Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Authentication & Subdirectories

Status
Not open for further replies.
dmears1

dmears1

Technical User
Jun 18, 2003
208
US
I have a login in page which authenticates against an Active Directory. It works well until I authenticate to a subdirectory (named "policies").
Here is my relevant code from my web.config:
Code: 
...
<system.web>
     <authentication mode="Forms">
          <forms name=".ADAuthCookie" timeout="10" />
     </authentication>
</system.web>
<location path="policies">
     <system.web>
          <authorization>
               <deny users="?" />
          </authorization>
     </system.web>
</location>
Here is my login code:
Code: 
Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs)
          
        Dim domainProvider As MembershipProvider = Membership.Providers("AspNetActiveDirectoryMembershipProvider")
        
        If domainProvider.ValidateUser(txtUName.Text, txtPassword.Text) Then
            
            FormsAuthentication.SetAuthCookie(txtUName.Text, False)
            Response.Redirect("policies/testing.aspx")
            
        Else
            
            Response.Write("Invalid UserID and Password")
        
        End If
        
    End Sub

Any ideas as to why I can't authenticate to subdirectories would be greatly appreciated.

 
Sort by date Sort by votes
Who should be allowed into policies? You don't have anyone granted permission.

Brian Begy
BugSentry - Automatic error reporting for .NET and COM
 
Upvote 0 Downvote

The order makes difference. First always the allow users or roles(if you have role based login) and then the deny.

Also, you can have many web.config files.
Have one in the root, where you only set the forms authentication and nothing else.
Code: 
<system.web>
     <authentication mode="Forms">
          <forms name=".ADAuthCookie" timeout="10" />
     </authentication>
</system.web>

To grant access to other pages (not on root), they must:
- be in a different subfolder
- and place in it a web.config file.
Code: 
<authorization>
     <allow users="..., ..." roles="..., ..." />
     <deny users="*" />
</authorization>
 
Upvote 0 Downvote
Hey Guys,
Thanks for the replies. I have
Code: 
<authorization>
<deny users="?" />
</authorization>
in my config file, just forgot to add it to my post.

I did find the problem. The "policies" folder was setup as an app folder on IIS and was preventing us from passing session variables to it or to authenticate to it. I've got it working now. Thanks for the help.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Moregelen
  • Locked
  • Question
Domain Authentication
Replies
0
Views
868
Moregelen
Moregelen
G12Consult
  • Locked
  • Question
Forms authentication not working
Replies
4
Views
663
Rajkumarrrrr
Rajkumarrrrr
NoCoolHandle
  • Locked
  • Question
Integrate Facebook (social) logins with Forms authentication..
Replies
0
Views
292
NoCoolHandle
NoCoolHandle
delmontexxx
  • Locked
  • Question
Web Authentication using machine or client certificates
Replies
3
Views
278
jbenson001
jbenson001
primagic
  • Locked
  • Question
Windows Authentication
Replies
0
Views
172
primagic
primagic

Part and Inventory Search

Sponsor

Back
Top