01-05-2005, 05:21 AM
Well i am finally working in .Net and trying to get the hang of it. To secure pages do i put a seperate web.config file in each of the secured directories? or do i make a change to the web.config file?
Here is my web.config file
<deny users="?" />
01-05-2005, 07:19 AM
the first thing is that with .nET 1.1 you can protect with web.config only one folder (personnally I don't use the web.config for protection)
then ... only one web.config at the root of your application (beside the global.asax)
<forms name="admin" loginUrl="~/admin/login.aspx" protection="All" timeout="30">
<allow users="*" />
in your login.aspx testing your username and password as you like
01-05-2005, 05:40 PM
I am trying to make sure that I understand what you said. The web.config file should reside in the root directory, but I can protect a directory below that by having the login file inside the other directory?
What I need is a public section of the site which will be at the root level. This will have .htm and .aspx pages which are all publically viewable in it, and then a protected level which will be 1 level past that plus an admin level which is also protected.
If I was using classic .asp I would use a combination of session variables and info in database tables.
01-05-2005, 06:30 PM
the meaning of >>>
you are protecting the FULL folder admin and if you are not authentified you will be redirected to the page login.aspx
then let's say
// is your root, level 0
that's all what you need
but what you say is >>>
and then a protected level which will be 1 level past that plus an admin level which is also protected.
do you mean //FirstProtectedFolder/admin ?
if so you make your life complicated ... but why not anyway the web.config will protect only one folder
as I said before I never use it .. I use a httpModule or even better directly a protection level for each page