then to deny access at the leaf "user" level. To do
so, you could use the location element with a reference to the "user"
path and, inside it, place the authorization block needed by that level;
here's an excerpt of the resultant web.config file:

...
<system.web>
...
<authentication mode="Forms">
<forms ... />
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>
<location path="user">
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
</location>
...

This way, only authenticated users could access anything ASP.NET handles
beyond the ~/user path.

HTH,

Efran Cobisi
http://www.cobisi.com

Post by Eric Dill [2005Q3]
system: which is supposed to be accessible to anyone, and
user: which uses forms authentication mode.
+system
+ user (with user being under system)
<authentication mode="None">
</authentication>
-and-
<authorization>
<allow users="*" />
</authorization>
This isn't working, so I assume that there is something that I'm missing, but a search online only led me to your forum and didn't provide an answer to my specific question.
Sincerely,
Eric D
Sr. Software Engineer
C#, .NET (ADO.NET, ASP.NET), COM+, DCOM, T-SQL, C++, C
===================================
This list is hosted by DevelopMentor® http://www.develop.com
View archives and manage your subscription(s) at http://discuss.develop.com

===================================
This list is hosted by DevelopMentor® http://www.develop.com

View archives and manage your subscription(s) at http://discuss.develop.com